Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SetupWIService.exe

Overview

General Information

Sample Name:SetupWIService.exe
Analysis ID:706095
MD5:141d46ba18a6fb07ac40b69a22fbbcbc
SHA1:f5da2877a28f5bc52d0b3d991308a5fa8e97a262
SHA256:e22b3ffcb9eb55e53b6a95d34433567ef5d16fe8459199896229c899ff8a72b8
Infos:

Detection

Score:51
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:34
Range:0 - 100

Signatures

Uses netsh to modify the Windows network and firewall settings
Tries to delay execution (extensive OutputDebugStringW loop)
Modifies the hosts file
DLL side loading technique detected
Sets file extension default program settings to executables
Modifies the windows firewall
Uses schtasks.exe or at.exe to add and modify task schedules
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
Creates files inside the system directory
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Enables debug privileges
EXE planting / hijacking vulnerabilities found
PE file does not import any functions
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Drops PE files to the windows directory (C:\Windows)
Binary contains a suspicious time stamp
Uses taskkill to terminate processes
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • SetupWIService.exe (PID: 5536 cmdline: "C:\Users\user\Desktop\SetupWIService.exe" MD5: 141D46BA18A6FB07AC40B69A22FBBCBC)
    • cmd.exe (PID: 5456 cmdline: cmd /C taskkill /F /IM WIService.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 6076 cmdline: taskkill /F /IM WIService.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 496 cmdline: cmd /C taskkill /F /IM WIui.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 724 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 1592 cmdline: taskkill /F /IM WIui.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 4996 cmdline: cmd /C taskkill /F /IM wirtpproxy.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5980 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 5720 cmdline: taskkill /F /IM wirtpproxy.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 1900 cmdline: cmd /C taskkill /F /IM wiservice-ui.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 4924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 4904 cmdline: taskkill /F /IM wiservice-ui.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 972 cmdline: cmd /C taskkill /F /IM vncsrv.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 1276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 5668 cmdline: taskkill /F /IM vncsrv.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 2168 cmdline: cmd /C taskkill /F /IM WildixOutlookIntegration.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5936 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 5688 cmdline: taskkill /F /IM WildixOutlookIntegration.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • wiservice.exe (PID: 5456 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --removesvc MD5: C66742153E3B6174EE1B9E50F71EB1D2)
    • wiservice.exe (PID: 3228 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter MD5: C66742153E3B6174EE1B9E50F71EB1D2)
    • RegAsm.exe (PID: 5060 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 2172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 992 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 4992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 5548 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 2952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 3100 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 4440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 4692 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 5092 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 3364 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 3428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 6020 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 6128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 5252 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 5264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.exe (PID: 5648 cmdline: cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 1096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • schtasks.exe (PID: 4792 cmdline: schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
    • cmd.exe (PID: 2348 cmdline: cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 1244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • netsh.exe (PID: 1332 cmdline: netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 98CC37BBF363A38834253E22C80A8F32)
    • cmd.exe (PID: 5924 cmdline: cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 5216 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • netsh.exe (PID: 5348 cmdline: netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 98CC37BBF363A38834253E22C80A8F32)
    • wiservice.exe (PID: 2600 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex MD5: C66742153E3B6174EE1B9E50F71EB1D2)
    • wiservice.exe (PID: 5456 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc MD5: C66742153E3B6174EE1B9E50F71EB1D2)
    • svchost.exe (PID: 5252 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 60 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • spoolsv.exe (PID: 5956 cmdline: C:\Windows\System32\spoolsv.exe MD5: C05A19A38D7D203B738771FD1854656F)
  • svchost.exe (PID: 4532 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • spoolsv.exe (PID: 676 cmdline: C:\Windows\System32\spoolsv.exe MD5: C05A19A38D7D203B738771FD1854656F)
  • wiservice.exe (PID: 5104 cmdline: "C:\Program Files\Wildix\WIService\WIService.exe" MD5: C66742153E3B6174EE1B9E50F71EB1D2)
  • wiservice.exe (PID: 492 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --hostsvc MD5: C66742153E3B6174EE1B9E50F71EB1D2)
    • wiservice.exe (PID: 5744 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher MD5: C66742153E3B6174EE1B9E50F71EB1D2)
    • wiservice.exe (PID: 204 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog MD5: C66742153E3B6174EE1B9E50F71EB1D2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: wiservice.exe, 00000014.00000002.370796628.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: C:\Users\user\Desktop\SetupWIService.exeEXE: cmd.exeJump to behavior

Compliance

barindex
Uses 32bit PE files
Source: SetupWIService.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\SetupWIService.exeEXE: cmd.exeJump to behavior
Creates a software uninstall entry
Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIServiceJump to behavior
Creates a directory in C:\Program Files
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\WildixJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIServiceJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xmlJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix.icoJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wiservice.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\faxJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDLJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDNAMES.GPDJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDLJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHMX.GDLJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.HLPJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\imgprint.gpdJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\wfaxport.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resourcesJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resources\cdr.dbJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook IntegrationJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Interop.Outlook.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Uc.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Newtonsoft.Json.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Office.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Console.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Debug.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.File.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\UC.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\websocket-sharp.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\wildix-oi.icoJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dll.manifestJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookCommon.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.vstoJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exe.configJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\dotnet-dump.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to behavior
PE / OLE file has a valid certificate
Source: SetupWIService.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: SetupWIService.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\rand\randfile.cFilename=RANDFILESYSTEMROOT.rnd source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\design\wiservice\deploy\win-x64-release\wiservice.pdb source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\design\wiservice\deploy\win-x64-release\fax\wfaxport.pdb``. source: wiservice.exe, 00000016.00000003.400285587.000001E7F7CC6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\design\wiservice\deploy\win-x64-release\wiservice.pdbU source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: unidrv.pdb source: wiservice.exe, 00000016.00000003.401736610.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\design\wiservice\deploy\win-x64-release\fax\wfaxport.pdb source: wiservice.exe, 00000016.00000003.400285587.000001E7F7CC6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmp
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00402765 FindFirstFileA,0_2_00402765
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00406313 FindFirstFileA,FindClose,0_2_00406313
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_004057D8 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004057D8
Source: C:\Windows\System32\spoolsv.exeCode function: 25_2_00007FF887D53F10 FindFirstFileW,_invalid_parameter_noinfo_noreturn,FindClose,25_2_00007FF887D53F10
Source: global trafficHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 404Content-Type: application/x-www-form-urlencoded
Source: global trafficHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 382Content-Type: application/x-www-form-urlencoded
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: SetupWIService.exe, 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000016.00000003.402881357.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.400285587.000001E7F7CC6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.403618169.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.401736610.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: SetupWIService.exe, 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000016.00000003.402881357.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.400285587.000001E7F7CC6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.403618169.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.401736610.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: SetupWIService.exe, 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000016.00000003.402881357.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.400285587.000001E7F7CC6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.403618169.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.401736610.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: SetupWIService.exe, 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000016.00000003.402881357.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.400285587.000001E7F7CC6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.403618169.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.401736610.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: SetupWIService.exe, 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000016.00000003.402881357.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.400285587.000001E7F7CC6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.403618169.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.401736610.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: SetupWIService.exe, 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000016.00000003.402881357.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.400285587.000001E7F7CC6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.403618169.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.401736610.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: SetupWIService.exe, 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000016.00000003.402881357.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.400285587.000001E7F7CC6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.403618169.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.401736610.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: wiservice.exe, 00000014.00000002.370796628.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000000.361531269.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000002.426571085.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.394698573.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000000.519099092.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.590396061.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534217835.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000000.526044446.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000002.574134274.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://jimmac.musichall.cz
Source: SetupWIService.exe, SetupWIService.exe, 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000000.308121156.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: SetupWIService.exe, 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000000.308121156.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: SetupWIService.exe, 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000016.00000003.402881357.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.400285587.000001E7F7CC6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.403618169.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.401736610.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: SetupWIService.exe, 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000016.00000003.402881357.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.400285587.000001E7F7CC6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.403618169.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.401736610.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: wiservice.exe, 00000014.00000002.370796628.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000000.361531269.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000002.426571085.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.394698573.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000000.519099092.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.590396061.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534217835.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000000.526044446.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000002.574134274.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.gimp.orgg
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.366050286.0000018B3ACA8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000002.418479153.000001E7F7C48000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000034.00000002.579592269.0000019944999000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.530204575.00000151A5C58000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/
Source: wiservice.exe, 00000037.00000002.530204575.00000151A5C58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/F
Source: wiservice.exe, 00000016.00000002.418479153.000001E7F7C48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/dll
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://conference-dev-f.wildix.com
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://conference-up.wildix.com
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://conference.wildix.com
Source: wiservice.exe, 00000014.00000002.370796628.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000000.361531269.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000002.426571085.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.394698573.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000000.519099092.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.590396061.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534217835.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000000.526044446.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000002.574134274.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dev.x-bees.biz
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000003.529039118.000001994682C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000034.00000003.531272363.0000019946849000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000034.00000002.586560473.000001994684A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000034.00000003.529515886.0000019946847000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000003.534350704.000001994684A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000034.00000003.534565432.000001994684A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Analytics/wiservice
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Analytics/wiserviceext_getsid()
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.366050286.0000018B3ACA8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000002.418479153.000001E7F7C48000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000034.00000002.579592269.0000019944999000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.530204575.00000151A5C58000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiservice
Source: wiservice.exe, 00000037.00000002.530204575.00000151A5C58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/WiserviceK
Source: wiservice.exe, 00000016.00000002.418479153.000001E7F7C48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiservicee2
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/WiserviceemailothersendLogssizestypemessagecontextfeedba
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://files.wildix.com/integrations/
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.366050286.0000018B3ACA8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000002.418479153.000001E7F7C48000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000034.00000002.579592269.0000019944999000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.530204575.00000151A5C58000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.json
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.jsonhttps://backtrace.wildix.com/api/v1/Integrati
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://files.wildix.com/integrations/x-beesNativeApp.jsonapplications.jsoncouldn
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/16739
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/16739cv::MatOp_AddEx::assign0?&
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://hubspot.wildix.com
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://kite-dev.wildix.com
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://kite-stage.wildix.com
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://kite-stage.wildix.comorigin
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://kite.wildix.com
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://nightly.x-bees.biz
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://nightly.x-bees.bizhttps://hubspot.wildix.comhttps://conference.wildix.comhttps://stage.confe
Source: SetupWIService.exe, 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000016.00000003.402881357.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.400285587.000001E7F7CC6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.403618169.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.401736610.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://stable.x-bees.biz
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://stage.conference.wildix.com
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://stage.x-bees.biz
Source: wiservice.exe, 00000034.00000003.525889178.0000019944A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.wildix.com
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.wildix.comwww.wildix.comURL
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://x-bees.biz
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://x-bees.bizhttps://dev.x-bees.bizhttps://stage.x-bees.bizhttps://stable.x-bees.bizrecv
Source: unknownHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 404Content-Type: application/x-www-form-urlencoded
Source: unknownDNS traffic detected: queries for: feedback.wildix.com
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00405275 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405275

Spam, unwanted Advertisements and Ransom Demands

barindex
Modifies the hosts file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hosts
Source: SetupWIService.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Windows\System32\spoolsv.exeFile deleted: C:\Windows\System32\spool\drivers\x64\3\Old\1\stddtype.gdlJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_0040326B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040326B
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\wfaxport.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00406FC40_2_00406FC4
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_004067ED0_2_004067ED
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_73DA1A980_2_73DA1A98
Source: C:\Windows\System32\spoolsv.exeCode function: 25_2_00007FF887D69CA025_2_00007FF887D69CA0
Source: C:\Windows\System32\spoolsv.exeCode function: 25_2_00007FF887D6482025_2_00007FF887D64820
Source: C:\Windows\System32\spoolsv.exeCode function: 25_2_00007FF887D6130025_2_00007FF887D61300
Source: C:\Windows\System32\spoolsv.exeCode function: 25_2_00007FF887D5D23025_2_00007FF887D5D230
Source: C:\Windows\System32\spoolsv.exeCode function: 25_2_00007FF887D621A025_2_00007FF887D621A0
Source: C:\Windows\System32\spoolsv.exeCode function: 25_2_00007FF887D631A025_2_00007FF887D631A0
Source: C:\Windows\System32\spoolsv.exeCode function: 25_2_00007FF887D56F1025_2_00007FF887D56F10
Source: C:\Windows\System32\spoolsv.exeCode function: 25_2_00007FF887D50CE025_2_00007FF887D50CE0
Source: C:\Windows\System32\spoolsv.exeCode function: 25_2_00007FF887D619D025_2_00007FF887D619D0
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 28_2_00007FF819D10BD128_2_00007FF819D10BD1
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 30_2_00007FF819D3214930_2_00007FF819D32149
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 36_2_00007FF819D10BD136_2_00007FF819D10BD1
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 38_2_00007FF819D00BD138_2_00007FF819D00BD1
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 42_2_00007FF819D00BD142_2_00007FF819D00BD1
Source: C:\Windows\System32\spoolsv.exeCode function: String function: 00007FF887D650C0 appears 48 times
Source: UC.dll.0.drStatic PE information: No import functions for PE file found
Source: SetupWIService.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SetupWIService.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SetupWIService.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WildixOutlookIntegration.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WildixOutlookIntegration.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: wiservice.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: wiservice.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: wiservice.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UninstallWIService.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UninstallWIService.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UninstallWIService.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UninstallWIService.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UninstallWIService.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UninstallWIService.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Windows\System32\spoolsv.exeSection loaded: ualapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: ualapi.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeFile read: C:\Users\user\Desktop\SetupWIService.exeJump to behavior
Source: SetupWIService.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SetupWIService.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\SetupWIService.exe "C:\Users\user\Desktop\SetupWIService.exe"
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exe
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exe
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exe
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exe
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exe
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exe
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --removesvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter
Source: unknownProcess created: C:\Windows\System32\spoolsv.exe C:\Windows\System32\spoolsv.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknownProcess created: C:\Windows\System32\spoolsv.exe C:\Windows\System32\spoolsv.exe
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: unknownProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\WIService.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknownProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --hostsvc
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinterJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silentJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /FJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyexJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Users\user\Desktop\SetupWIService.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_0040326B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040326B
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIService.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIui.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "wirtpproxy.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "wiservice-ui.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vncsrv.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WildixOutlookIntegration.exe")
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Users\user\AppData\Roaming\WildixJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsmBA48.tmpJump to behavior
Source: classification engineClassification label: mal51.adwa.evad.winEXE@86/72@2/1
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00402138 CoCreateInstance,MultiByteToWideChar,0_2_00402138
Source: C:\Users\user\Desktop\SetupWIService.exeFile read: C:\Users\desktop.iniJump to behavior
Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.UInt64 WebSocketSharp.PayloadData::get_Length()
Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Void WebSocketSharp.PayloadData::Mask(System.Byte[])
Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Collections.IEnumerator WebSocketSharp.PayloadData::System.Collections.IEnumerable.GetEnumerator()
Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Void WebSocketSharp.PayloadData::.ctor(System.Byte[],System.Int64)
Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Byte[] WebSocketSharp.PayloadData::get_ExtensionData()
Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Boolean WebSocketSharp.PayloadData::get_IncludesReservedCloseStatusCode()
Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Collections.Generic.IEnumerator`1<System.Byte> WebSocketSharp.PayloadData::GetEnumerator()
Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.String WebSocketSharp.PayloadData::ToString()
Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Void WebSocketSharp.PayloadData::.cctor()
Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Void WebSocketSharp.PayloadData::.ctor(System.Byte[])
Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Void WebSocketSharp.PayloadData::set_ExtensionDataLength(System.Int64)
Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Byte[] WebSocketSharp.PayloadData::ToArray()
Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Byte[] WebSocketSharp.PayloadData::get_ApplicationData()
Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Void WebSocketSharp.PayloadData::.ctor()
Source: websocket-sharp.dll.0.dr, WebSocketSharp/PayloadData.csSuspicious method names: System.Int64 WebSocketSharp.PayloadData::get_ExtensionDataLength()
Source: websocket-sharp.dll.0.dr, WebSocketSharp/CloseEventArgs.csSuspicious method names: WebSocketSharp.PayloadData WebSocketSharp.CloseEventArgs::get_PayloadData()
Source: websocket-sharp.dll.0.dr, WebSocketSharp/CloseEventArgs.csSuspicious method names: System.Void WebSocketSharp.CloseEventArgs::.ctor(WebSocketSharp.PayloadData)
Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: WebSocketSharp.WebSocketFrame WebSocketSharp.WebSocketFrame::readExtendedPayloadLength(System.IO.Stream,WebSocketSharp.WebSocketFrame)
Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: System.UInt64 WebSocketSharp.WebSocketFrame::get_FullPayloadLength()
Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: System.Byte WebSocketSharp.WebSocketFrame::get_PayloadLength()
Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: System.Byte[] WebSocketSharp.WebSocketFrame::get_ExtendedPayloadLength()
Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: System.Void WebSocketSharp.WebSocketFrame::readExtendedPayloadLengthAsync(System.IO.Stream,WebSocketSharp.WebSocketFrame,System.Action`1<WebSocketSharp.WebSocketFrame>,System.Action`1<System.Exception>)
Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: System.Void WebSocketSharp.WebSocketFrame::.ctor(WebSocketSharp.Opcode,WebSocketSharp.PayloadData,System.Boolean)
Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: System.Void WebSocketSharp.WebSocketFrame::.ctor(WebSocketSharp.Fin,WebSocketSharp.Opcode,WebSocketSharp.PayloadData,System.Boolean,System.Boolean)
Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: System.Void WebSocketSharp.WebSocketFrame::readPayloadDataAsync(System.IO.Stream,WebSocketSharp.WebSocketFrame,System.Action`1<WebSocketSharp.WebSocketFrame>,System.Action`1<System.Exception>)
Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: WebSocketSharp.WebSocketFrame WebSocketSharp.WebSocketFrame::readPayloadData(System.IO.Stream,WebSocketSharp.WebSocketFrame)
Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: System.Int32 WebSocketSharp.WebSocketFrame::get_ExtendedPayloadLengthCount()
Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: WebSocketSharp.WebSocketFrame WebSocketSharp.WebSocketFrame::CreateCloseFrame(WebSocketSharp.PayloadData,System.Boolean)
Source: websocket-sharp.dll.0.dr, WebSocketSharp/WebSocketFrame.csSuspicious method names: WebSocketSharp.PayloadData WebSocketSharp.WebSocketFrame::get_PayloadData()
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00404530 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404530
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: Office.dll.0.dr, Office.Core/WorkflowTask.csTask registration methods: 'get_CreatedDate', 'get_CreatedBy'
Source: Office.dll.0.dr, Office.Core/SharedWorkspaceTask.csTask registration methods: 'get_CreatedDate', 'get_CreatedBy'
Source: Office.dll.0.dr, Office.Core/ICTPFactory.csTask registration methods: 'CreateCTP'
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5980:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4440:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5264:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:724:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4992:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3428:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1096:120:WilError_01
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\com.wildix.desktop-integration.service
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5936:120:WilError_01
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.svchost
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5092:120:WilError_01
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\com.wildix.desktop-integration.proxyex
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4924:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2952:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5216:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1244:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6128:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2172:120:WilError_01
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WIS
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5064:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1276:120:WilError_01
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\WildixJump to behavior
Source: SetupWIService.exeString found in binary or memory: Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\SetupWIService.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\Wildix.AddInJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIServiceJump to behavior
Source: SetupWIService.exeStatic file information: File size 11834040 > 1048576
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\WildixJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIServiceJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xmlJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix.icoJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wiservice.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\faxJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDLJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDNAMES.GPDJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDLJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHMX.GDLJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.HLPJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\imgprint.gpdJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\wfaxport.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resourcesJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resources\cdr.dbJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook IntegrationJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Interop.Outlook.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Uc.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Newtonsoft.Json.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Office.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Console.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Debug.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.File.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\UC.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\websocket-sharp.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\wildix-oi.icoJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dll.manifestJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookCommon.dllJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.vstoJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exe.configJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\dotnet-dump.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to behavior
Source: SetupWIService.exeStatic PE information: certificate valid
Source: SetupWIService.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\rand\randfile.cFilename=RANDFILESYSTEMROOT.rnd source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\design\wiservice\deploy\win-x64-release\wiservice.pdb source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\design\wiservice\deploy\win-x64-release\fax\wfaxport.pdb``. source: wiservice.exe, 00000016.00000003.400285587.000001E7F7CC6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\design\wiservice\deploy\win-x64-release\wiservice.pdbU source: wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: unidrv.pdb source: wiservice.exe, 00000016.00000003.401736610.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\design\wiservice\deploy\win-x64-release\fax\wfaxport.pdb source: wiservice.exe, 00000016.00000003.400285587.000001E7F7CC6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmp
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_73DA2F60 push eax; ret 0_2_73DA2F8E
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_73DA1A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_73DA1A98
Source: Newtonsoft.Json.dll.0.drStatic PE information: 0xDFF1C7F1 [Fri Jan 21 16:48:49 2089 UTC]
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\websocket-sharp.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\dotnet-dump.exeJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrvui.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unires.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Debug.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookCommon.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.File.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Interop.Outlook.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Office.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\wfaxport.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsrBAB6.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Serilog.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exeJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\wiservice.exeJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrv.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Uc.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Newtonsoft.Json.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\wfaxport.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Console.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\UC.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsrBAB6.tmp\nsExec.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrvui.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unires.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrv.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)Jump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)Jump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\wfaxport.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)Jump to dropped file

Boot Survival

barindex
Sets file extension default program settings to executables
Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\callto\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sip\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wildix\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_CURRENT_USER_Classes\callto\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_CURRENT_USER_Classes\sip\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_CURRENT_USER_Classes\tel\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_CURRENT_USER_Classes\wildix\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tel\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildixJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIServiceJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIService\Uninstall.lnkJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WIServiceJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WIServiceJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Tries to delay execution (extensive OutputDebugStringW loop)
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: OutputDebugStringW count: 160
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 3160Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 2432Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 2420Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 588Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 1040Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 6032Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5160Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5300Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 3312Thread sleep time: -150000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 5468Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\spoolsv.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_25-18016
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\dotnet-dump.exeJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\websocket-sharp.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to dropped file
Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\3\New\unires.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Debug.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\WildixOutlookCommon.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.File.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Interop.Outlook.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exeJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Serilog.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Uc.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Newtonsoft.Json.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Office.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Console.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\UC.dllJump to dropped file
Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\spoolsv.exeAPI coverage: 3.9 %
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information queried: ProcessInformation
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00402765 FindFirstFileA,0_2_00402765
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00406313 FindFirstFileA,FindClose,0_2_00406313
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_004057D8 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004057D8
Source: C:\Windows\System32\spoolsv.exeCode function: 25_2_00007FF887D53F10 FindFirstFileW,_invalid_parameter_noinfo_noreturn,FindClose,25_2_00007FF887D53F10
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\SetupWIService.exeAPI call chain: ExitProcess graph end nodegraph_0-4363
Source: C:\Users\user\Desktop\SetupWIService.exeAPI call chain: ExitProcess graph end nodegraph_0-4361
Source: wiservice.exe, 00000014.00000003.364213353.0000018B3ACE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllK
Source: spoolsv.exe, 00000017.00000002.400388788.0000000000869000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 00000019.00000002.577460632.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000034.00000002.579592269.0000019944999000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000038.00000003.567459613.00000283F076F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: wiservice.exe, 00000016.00000003.418210862.000001E7F7C81000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.418113264.000001E7F7C71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllLL
Source: wiservice.exe, 00000037.00000003.528893510.00000151A5C82000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000037.00000002.530440777.00000151A5C8B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000037.00000003.529065050.00000151A5C8A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllMM
Source: C:\Windows\System32\spoolsv.exeCode function: 25_2_00007FF887D66758 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,25_2_00007FF887D66758
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_73DA1A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_73DA1A98
Source: C:\Windows\System32\spoolsv.exeCode function: 25_2_00007FF887D6A560 GetProcessHeap,HeapAlloc,std::bad_alloc::bad_alloc,25_2_00007FF887D6A560
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: page read and write | page guard
Source: C:\Windows\System32\spoolsv.exeCode function: 25_2_00007FF887D66758 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,25_2_00007FF887D66758
Source: C:\Windows\System32\spoolsv.exeCode function: 25_2_00007FF887D65ED0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,25_2_00007FF887D65ED0

HIPS / PFW / Operating System Protection Evasion

barindex
Modifies the hosts file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hosts
DLL side loading technique detected
Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\wfaxport.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\spool\drivers\x64\unidrv.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\spool\drivers\x64\unidrvui.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\spool\drivers\x64\3\unidrvui.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\spool\drivers\x64\3\unidrv.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\spool\drivers\x64\3\unidrvui.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silentJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /FJump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Users\user\Desktop\SetupWIService.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\spoolsv.exeCode function: 25_2_00007FF887D414A0 cpuid 25_2_00007FF887D414A0
Source: C:\Program Files\Wildix\WIService\wiservice.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Source: C:\Program Files\Wildix\WIService\wiservice.exeCode function: 20_2_00007FF799DC0434 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,20_2_00007FF799DC0434
Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_0040326B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040326B

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Uses netsh to modify the Windows network and firewall settings
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Modifies the hosts file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hosts
Modifies the windows firewall
Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Windows Management Instrumentation		11
DLL Side-Loading		11
DLL Side-Loading		1
File and Directory Permissions Modification		OS Credential Dumping1
System Time Discovery		Remote Services11
Archive Collected Data		Exfiltration Over Other Network Medium11
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
System Shutdown/Reboot
Default Accounts2
Native API		1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		211
Disable or Modify Tools		LSASS Memory2
File and Directory Discovery		Remote Desktop Protocol1
Clipboard Data		Exfiltration Over Bluetooth2
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain Accounts2
Command and Scripting Interpreter		1
Windows Service		1
Access Token Manipulation		1
Deobfuscate/Decode Files or Information		Security Account Manager27
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local Accounts11
Scheduled Task/Job		11
Scheduled Task/Job		1
Windows Service		2
Obfuscated Files or Information		NTDS21
Security Software Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCron11
Registry Run Keys / Startup Folder		11
Process Injection		1
Timestomp		LSA Secrets1
Process Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.common11
Scheduled Task/Job		11
DLL Side-Loading		Cached Domain Credentials121
Virtualization/Sandbox Evasion		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup Items11
Registry Run Keys / Startup Folder		1
DLL Search Order Hijacking		DCSync1
Remote System Discovery		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
File Deletion		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)123
Masquerading		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)121
Virtualization/Sandbox Evasion		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron1
Access Token Manipulation		Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
Compromise Software Supply ChainUnix ShellLaunchdLaunchd11
Process Injection		KeyloggingLocal GroupsComponent Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 706095 Sample: SetupWIService.exe Startdate: 20/09/2022 Architecture: WINDOWS Score: 51 72 Tries to delay execution (extensive OutputDebugStringW loop) 2->72 7 SetupWIService.exe 43 72 2->7         started        11 spoolsv.exe 110 46 2->11         started        13 wiservice.exe 2->13         started        16 4 other processes 2->16 process3 dnsIp4 54 C:\Program Files\Wildix\...\wiservice.exe, PE32+ 7->54 dropped 56 C:\...\WisUpdateCheckerTaskX64.xml, XML 7->56 dropped 58 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 7->58 dropped 66 22 other files (none is malicious) 7->66 dropped 80 Sets file extension default program settings to executables 7->80 82 Modifies the windows firewall 7->82 18 wiservice.exe 2 19 7->18         started        21 cmd.exe 7->21         started        24 wiservice.exe 7->24         started        30 19 other processes 7->30 60 C:\Windows\system32\...\unires.dll (copy), PE32+ 11->60 dropped 62 C:\Windows\system32\...\unidrvui.dll (copy), PE32+ 11->62 dropped 64 C:\Windows\system32\...\unidrv.dll (copy), PE32+ 11->64 dropped 68 3 other files (none is malicious) 11->68 dropped 84 DLL side loading technique detected 11->84 70 feedback.wildix.com 35.157.107.60, 443, 49718, 49719 AMAZON-02US United States 13->70 26 wiservice.exe 16->26         started        28 wiservice.exe 16->28         started        file5 signatures6 process7 file8 44 C:\Windows\System32\wfaxport.dll, PE32+ 18->44 dropped 46 C:\Windows\System32\spool\...\unidrvui.dll, PE32+ 18->46 dropped 48 C:\Windows\System32\spool\...\unidrv.dll, PE32+ 18->48 dropped 50 C:\Windows\System32\spool\...\unires.dll, PE32+ 18->50 dropped 74 Uses schtasks.exe or at.exe to add and modify task schedules 21->74 76 Uses netsh to modify the Windows network and firewall settings 21->76 32 conhost.exe 21->32         started        34 schtasks.exe 21->34         started        52 C:\Windows\System32\drivers\etc\hosts, ASCII 24->52 dropped 78 Modifies the hosts file 24->78 36 taskkill.exe 1 30->36         started        38 taskkill.exe 1 30->38         started        40 taskkill.exe 1 30->40         started        42 21 other processes 30->42 signatures9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
0.2.SetupWIService.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File
0.0.SetupWIService.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://sectigo.com/CPS00%URL Reputationsafe
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://www.gimp.orgg0%URL Reputationsafe
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
http://jimmac.musichall.cz0%URL Reputationsafe
https://stage.x-bees.biz0%Avira URL Cloudsafe
https://kite-stage.wildix.comorigin0%Avira URL Cloudsafe
https://stable.x-bees.biz0%Avira URL Cloudsafe
https://nightly.x-bees.biz0%Avira URL Cloudsafe
https://x-bees.biz0%Avira URL Cloudsafe
https://x-bees.bizhttps://dev.x-bees.bizhttps://stage.x-bees.bizhttps://stable.x-bees.bizrecv0%Avira URL Cloudsafe
https://nightly.x-bees.bizhttps://hubspot.wildix.comhttps://conference.wildix.comhttps://stage.confe0%Avira URL Cloudsafe
https://www.wildix.comwww.wildix.comURL0%Avira URL Cloudsafe
https://dev.x-bees.biz0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
feedback.wildix.com
35.157.107.60
truefalse
    		high

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://feedback.wildix.com/api/v1/Analytics/wiservicefalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://kite-stage.wildix.comoriginwiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://stage.x-bees.bizwiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://files.wildix.com/integrations/integrations.jsonhttps://backtrace.wildix.com/api/v1/Integratiwiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
        		high
        https://sectigo.com/CPS0SetupWIService.exe, 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000016.00000003.402881357.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.400285587.000001E7F7CC6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.403618169.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.401736610.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://feedback.wildix.com/api/v1/Feedback/WiserviceemailothersendLogssizestypemessagecontextfeedbawiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
          		high
          http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0SetupWIService.exe, 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000016.00000003.402881357.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.400285587.000001E7F7CC6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.403618169.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.401736610.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://ocsp.sectigo.com0SetupWIService.exe, 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000016.00000003.402881357.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.400285587.000001E7F7CC6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.403618169.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.401736610.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://stable.x-bees.bizwiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://kite-stage.wildix.comwiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
            		high
            https://files.wildix.com/integrations/x-beesNativeApp.jsonapplications.jsoncouldnwiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
              		high
              https://github.com/opencv/opencv/issues/16739cv::MatOp_AddEx::assign0?&wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
                		high
                http://www.gimp.orggwiservice.exe, 00000014.00000002.370796628.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000000.361531269.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000002.426571085.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.394698573.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000000.519099092.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.590396061.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534217835.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000000.526044446.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000002.574134274.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#SetupWIService.exe, 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000016.00000003.402881357.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.400285587.000001E7F7CC6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.403618169.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.401736610.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://nightly.x-bees.bizwiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.wildix.comwiservice.exe, 00000034.00000003.525889178.0000019944A23000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
                  		high
                  http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#SetupWIService.exe, 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000016.00000003.402881357.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.400285587.000001E7F7CC6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.403618169.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.401736610.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://nsis.sf.net/NSIS_ErrorErrorSetupWIService.exe, 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000000.308121156.000000000040A000.00000008.00000001.01000000.00000003.sdmpfalse
                    		high
                    https://kite-dev.wildix.comwiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
                      		high
                      https://feedback.wildix.com/api/v1/Feedback/Wiservicewiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.366050286.0000018B3ACA8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000002.418479153.000001E7F7C48000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000034.00000002.579592269.0000019944999000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.530204575.00000151A5C58000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
                        		high
                        https://files.wildix.com/integrations/wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
                          		high
                          https://x-bees.bizwiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://github.com/opencv/opencv/issues/16739wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
                            		high
                            https://backtrace.wildix.com/api/v1/IntegrationService/Trace/dllwiservice.exe, 00000016.00000002.418479153.000001E7F7C48000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://conference-up.wildix.comwiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
                                		high
                                https://curl.haxx.se/docs/http-cookies.htmlwiservice.exe, 00000014.00000002.370796628.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000000.361531269.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000002.426571085.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.394698573.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000000.519099092.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.590396061.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534217835.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000000.526044446.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000002.574134274.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmpfalse
                                  		high
                                  http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tSetupWIService.exe, 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000016.00000003.402881357.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.400285587.000001E7F7CC6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.403618169.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.401736610.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://nightly.x-bees.bizhttps://hubspot.wildix.comhttps://conference.wildix.comhttps://stage.confewiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://conference.wildix.comwiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
                                    		high
                                    https://x-bees.bizhttps://dev.x-bees.bizhttps://stage.x-bees.bizhttps://stable.x-bees.bizrecvwiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://nsis.sf.net/NSIS_ErrorSetupWIService.exe, SetupWIService.exe, 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000000.308121156.000000000040A000.00000008.00000001.01000000.00000003.sdmpfalse
                                      		high
                                      http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0ySetupWIService.exe, 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000016.00000003.402881357.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.400285587.000001E7F7CC6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.403618169.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.401736610.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#SetupWIService.exe, 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000016.00000003.402881357.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.400285587.000001E7F7CC6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.403618169.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000003.401736610.000001E7F7CC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://files.wildix.com/integrations/integrations.jsonwiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.366050286.0000018B3ACA8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000002.418479153.000001E7F7C48000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000034.00000002.579592269.0000019944999000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.530204575.00000151A5C58000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
                                        		high
                                        http://jimmac.musichall.czwiservice.exe, 00000014.00000002.370796628.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000000.361531269.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000002.426571085.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.394698573.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000000.519099092.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.590396061.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534217835.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000000.526044446.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000002.574134274.00007FF799EBA000.00000002.00000001.01000000.00000006.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://stage.conference.wildix.comwiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
                                          		high
                                          https://conference-dev-f.wildix.comwiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
                                            		high
                                            https://www.wildix.comwww.wildix.comURLwiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://backtrace.wildix.com/api/v1/IntegrationService/Trace/Fwiservice.exe, 00000037.00000002.530204575.00000151A5C58000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://feedback.wildix.com/api/v1/Analytics/wiserviceext_getsid()wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
                                                		high
                                                https://hubspot.wildix.comwiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
                                                  		high
                                                  https://kite.wildix.comwiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
                                                    		high
                                                    https://dev.x-bees.bizwiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://feedback.wildix.com/api/v1/Feedback/Wiservicee2wiservice.exe, 00000016.00000002.418479153.000001E7F7C48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://backtrace.wildix.com/api/v1/IntegrationService/Trace/wiservice.exe, 00000014.00000002.371538254.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000014.00000002.366050286.0000018B3ACA8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000016.00000000.395065433.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000016.00000002.418479153.000001E7F7C48000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000034.00000002.579592269.0000019944999000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000034.00000002.591918275.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000037.00000002.530204575.00000151A5C58000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000037.00000002.534823641.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000038.00000000.554391134.00007FF79A00D000.00000002.00000001.01000000.00000006.sdmpfalse
                                                        		high
                                                        https://feedback.wildix.com/api/v1/Feedback/WiserviceKwiservice.exe, 00000037.00000002.530204575.00000151A5C58000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high

                                                          World Map of Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public IPs

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          35.157.107.60
                                                          		feedback.wildix.comUnited States
                                                          		16509AMAZON-02USfalse

                                                          General Information

                                                          Joe Sandbox Version:36.0.0 Rainbow Opal
                                                          Analysis ID:706095
                                                          Start date and time:2022-09-20 11:29:31 +02:00
                                                          Joe Sandbox Product:CloudBasic
                                                          Overall analysis duration:0h 13m 50s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Sample file name:SetupWIService.exe
                                                          Cookbook file name:default.jbs
                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                          Number of analysed new started processes analysed:66
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:0
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • HDC enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Detection:MAL
                                                          Classification:mal51.adwa.evad.winEXE@86/72@2/1
                                                          EGA Information:
                                                          • Successful, ratio: 83.3%
                                                          HDC Information:
                                                          • Successful, ratio: 92.1% (good quality ratio 65%)
                                                          • Quality average: 53.2%
                                                          • Quality standard deviation: 42%
                                                          HCA Information:Failed
                                                          Cookbook Comments:
                                                          • Found application associated with file extension: .exe

                                                          Warnings

                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, wuapihost.exe
                                                          • Excluded IPs from analysis (whitelisted): 20.223.24.244, 80.67.82.211, 80.67.82.235, 8.238.189.126, 8.241.126.121, 8.248.135.254, 8.238.85.126, 8.238.191.126
                                                          • Excluded domains from analysis (whitelisted): rp-consumer-prod-displaycatalog-geomap.trafficmanager.net, fg.download.windowsupdate.com.c.footprint.net, login.live.com, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, a1449.dscg2.akamai.net, arc.msn.com, wu-bg-shim.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                          • Execution Graph export aborted for target wiservice.exe, PID 5104 because there are no executed function
                                                          • Execution Graph export aborted for target wiservice.exe, PID 5456 because there are no executed function
                                                          • Not all processes where analyzed, report is missing behavior information
                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                          • Report size getting too big, too many NtQueryValueKey calls found.

                                                          Simulations

                                                          Behavior and APIs

                                                          TimeTypeDescription
                                                          11:31:56AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run WIService C:\Program Files\Wildix\WIService\WIService.exe
                                                          11:32:25API Interceptor8x Sleep call for process: svchost.exe modified

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          No context

                                                          Domains

                                                          No context

                                                          ASNs

                                                          No context

                                                          JA3 Fingerprints

                                                          No context

                                                          Dropped Files

                                                          No context

                                                          Created / dropped Files

                                                          C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Interop.Outlook.dll

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):985392
                                                          Entropy (8bit):5.550539796193669
                                                          Encrypted:false
                                                          SSDEEP:24576:jmPj0ZKH4lODcxSgo5Gn8WuMRIn+N3gN+zs5KPIVmkXiGzcJy3gt2LER6GvK9HwJ:jmb0ZKH4lODcxSgo5Gn8WuMRIn+N3gNM
                                                          MD5:8FFDEBEB4A617B4FF57419134F39899B
                                                          SHA1:05AF96F06DB733B79E7600EAA7AF50CF9882B94F
                                                          SHA-256:27E94297CD8271085DD7462637BC082AA0852120EA15E97D1A03AD8A725F37A9
                                                          SHA-512:9CDD381C76633EBF32FE02AD66FE149649DEF9A2665A6B67CD2ECEAE251F92200463C9D8208A2EEAAFDFA0050AE810621EE6E5747921E77E937BDFE275EDA1E5
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2.V...........!......... ........... ........@.. ....................... ......K'....@.....................................K.......................0)........................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Common.v4.0.Utilities.dll

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):37168
                                                          Entropy (8bit):6.3927313805743555
                                                          Encrypted:false
                                                          SSDEEP:384:XWw7k8otmBsHC+w4TEn4jo+qMzEeBoOR/VEPY+GQ4A4agQS6Lc7DQWgyxmYi/Tjh:GwJTwYB4E5n/xe5arDkTC8PvyiR/a
                                                          MD5:F2D359DDB3F951A4BA4C1C7005A12E36
                                                          SHA1:4B7DC4D58A9F520ADFCCFBA13AB476B1C4BC4D37
                                                          SHA-256:D4675EB4B2A9174B8664732A0B110ECF82D146D5410864B2E5A7C6CB1DFBC70E
                                                          SHA-512:825C4D8F7A7B1FD7BBCDE3ED652A4183BEC9964B3212F83C39558BD3ABABC12C8F506B8D0D12C8111EC51E1550FC5489BB2F20B76668B521F3E648DD25936296
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..K...........!.....X..........nv... ........... ....................................@..................................v..O.......d............h..0)..........tu............................................... ............... ..H............text...tV... ...X.................. ..`.rsrc...d............Z..............@..@.reloc...............f..............@..B................Pv......H....... &..TO..................P .......................................2...B..5....vO{:R.G.._(P%+.....|cn.A..@.E.#.....w.....?o......."[......6...|..z...:,.L.......A..|.T^k.A....R-...N.......(/............o~...}......{....op...}....*..{....*v.{....ox.....o....u.........*2.{....ov...*2.{....ow...*2.{....ox...*6.{.....or...*6.{.....os...*6.{.....ot...*6.{.....ou...*2.{....on...*2.{....oe...*2.{....of...*2.{....oo...*2.{....ok...*2.{....oi...*2.{....oj...*2.{....om...

                                                          C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dll

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):53552
                                                          Entropy (8bit):6.184807796664277
                                                          Encrypted:false
                                                          SSDEEP:768:m7vV5z3+6KTqUPtLnPDiQ0fWST41mocNAwkEGjhl2BOBaBnD/4xFsOokTnyiRL:AVs6c3dokTnyiV
                                                          MD5:09AB8FD8DDCED623F4C040D13EA5020E
                                                          SHA1:B4003B89163D3D67B3998C4947C354B8EC78D230
                                                          SHA-256:2205DDA4B7D157751E0BD263F1BFEF897F170E0F3901CE315BB86697465149F5
                                                          SHA-512:7CBD7A8B40C223D0FDA9D774E60815554F6B3E0BE96A1E20F6AF43FBF22E68FDE40BAC9956794D8F368DB9BE0CA115779CDE0922CAA31EFB300E8461BCF6F233
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S..K...........!................~.... ........... ...............................)....@.................................0...K.......@...............0)........................................................... ............... ..H............text........ ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B................`.......H........#......................P ......................................oM.?~!...g.h+...$.w....6]...3.U.9.8.!..d)r<....wV...OE!..NB...W.....k..,....h...@.......K.\6.<......6.<d.Y.A`.S..J.Q?..*..((.......oI...}......{....t....}....*..{....*N.{....o*.....(+...*..{....*2.{....oB...*6.{.....oC...*2.{....oD...*6.{.....oE...*2.{....oF...*2.{....oG...*6.{.....o>...*6.{.....o?...*6.{.....o@...*6.{.....oA...*2.{....o:...*2.{....o;...*:.(6.....}....*..{....*..{....*6.{.....o...

                                                          C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Uc.dll

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):483120
                                                          Entropy (8bit):5.885163302617754
                                                          Encrypted:false
                                                          SSDEEP:12288:ua9ps9y+hl8hyfItfqNWtkT4yzIDUCEheLQta3spminCi5W3EKjWFY4A7+BkvCZ4:ua9ps9y+hl8hyfItfqNWtkT4yzIDUCEY
                                                          MD5:990FA51CBD5541A88901013285EC6043
                                                          SHA1:E8B632C2F5B8AEE62BFF8E412BE5BC1AD585212D
                                                          SHA-256:09ACCF26D8E69563EA6922CDC144D5E0851CD9E8284CC71E0B0E02050CC12EF4
                                                          SHA-512:FEDF15073E8EDBC89B27DCD5BB170193A885DB10120D10B24597EEF4CCEA035527BD78FB6B9071556E0E73165EC297CE97DBE9EEF0E13AFC945BC128303C7235
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......S...........!................~L... ...`....@.. ..............................}Y....@.................................(L..S....`...............6..0)........................................................... ............... ..H............text....,... ...................... ..`.rsrc........`.......0..............@..@.reloc...............4..............@..B................`L......H........^..(....................].......................................0..&...........{....9........{............o....**...0..&...........{....9........{............o....**...0..&...........{....9........{............o....**...0..6...........(........ ....}.........}.........}.........}....*...0............ ....."..... .... ...... .... n..... .... ...... .... P..... .... ...... .... (..... .... ...... .... D..... .... ...... .... D..... .... i..... .... ...... .... ...... .

                                                          C:\Program Files\Wildix\Outlook Integration\Newtonsoft.Json.dll

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):702768
                                                          Entropy (8bit):5.94248397372167
                                                          Encrypted:false
                                                          SSDEEP:12288:Af9WGsSVSM2mxL2nRiOr8gUckc6V/g2GhBzj05cHDv:+XNL2PVh6B+Bzjmcjv
                                                          MD5:C8A9DE4F5ABDFED0C1570F7A3AF1B1D7
                                                          SHA1:07F437134004F35ABB75055A70CB617E089CE871
                                                          SHA-256:AA2C36AC636277BF656B62EC833F8B2290EFB816AF23B972DF03E08019F37834
                                                          SHA-512:DFD81C3C39D6A44CA794357D1DCF0C5FA08D35394FF08E9FA0F07EC31D4EE9DFB33741F36A16E730D8B5D064CDC7214F38B95CD247B65168A0B690711D6C6EA5
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0................. ........... ...............................o....`.....................................O.......................0)..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........z..<&..................<.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{[....3...{Z......(....,...{Z...*..{\.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                          C:\Program Files\Wildix\Outlook Integration\Office.dll

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):420144
                                                          Entropy (8bit):5.856238395685976
                                                          Encrypted:false
                                                          SSDEEP:12288:Oo4vyP2a+zKZsxgkE0PTpFh/2f7rvmcyjlSjnqxT:Oo4vyP2a+zKZsDr52f7rvmT
                                                          MD5:57C9FB87B5EC760269EF6FBE749033EA
                                                          SHA1:8837E614A10DD89E97A59D90459AE653DE5503EB
                                                          SHA-256:F57BDE7FB0F320310186E3761D9C59F82D5AEA7CAE8C208636D566716B82462A
                                                          SHA-512:455DC1F00AF21C76E56A1DEEE575F9E9F8A0D21F3412AD33C1F52E709C176CA115C9465E68CB7CE264D871AEF0A239E6523F3BCA0E428E0B0155A11001A57685
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....oAE...........!......... ......."... ...@....@.. ...............................v.......................................!..W....@..L............@..0)...`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc...L....@....... ..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Console.dll

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):42800
                                                          Entropy (8bit):6.287569526174843
                                                          Encrypted:false
                                                          SSDEEP:384:7bd/GivDfRbUqX+pMA84UfYN7hzWrJ7HFjA7Avraq9E6ZAlJrKanrLCyaz/JllAe:Px+pe4L10ajxHJl7u4WHjWtkTpyiR1
                                                          MD5:7C717A0DC865442E7D7E4E38B2BC6360
                                                          SHA1:8FD574A9DAEABA424DA4F20B441015CCD5AA40A9
                                                          SHA-256:9E15A8DCC635A7148BE0F41BE854D6A0A025C9C77B5B9C34A326870413988A21
                                                          SHA-512:4AC0C1609AAE7F4B49B74E8377F69106AADEE9A622AF5A046C7335CD28B89CC958FBFCEFACC5E8F01EEA0F3FF8BD05C6B364172E39F2B9774DFB4F20DC043F8F
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.P..........." ..0..t..........z.... ........... ...............................b....`.................................(...O.......L............~..0)..........p...8............................................ ............... ..H............text....s... ...t.................. ..`.rsrc...L............v..............@..@.reloc...............|..............@..B................\.......H.......|R..t?..........................................................0..Y........-.r...ps....z.-.r%..ps....z(....-.(....-...%-.&(-...+.(........sN.........s.......o....*..-.r...ps....z.-.rC..ps....z.(.......s......o....*.(<...*..s....}.....(......}......%-.&rW..ps....z}......}....*...0............o....(......{....o....,L ....s....s......{......o.....{..........(......o....o.....o.....:.,..(......{..........(.....{......o.....o.......,..(.....*.......@..\........o.........

                                                          C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Debug.dll

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):17200
                                                          Entropy (8bit):6.79195093022485
                                                          Encrypted:false
                                                          SSDEEP:384:rrDJKl99Xk8jr8VMpwKNsP6vT5ceGmGovy8ZpHGS:rr20rkTaMyiRl
                                                          MD5:E90099CDCFABCE17BDB1BE9C6540E00E
                                                          SHA1:8F6CEFF26F1EBE91B2BED5EB404AD9F0681B11E1
                                                          SHA-256:A787899F17FC8CCCF062115535FEE2350451F73B5AFF6086F31C8CE321DE7A1F
                                                          SHA-512:A09E1442FF54CC383621FE7AA5DC6F35EB20A956E161381782FA01BA4ABDA1524C650A347D77BCB7A3C5344F783FB4BE285015970940F158402CBF0C19D9FFBE
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............^/... ...@....... ..............................Gl....`................................../..O....@..@...............0)...`......X...8............................................ ............... ..H............text...d.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B................>/......H....... !.......................-.......................................0../........-.r...ps....z.-.r%..ps....z..s..........(....*..-.r...ps....z.-.rC..ps....z..s......o....*v.(......%-.&rC..ps....z}....*....0..+.......s......{......o.....o....(.......,..o.....*.......... ......BSJB............v4.0.30319......l...0...#~......\...#Strings........X...#US.P.......#GUID...`...X...#Blob...........W..........3........................................................................

                                                          C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.File.dll

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):36656
                                                          Entropy (8bit):6.395366274410026
                                                          Encrypted:false
                                                          SSDEEP:768:s2IVwX/kpnTXMcTWpHdD2JRrcfwcynkTVyiRz31q:wwXcpnTXMwWmJRXVnkTVyixE
                                                          MD5:97A1DDD0105BD2CF367EB75AEA3B9ED5
                                                          SHA1:E8C34504F4113B0FD4FE008085BDBE3AEAF3D4DB
                                                          SHA-256:874F9E7643644D4E5B0DF1E4D29B2EB2B6369C4B5231DFED7B53ED8B008A0A80
                                                          SHA-512:453FC6342128A8378D8E00CCBBA4B04D6F08234ADD39A00E709D76FF114439FEA3C65F0A1A088AE822067013F7511EC88087801DCB8C3C5A074CAF573724B4CC
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%>^..........." ..0..\...........{... ........... ..............................(.....`.................................O{..O.......4............f..0)...........z..8............................................ ............... ..H............text....[... ...\.................. ..`.rsrc...4............^..............@..@.reloc...............d..............@..B.................{......H........8..XA.................. z.......................................0.."...................................(....*...0.. .................................(....*.0..O........-.r...ps....z.-.r%..ps....z.-.r/..ps....z...s...........................(....*..0..(..............s..........................(....*.0..?........-.r...ps....z.-.r%..ps....z.-.r/..ps....z...s...........(....*..0..8.......... ...s..........................................(....*.0..9........-.rM..ps....z.-

                                                          C:\Program Files\Wildix\Outlook Integration\Serilog.dll

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):130352
                                                          Entropy (8bit):6.1756602168004235
                                                          Encrypted:false
                                                          SSDEEP:3072:Hy8BcjSMkNtSR4rkA4Nqnv/BZ8OQNZMpWovqGkn/:SPSMkNtS6rzH7H+mk/
                                                          MD5:63A36F36EA707EECB25E5D99DCE13F3B
                                                          SHA1:B79A46055B184B6122B769911C5B05E6436D626E
                                                          SHA-256:A46C0096917117E34F1083BA414B299ED44528C603C9B3773947DAB49666D832
                                                          SHA-512:8F8167AACF73CAFFF7216190BB66BC720D199C5D830045268EE96B56100C65F88770312D300D54593CAF29C204B7F0A66B2F308ABA5DBA7119A8F2E206F931B2
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T<..........." ..0.............:.... ........... .......................@......m.....`.....................................O.......................0)... ......X...8............................................ ............... ..H............text...@.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......x...`A............................................................{(...*..{)...*V.(*.....}(.....})...*...0..;........u......,/(+....{(....{(...o,...,.(-....{)....{)...o....*.*. .... )UU.Z(+....{(...o/...X )UU.Z(-....{)...o0...X*.0...........r...p......%..{(....................-.q.............-.&.+.......o1....%..{)....................-.q.............-.&.+.......o1....(2...*..{3...*..{4...*V.(*.....}3.....}4...*...0..;........u......,/(+....{3....{3...o,...,.(-....{4..

                                                          C:\Program Files\Wildix\Outlook Integration\UC.dll

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):461104
                                                          Entropy (8bit):5.2527820097188025
                                                          Encrypted:false
                                                          SSDEEP:6144:cw/0k3XAYWQuyOGiUpXWFgXFQIY0EH7+0BJmmDAvQNRplhxy6woW0nFTF9YvORIx:98KXAy7qy6EOdMqk
                                                          MD5:CECDF5411BDF1050E2E64C53C3A99FC4
                                                          SHA1:0951448EB0403F27DAAEC6D7922525EB908E5104
                                                          SHA-256:FC9893B87975759C24B25EF7C6ED7023AFF729899197329E16EED29121FA8893
                                                          SHA-512:72B8B1951E14BBE8BE8AE49718CC81D7C76A8FFB61C7E49EEA02F1D004D802A9F4FC0A8A6EAC573E92467DE3E80C80652849F9CAEAB6A013AA9DAB013952A2B9
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......aj..%...%...%....~~.$...%...$....~..$...Rich%...........PE..L......b...........!................................................................P.....@.......................................... ..................0)..............p............................................................................rdata..P...........................@..@.rsrc........ ......................@..@.......b........E..................b...........................b........l..................b............................................RSDS=...+..O.x{..Qs.....C:\design\wiservice\deploy\oi_release\UC.pdb........................GCTL....p....rdata..p........rdata$voltmd............rdata$zzzdbg.... .......rsrc$01.....!.......rsrc$02............................................................................................................................................................

                                                          C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dll

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):297776
                                                          Entropy (8bit):5.485268355053718
                                                          Encrypted:false
                                                          SSDEEP:3072:Qi1Aj3zXmT4WxeuoFazeytxjQ9XA53HW15xqGODsKWUgCDrP+CbmsjkmN:8HXGKKjQ9w53HW1fhAgCGCbmEkS
                                                          MD5:D89235C82FD8AD0C2573927446945593
                                                          SHA1:045A3CC249D3C1D2CB8E0CC670992A7EA0CA041F
                                                          SHA-256:7BF88BC100D5320A4E70AB7643AB9A7CD31891446B554DB4B6B9FC4025F51CCC
                                                          SHA-512:14EE7506D21C7BBC1E9D2750590EEC0B6A8250A2818BF4BE7D090957798147A954EB3BC13FD8F21991A3B92EF8BF39A21B7F31067E0A2E7576F8E91F80AB52A2
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b.........." ..0..X...........v... ........... ....................................`..................................v..O.......4............b..0)..........hu............................................... ............... ..H............text....V... ...X.................. ..`.rsrc...4............Z..............@..@.reloc...............`..............@..B.................v......H........M..4............................................................0...........(......(9...}....(....o ...o!...o".....r...%....o#....($.....s%...}.....{....r...p(...+('...o(....{.......{....(:...o)....{.... .....{....(:...o*....{.... .....{....(:...o+....{.....".{....(:...o,....{.....o-..."...A.s....o/....s%...}.....{....r7..p.........(0...o(....{.....2.{....(:...o)....{.... .....{....(:...o*....{.... .....{....(:...o+....{.......{....(:...o,....{.....o-..."..PA.s....o/

                                                          C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dll.manifest

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines
                                                          Category:dropped
                                                          Size (bytes):18474
                                                          Entropy (8bit):5.396520949446764
                                                          Encrypted:false
                                                          SSDEEP:384:2yw5tUebz1qEr5M5Q92rbYQujYSQxrjfTr+RLX8uy3i/yI72yWU8GSTvky7F:tw5tUebz1qEr5M5Q92fYQKYSQxrrWtMX
                                                          MD5:A8DCC0F1FD668D72CB172ABC7EE03112
                                                          SHA1:8DACA657AE863D1E478AB096A276EC96ED961FB1
                                                          SHA-256:EADF58AE5A595BC90986E6CFC820DCBAEE7BF98A76C8A21FF8CEFC1ECC3DE9AB
                                                          SHA-512:02A1FF88B5F717299F38D9E10DE8CFE13DD2CD8BC0519FBA263AF7E3C0E26FF79E9A0B20BC6302E9694FA2CF1693901D664A21B7F364F3C2EF88A794C84201F6
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:.<?xml version="1.0" encoding="utf-8"?>.<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">. <asmv1:assemblyIdentity name="WildixOutlookAddin.dll" version="1.0.0.0" publicKeyToken="ba03c384a1328835" language="neutral" processorArchitecture="msil" type="win32" />. <description xmlns="urn:schemas-microsoft-com:asm.v1">WildixOutlookAddin</description>. <application />. <entryPoint>. <co.v1:customHostSpecified />. </entryPoint>. <trustInfo>. <security>. <applicationRequestMinimum>. <PermissionSet Unrestricted="true" ID=

                                                          C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.vsto

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines
                                                          Category:dropped
                                                          Size (bytes):5593
                                                          Entropy (8bit):5.803747490044073
                                                          Encrypted:false
                                                          SSDEEP:96:0WLwO9Zc9SHFPkNQ9wF8YmOwTZalUEI1nF8YxzFodo9bBDA:fWNQBIK1sdEA
                                                          MD5:698878C3A5F68E9003A99E2D79C21BFF
                                                          SHA1:F629FCA320F7BB803405A183865F8AEA96006F0B
                                                          SHA-256:C22C9A852F6BD1ACD6EA3F17CE50C5782858FA0513E31D7A3629011D354EB9EF
                                                          SHA-512:D1176E3843B92EF12C9D834E12151F1977ADA3FF7525A438740F3D9452967530F0A985FAEC04C709BE1B2DC9D7CA3B667A908346A40FCEBCD0A951A3B6380463
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:.<?xml version="1.0" encoding="utf-8"?>.<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">. <assemblyIdentity name="WildixOutlookAddin.vsto" version="1.0.0.0" publicKeyToken="ba03c384a1328835" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />. <description asmv2:publisher="WildixOutlookAddin" asmv2:product="WildixOutlookAddin" xmlns="urn:schemas-microsoft-com:asm.v1" />. <deployment install="false" />. <compatibleFrameworks xmlns="urn:schemas-micro

                                                          C:\Program Files\Wildix\Outlook Integration\WildixOutlookCommon.dll

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):17200
                                                          Entropy (8bit):6.799246481996451
                                                          Encrypted:false
                                                          SSDEEP:384:vMs9ldT8jZ+egpwKNsP6vT2C56bRMAGmGovy8ZpHWBzNO:vH9ldYjfVkTytyiRMO
                                                          MD5:0C4B8FBC943925A11A9B011970F082A7
                                                          SHA1:305EB0BC8432EECF12FF6ACAB36B3C62BCB97CF6
                                                          SHA-256:ED0692AC6B1482E47B8247D4ABD3A6175F731BAEFA34D11C311098A6A7DBAF79
                                                          SHA-512:22FEF0E9073F5517ABECFDC85EFF2ABEBAF26FA482AB422F69E3650FCCEEEA71FAE8F7537D2C972FF3EAA449AA4180C5E02DBA02EBC001914F6DD6D5CE815D9D
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Zz..........." ..0..............1... ...@....... ...............................l....`..................................1..O....@..................0)...`.......0..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H........!..8.............................................................(....*..{....*"..}....*..(....*..(....*..(....*..{....*"..}....*..(....*..{....*"..}....*..(....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(......( ....r...p("....s....($.....(&...*.BSJB............v4.0.30319......l...P...#~..

                                                          C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exe

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):655664
                                                          Entropy (8bit):5.222967380631434
                                                          Encrypted:false
                                                          SSDEEP:6144:UDGMf41bQdNI8o68zlbue9nUpEJYbKKjQ9w53HW1fV/tGKjQte5mHWC0D7kTR:UDGRUnII7wtZKdUAKpHrgF
                                                          MD5:E2B511949A9A0E6CDFD6B5ED871C5EE4
                                                          SHA1:E9E8E5848232A73C45175E42BA185A7D22E625FE
                                                          SHA-256:983D5590D5E243AC3B4F3DF8A28FC38BECB6B7C67AF40879D0074A1D90241DAD
                                                          SHA-512:8A5C894A0EE4B19012AE1355BC41E69B9C0B340600EA8978E001E0AF630CD4FBF7506B8AA02712DDB935884E5BF8FCA809C0514F056AABE0C1888E93B96B2728
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b..............0.............Z:... ...@....@.. ....................... ............`..................................:..O....@..................0)...........8............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc..............................@..B................<:......H........0..........H....... +...........................................0..H.........}......s'...}.....((...........s)...s*...}.....{.....o+....{....o,...*.0..........s.......}r...r...p(-....s....%.o/...(0....(1....o2......}s.....s'...}t....{r.......i.......s3....o4...&......%..{t....%..{..... ....(5...&.{s...,..{s...z*...0...........u....,Es.....r#..p(-....s6...%s7...o8...}u..........s+...(.......{u...(....*.u$...,<s....rW..p(-...%.t$...}v.........s+...(....(......s9...(...

                                                          C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exe.config

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):146
                                                          Entropy (8bit):4.983767070197417
                                                          Encrypted:false
                                                          SSDEEP:3:vFWWMNHUz/cIMOodBQV7VKXRAmIRMNHjFHr0lUfEyhTRLe86AEDDQIMOov:TMV0kInV7VQ7VJdfEyFRLehAqDQIm
                                                          MD5:05BD64DBD44CF1C95236670D3842562F
                                                          SHA1:824B16AD66771809D9BB32001875AA3C372C7C9C
                                                          SHA-256:40859DA4B6DE7510504DD13877345D92B4DF66EA09C6C4F4E72C7AE3610974AA
                                                          SHA-512:85FD03363DCDEF8B2A45C74605E0009249ADCA8BEABE06CBB90F6B1B00761C02B6BEB02B8BBD3DDC6965E98CEA820D5023705584D5B7DA5CD2FA3CB9AAF66E9D
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:<?xml version="1.0"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1"/></startup></configuration>..

                                                          C:\Program Files\Wildix\Outlook Integration\dotnet-dump.exe

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):5319464
                                                          Entropy (8bit):6.624308793661432
                                                          Encrypted:false
                                                          SSDEEP:49152:EDTNbgZbsK5pM9TJFppvgKnkt21tgJEyacq0+W3Ua+zxn1OqE:sJbNFF/gV/17sOj
                                                          MD5:DF2658B6C20A21330E7552E24C85D90B
                                                          SHA1:D728F0419649CE3CC08352FA7CB42CB6E81F223E
                                                          SHA-256:8421FD05BE64F4B43DB838ADE694FB1DFE1731C347093FCC8194540B3154BC0E
                                                          SHA-512:D281EEE77FE8D51D0AAA0E9E181B9912BD0F87F4033275FCA694B1D187C069AA3EF0D070FB0FEE73C3EC430B8C09AB5A5EABDECE4E2E46449D55AB52B92743B4
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........V...V...V.......[.......k.......v..._.W.D...9..._...V..........[......W...RichV...........PE..L......`.................P...................`....@..........................P.......yQ...@.......................................... ................Q.0)...0......p...T...................h...........@............`..(............................text....N.......P.................. ..`.rdata.......`.......T..............@..@.data... ...........................@....rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                          C:\Program Files\Wildix\Outlook Integration\websocket-sharp.dll

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):260912
                                                          Entropy (8bit):5.833391908575034
                                                          Encrypted:false
                                                          SSDEEP:3072:bLixO6zz8t4OXDegbQy058MP2pZrCmrrDse0ecdfF7b2gqEiyDvSmqtNlVusC51c:Un8nDenoRXoJF3bqEiyzZ5m1FsgUvkR
                                                          MD5:2EC6FE829B50EADF83FD724379A87E29
                                                          SHA1:05EB14775FA9539A6C734C33999F9797A0009874
                                                          SHA-256:0911ABB03974928AF1A018FD7BFDBEACB207908CA2EF1D6A977A5A1DA227EFBE
                                                          SHA-512:B945DF1028F4ED5171380FE52A3B1515151D7FEEC26DAA9C6291415F61EFFD746BF11A980B88EE2229306339A0357773FC1BAB1E5C30DB694060BA827EE3D43E
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....xW...........!................~.... ........... .......................@.......o....@.................................,...O.......................0)... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................`.......H...........H...................P ...........................................)....[.W......Ok.I.....&.R..m.....I}.t...kf..b!.g....$..C....H..R.:,.L..0.3.....L.R#YP.....IL1.i(...A../G..%........0..9.........o.....j.......-...+ .s......(.............-..o........*............&.......0..q........s......o.....j.......-...+R..jo........s........ ....(......o......~......o.......jo...............-..o........*...........0^.......0..,.........(.......o......o.............-..o.

                                                          C:\Program Files\Wildix\Outlook Integration\wildix-oi.ico

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:MS Windows icon resource - 13 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
                                                          Category:dropped
                                                          Size (bytes):175221
                                                          Entropy (8bit):3.6057445859805903
                                                          Encrypted:false
                                                          SSDEEP:1536:Fpznextut/yGjfT8nUa/XIHlbeA5yN6zHW156G6:vzeytxjQ9XA53HW15x6
                                                          MD5:CE4C0FAC424ECDAFD490544CF10593B6
                                                          SHA1:96B32682A928D5A9229B93586478A31E08B423F4
                                                          SHA-256:A9BAE457E58D8BAB5FB10A3A6AE67D4453CECCECBE81C5AD066E86AAFD11A45A
                                                          SHA-512:0F1BBF2C115CB9128594647FB9138B876E896B01CC86237EB00A695E38671955D718C4F9A712B4C0DD6CD40C99ABBC00B0442E5B192562B622EB3B9A660B228F
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:......00.............. ..........~...........h...&......... ..J............ .(....h..``.... .....Ep..@@.... .(B......00.... ..%...G..((.... .h....l.. .... .....%......... .............. .....U......... .h.......(...0...`...................................K...]8..d;..f>..^4!.g@..jD..nH!.rM'.sO*.vR-.pN>.yV2.{X5.|Z6.~\9..^<..Q...V...\...Y...]...^...b...a...e...e...i...h...l...g...j...j...m...f...i...n...n...n...o...u...q...s...u...q...t...u...x...r...t...v...q...u...y...x...|...{...~...}...w...x...y...}.......y...x#..a@..fF..iJ..oP..pR..sV..vX..z^..~c.................!..!..+..+..,.....1..6..3..5..=..7...9..=...g...j...m...l...r...w...|..D..K..I..L..L..@..I..O..T.._..p..u..v......................................................p[...t...................1...Q...q.................../...P"..p0...>...M...[...i...y....1...Q...q..................../...P...p.................... ...>1..\Q..zq...................../...P...p.!...+...6...@...I...Z..1p..Q

                                                          C:\Program Files\Wildix\WIService\UninstallWIService.exe

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                          Category:dropped
                                                          Size (bytes):158960
                                                          Entropy (8bit):7.07233390348905
                                                          Encrypted:false
                                                          SSDEEP:3072:KomnzVincQDKgc27G1GFkTvQnKKjRCCDgqqAuKF5s34FYAtekueJ:KtZqi1GF9n6fqjup34KAkkt
                                                          MD5:128345F02A3DDCEA05F454F1DB07B2BD
                                                          SHA1:CB4D1FD1501F6E48D47B5DB0BE93E9C17E55A396
                                                          SHA-256:9D6E412304BF2D183A0F54C66AE2A60789D5BC69EF0F9BEE9F811A1A468CFD60
                                                          SHA-512:2FC14F3AC7A721A0D53A8A33156083BFFEC4EA9207DF663E80AA814060B8E7A2A9E36F0389DC1659A83658BDACCA4723E19ED533AB78A34EA9C6B22A13226922
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..F..F..F.*....F..G.w.F.*....F..v..F...@..F.Rich.F.........PE..L......].................d...|......k2............@..................................@....@.................................<........................C..0)...........................................................................................text....b.......d.................. ..`.rdata..J............h..............@..@.data....U...........|..............@....ndata...................................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):3430
                                                          Entropy (8bit):3.577875788113156
                                                          Encrypted:false
                                                          SSDEEP:48:yei1q97/qlLaq4i77cMUF39Qg9c9V9Lvara+iaiusupRCRf9ufAuRa7T5XhPsV8n:t2ll4i77h4iGdiaipV9ll7dhFF6+
                                                          MD5:9E02EAF2592DE18E8058FD254C89FAD5
                                                          SHA1:EB5FCE36FC938929D27348CA9B0040CFED0FF8B4
                                                          SHA-256:870D3C739BEB158446DEEED2B5C92854C2726A92B3294F0C07C52AE65CD51ED1
                                                          SHA-512:5C82E7D21BA6D828EED7BF9F313C864AB59DE695DF4B62D31DD2CCB838B60E65C7EEAB56606CBBBE8FBB11A4D70ED42D1D10F3EA9834B5203BBD5B6067648226
                                                          Malicious:true
                                                          Reputation:unknown
                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.T.a.s.k. .v.e.r.s.i.o.n.=.".1...2.". .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n.d.o.w.s./.2.0.0.4./.0.2./.m.i.t./.t.a.s.k.".>..... . .<.R.e.g.i.s.t.r.a.t.i.o.n.I.n.f.o.>..... . . . .<.D.a.t.e.>.2.0.2.0.-.1.1.-.0.4.T.1.1.:.5.9.:.4.6.<./.D.a.t.e.>..... . . . .<.A.u.t.h.o.r.>.W.i.l.d.i.x. .s...r...l...<./.A.u.t.h.o.r.>..... . . . .<.U.R.I.>.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e. .u.p.d.a.t.e. .c.h.e.c.k.e.r.<./.U.R.I.>..... . .<./.R.e.g.i.s.t.r.a.t.i.o.n.I.n.f.o.>..... . .<.T.r.i.g.g.e.r.s.>..... . . . .<.C.a.l.e.n.d.a.r.T.r.i.g.g.e.r.>..... . . . . . .<.S.t.a.r.t.B.o.u.n.d.a.r.y.>.2.0.2.0.-.1.1.-.0.4.T.0.1.:.0.0.:.0.0.<./.S.t.a.r.t.B.o.u.n.d.a.r.y.>..... . . . . . .<.E.n.a.b.l.e.d.>.t.r.u.e.<./.E.n.a.b.l.e.d.>..... . . . . . .<.R.a.n.d.o.m.D.e.l.a.y.>.P.T.5.H.<./.R.a.n.d.o.m.D.e.l.a.y.>..... . . . . . .<.S.c.h.e.d.u.l.e.B.y.D.a.y.>..... . . . . . . . .<.D.a.y.s.I.n.t.e.r.

                                                          C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDL

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):23812
                                                          Entropy (8bit):5.102231290969022
                                                          Encrypted:false
                                                          SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                          MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                          SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                          SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                          SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                          C:\Program Files\Wildix\WIService\fax\STDNAMES.GPD

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):14362
                                                          Entropy (8bit):4.18034476253744
                                                          Encrypted:false
                                                          SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                          MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                          SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                          SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                          SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                          C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDL

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):59116
                                                          Entropy (8bit):5.051886370413466
                                                          Encrypted:false
                                                          SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                          MD5:FC574EB0EAAF6A806F6488673154F91F
                                                          SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                          SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                          SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                          C:\Program Files\Wildix\WIService\fax\STDSCHMX.GDL

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2278
                                                          Entropy (8bit):4.581866117244519
                                                          Encrypted:false
                                                          SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                          MD5:932F57E78976810729855CD1B5CCD8EF
                                                          SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                          SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                          SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                          C:\Program Files\Wildix\WIService\fax\UNIDRV.DLL

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):531760
                                                          Entropy (8bit):6.367903460100957
                                                          Encrypted:false
                                                          SSDEEP:12288:PTIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTzOO/:PUJ/Cq2IT/PiP4dapV7LDiK
                                                          MD5:16F86997F1BD8CDE8524DD35DA677E7D
                                                          SHA1:F0930CB7D4CA6F4A7770A3BF037EB9B981F79F95
                                                          SHA-256:F9F4F52C5B5C2EE59E3A6E11214F5E3599D6C5499B61C5009456BE20E95278F8
                                                          SHA-512:FA688BC3F04BBE4876C2720E7484D8BE7C125AB619A666E86A813F2F0946D79BCF1355D9CD9CF31AE3B8FA5E41EAE54A319ED0C1F501A68336BD652D76BB1740
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0......b.....`.........................................Xp......X....................K......0)... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                          C:\Program Files\Wildix\WIService\fax\UNIDRV.HLP

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:MS Windows 3.1 help, Tue Apr 17 13:11:56 2001, 21225 bytes
                                                          Category:dropped
                                                          Size (bytes):21225
                                                          Entropy (8bit):3.9923245636306675
                                                          Encrypted:false
                                                          SSDEEP:192:g8qo9MqLEGX9WkaNWvbAsmrEGckkwy95/HLQdu:g8rMqLwkW8AsqEHkkwy7N
                                                          MD5:6798F64959C913673BD66CD4E47F4A65
                                                          SHA1:C50FAA64C8267AC7106401E69DA5C15FC3F2034C
                                                          SHA-256:0C02B226BE4E7397F8C98799E58B0A512515E462CCDAAC04EDC10E3E1091C011
                                                          SHA-512:8D208306B6D0F892A2F16F8070A89D8EDB968589896CB70CF46F43BF4BEFB7C4CA6A278C35FE8A2685CC784505EFB77C32B0AABF80D13BCC0D10A39AE8AFB55A
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:?_...........R..r...i.....(),.aabo.utadvanc.edAllows.andareas.assigned.availabl.ebebookl.etc-.hang.e..racter@Clickc. o.de..sColo.rc.0..scon.taindefa.ultdepth.directlyi.0or..sh..PD.isplaysd.ocument.P.sdraftse.n, ex..nal.featuref.ilesfl.....PrFor..m..-.to-trayf.romgraph$ic.@sh@.to.neH.@dhig.herIfima.gesininE..atio..sta.ll.@..itLe.t..Listsl.o..*.nualm.em..meta..2mS.tM!...enhoto..Oy.w.o.per\.ngop.timizh ...@.nsor..p.......spa3.Pri.ntp.0..ed.0..0er.@-spe.cific.@s1 .m.q..ityQ.0.relaB.RET.k.ghseese.l..edsets.oftSomes0ourc}.P ed.S.@sb.'.poo...gsuchsu.pporttak.est..tha...eT..'.oTo...TrueType...l.usevie@wWhenw. e.1.rw..hwil.lyouyour.;bynewof.fs/...&....;)....z4..............................N.......|CF0.lR..|CF1..R..|CF2..R..|CF4..R..|CF5..R..|CONTEXT..)..|CTXOMAP.. ..|FONT.. ..|Petra..2..|PhrImage.....|PhrIndex.....|SYSTEM.2...|TOPIC.....|TTLBTREE..!..|TopicId.=J.......................................................................................................................................

                                                          C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLL

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):919344
                                                          Entropy (8bit):5.989910938073557
                                                          Encrypted:false
                                                          SSDEEP:12288:tH0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+MX:t7Hdv3DyfhP2QgYPwo3ArgX
                                                          MD5:871B629F8F6B87CDEDCA5227F46105A2
                                                          SHA1:5DA2291D6904CF1AEDB187FB05EA5D44ECB0D4DA
                                                          SHA-256:A52F712705D4D67FD8B1084353CE27810DBCD01737041882D172F0CE21C5478C
                                                          SHA-512:F42F8D745501242501CC1CA4C2CE7DBC9104F136FD9FD4781A8A132A2A67EB51D5C58F5D67635D8CA5F94CC516CE5D60BAD50E245A85504817FDC409C58CF321
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ ............`.........................................._..{...............H........1......0)..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                          C:\Program Files\Wildix\WIService\fax\UNIRES.DLL

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):856368
                                                          Entropy (8bit):5.595317302196895
                                                          Encrypted:false
                                                          SSDEEP:12288:h9aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLhx:LaBEGbL4Np84TQazCSiRhx
                                                          MD5:CCED2F361AA9D3858710FEF19C11EBA6
                                                          SHA1:BB718E984F2F0AAD96C2C50862CEA7A00663FD5B
                                                          SHA-256:492B990879411715AEC292B3730629C55AFB5490CEE7197DF71B0038294E9A1C
                                                          SHA-512:C784EB5F64C75CC0DD77180214A4D707C3A5EDA837064738DF12F68E8515903025461E6069E636B171992BFBD72022F3F7F076D7BAEFE863BC47DE1DF5245A25
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." ......................................................................`.............................................................0...............0)...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                          C:\Program Files\Wildix\WIService\fax\imgprint.gpd

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):7996
                                                          Entropy (8bit):5.128824009655858
                                                          Encrypted:false
                                                          SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                          MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                          SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                          SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                          SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                          C:\Program Files\Wildix\WIService\fax\wfaxport.dll

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):357680
                                                          Entropy (8bit):6.332745772607795
                                                          Encrypted:false
                                                          SSDEEP:6144:PAcN1/tmU72EHcfmSBX/jR+vTqxqh4Gv4VCH+Jkgk7:HPmfmSBXrQvr97
                                                          MD5:384B0FBEC35D5D101DD92BCAA3EFA18A
                                                          SHA1:202128FFBE8D086F6CB0C870FC3B3C32A8B7B3ED
                                                          SHA-256:EF6EF3F750E8718D8F810EBF7C45B3209375F701C853265ADDF944E96DE87DBF
                                                          SHA-512:66B97BE9382A919686FF1B1DFCB6167AA264B7C4CE6B7D9D9E67A2C8E6C9F47C47ED65A84BBA3B2CAE7A462F62E743C42A8D52A2E5D744BAF971FD2201B1430C
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........={..\..\..\..$..\..1-..\...)..\...)..\...)..\...)..\..7..\..7..\..7..\..\..@]..H)..\..H)..\..H)..\..H)..\..H)..\..Rich.\..................PE..d......b.........." .................e...............................................]....`.............................................p...p...|....p..h....0...8...L..0)......x.......T.......................(...p...8............................................text............................... ..`.rdata...&.......(..................@..@.data....D.......<..................@....pdata...8...0...:..................@..@.rsrc...h....p.......@..............@..@.reloc..x............D..............@..B................................................................................................................................................................................................................

                                                          C:\Program Files\Wildix\WIService\proxyex.lnk

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Wed Aug 10 09:12:30 2022, mtime=Tue Sep 20 08:32:32 2022, atime=Wed Aug 10 09:12:30 2022, length=14324528, window=hide
                                                          Category:dropped
                                                          Size (bytes):928
                                                          Entropy (8bit):4.616261011620531
                                                          Encrypted:false
                                                          SSDEEP:12:8NC0YX1hy7Zv0dpF44O1uEeBDkp0Pybp/jAmIh3lPDRbbdpo8V9L2eu2eMBm:8hGdyY+HxAvjBdDKeNeMBm
                                                          MD5:B12833C2B93619796587B6018AD1BAD5
                                                          SHA1:6E662684C501E997C1AA07D2825D825EB866A2D4
                                                          SHA-256:F13DBC81F69A0BBF043BA50A76DE6F4CD4F4EDCE0E626AD261F8C4AF2C1DE7B9
                                                          SHA-512:E35842EE325FAF28DAEDBE01C42CA363853A87C463CDE8ED8B7748D49A24872B24D0330B1772575A02B712653A273F412736D49E45076EA7D37583384A2011BA
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:L..................F.... ............\..............0............................P.O. .:i.....+00.../C:\.....................1.....4U.K..PROGRA~1..t......L.4U.K....E...............J......U..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....4U.K..Wildix..>......4U.K4U.K..........................j.".W.i.l.d.i.x.....\.1.....4U.K..WISERV~1..D......4U.K4U.K............................M.W.I.S.e.r.v.i.c.e.....h.2.0....U.Q .WISERV~1.EXE..L.......U.Q4U.K..............................w.i.s.e.r.v.i.c.e...e.x.e.......^...............-.......].............=}.....C:\Program Files\Wildix\WIService\wiservice.exe......\.w.i.s.e.r.v.i.c.e...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e...-.-.p.r.o.x.y.e.x.`.......X.......585948...........!a..%.H.VZAj....7r.h............!a..%.H.VZAj....7r.h...........E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............

                                                          C:\Program Files\Wildix\WIService\resources\cdr.db

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:SQLite 3.x database, last written using SQLite version 3027002
                                                          Category:dropped
                                                          Size (bytes):1108992
                                                          Entropy (8bit):6.239420122827104
                                                          Encrypted:false
                                                          SSDEEP:12288:s012KYTfqBoW+X3wUfJ0HORmsi18vFZrutsPdBx5G59IdYb6Vb38sZOOdFkUtetp:STSoW+68Wkdl3CcbsROdF2w8dfvqJY/
                                                          MD5:D4604E2E0D76A101BECAE84ECD1EF720
                                                          SHA1:27843D4C2FCF94BBDFDC9CF4057E25F523665D24
                                                          SHA-256:76D199BBE65D4DBBDD614C0336D2C1164E3221B7C10FCA840901152CC5C79B42
                                                          SHA-512:925CB8D08A4FD7815882BE21AC908B21099309F2EE41A47AF86954F4412E1949E4E65B0CAB1453C98F9EDAF92A7001949C5134275EEF0B9AA6D73E3E825DAF83
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:SQLite format 3......@ .......;..................................................................0:...........9...............................................................................................................n...%%...tableEVENTS_STATSEVENTS_STATS.CREATE TABLE EVENTS_STATS (...ID INTEGER NOT NULL,...DAY INTEGER NOT NULL,...DATE DATE NOT NULL,...MIN_ID INTEGER NOT NULL,...MAX_ID INTEGER NOT NULL,...COMPLETE TINYINT NOT NULL,...PRIMARY KEY (ID)..).f...++...tableCOUNTRIES_AREASCOUNTRIES_AREAS.CREATE TABLE COUNTRIES_AREAS (...ID INTEGER NOT NULL,...COUNTRY_ID SMALLINT NOT NULL,...NAME VARCHAR(255) NOT NULL,...NUMBER VARCHAR(255) NOT NULL,...LENGTH TINYINT,...PRIMARY KEY (ID)..)."........tableCOUNTRIESCOUNTRIES.CREATE TABLE COUNTRIES (...ID INTEGER NOT NULL,...NAME VARCHAR(255) NOT NULL,...NUMBER VARCHAR(255) NOT NULL,...PRIMARY KEY (ID)..). ........tableCLASSESCLASSES.CREATE TABLE CLASSES (...ID INTEGER NOT NULL,...NAME VARCHAR(255) NOT NULL,...NAME_LOWER VARC...D;...87...+,.

                                                          C:\Program Files\Wildix\WIService\wildix.ico

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:MS Windows icon resource - 13 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
                                                          Category:dropped
                                                          Size (bytes):99667
                                                          Entropy (8bit):6.776502745804188
                                                          Encrypted:false
                                                          SSDEEP:3072:RcfWrQG1GFkTvQnKKjRCFpgqmKN5+x3pJY:ufct1GF9n6FKqmrx3pi
                                                          MD5:8F898251C85EE83FE4CEF753AD127FEE
                                                          SHA1:965419910C1929CF695C530456950616B85596C5
                                                          SHA-256:31DEE18EA1C5E7723DB0C13C630517963E79930474B275322A0CDE686C5953B5
                                                          SHA-512:4397158E3EBA45B7CD27E931F353D72042B154416036874824CC1469FA9D533C4E67B7ED81A0A9EDB480F667A9716AE999D54B3F36EA1375344BB0E944AC8102
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:...... ......................(.......00.............. ......................h...6......... .-....!..@@.... .(B......00.... ..%......((.... .h....E.. .... ......`........ ......p........ .....3z........ .h......(... ...@...........................................................................................................................................................................`....o...................o...l..........lo....................o..........................................h....h....................................o...o...........o...............o...............o...........................o..........................l.......................`...............o.....h....|.....................................o..........................`......................h................h.................|g......................?...................................................................................................?............(....... .................................

                                                          C:\Program Files\Wildix\WIService\wiservice.exe

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):14324528
                                                          Entropy (8bit):6.640223576390063
                                                          Encrypted:false
                                                          SSDEEP:196608:ACEAHJqOXlWDYo49F80LRHb3g337RBALDddUev5:ARQ1Hd9F80LRqRqLDnUev5
                                                          MD5:C66742153E3B6174EE1B9E50F71EB1D2
                                                          SHA1:3BFDE518051ED595303DCF59E0AB7121259FD514
                                                          SHA-256:91259558287A610203F852DBBF69AC380B97ED32CC9E528074D57F8221148DE1
                                                          SHA-512:6BB36EDAAF0BA1EDF737FA741AE25589C3246C29977AF47329BF9C755ED2FB4456BF0F620415E81670CBABAFF5C35022C19A2490F725ECFCD33B1514DB34D8B5
                                                          Malicious:true
                                                          Reputation:unknown
                                                          Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........x.m...m...m.......m..(....m.....m.......m.......m.......m.......m.......m.......m...m...h...m...m..Q...ko..Q....l..Q....m..Q..m...m...m..Q....m..Rich.m..........................PE..d.....b.........."...........E................@.....................................L....`.....................................................p.... ..`....p.......j..0)......$.......p.......................(...0...8................$...........................text............................... ..`.rdata...z0......|0.................@..@.data... A... ...4..................@....pdata.......p.......@..............@..@.rsrc...`.... ......................@..@.reloc..$...........................@..B........................................................................................................................................................................................

                                                          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIService\Uninstall.lnk

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed Aug 10 09:12:36 2022, mtime=Tue Sep 20 08:31:55 2022, atime=Wed Aug 10 09:12:36 2022, length=158960, window=hide
                                                          Category:dropped
                                                          Size (bytes):1955
                                                          Entropy (8bit):3.4319362581272777
                                                          Encrypted:false
                                                          SSDEEP:24:8I8GdyY+DGmKZXEyAeFhdahidVdahBufdahR7eQeMBm:8idMDGm+EReFhdahidVdahB2dahoLu
                                                          MD5:2ED92D20C09E816B3F59C334EC469F83
                                                          SHA1:D25E315F82D7D7EEB38BE98F9D9AA9EA05720A01
                                                          SHA-256:CC3C6C650E9B2DB2566DE7520C8DA6A42815D757DB81469C3AA80324894ABA40
                                                          SHA-512:080EBE7D0B36400E7830326BA3E97615454B13EEB1E245D1F3740B72ADA4052070366968DA033047A66D2229539E801F66F27B02A11771B4B6317D43B2D5B6BE
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:L..................F.@.. ............C...............l...........................P.O. .:i.....+00.../C:\.....................1.....4U.K..PROGRA~1..t......L.4U.K....E...............J......U..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....4U.K..Wildix..>......4U.K4U.K..........................j.".W.i.l.d.i.x.....\.1.....4U.K..WISERV~1..D......4U.K4U.K............................M.W.I.S.e.r.v.i.c.e.....z.2..l...U.Q .UNINST~1.EXE..^.......U.Q4U.K..............................U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e.......g...............-.......f.............=}.....C:\Program Files\Wildix\WIService\UninstallWIService.exe..J.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.\.U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.8.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.\.U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e...

                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RegAsm.exe.log

                                                          Download File
                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):42
                                                          Entropy (8bit):4.0050635535766075
                                                          Encrypted:false
                                                          SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                          MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                          SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                          SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                          SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                                          C:\Users\user\AppData\Local\Temp\nsrBAB6.tmp\System.dll

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):11776
                                                          Entropy (8bit):5.854901984552606
                                                          Encrypted:false
                                                          SSDEEP:192:qPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4U:F7VpNo8gmOyRsVc4
                                                          MD5:0063D48AFE5A0CDC02833145667B6641
                                                          SHA1:E7EB614805D183ECB1127C62DECB1A6BE1B4F7A8
                                                          SHA-256:AC9DFE3B35EA4B8932536ED7406C29A432976B685CC5322F94EF93DF920FEDE7
                                                          SHA-512:71CBBCAEB345E09306E368717EA0503FE8DF485BE2E95200FEBC61BCD8BA74FB4211CD263C232F148C0123F6C6F2E3FD4EA20BDECC4070F5208C35C6920240F0
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L......]...........!..... ..........!).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..|....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Local\Temp\nsrBAB6.tmp\modern-header.bmp

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PC bitmap, Windows 3.x format, 165 x 57 x 24
                                                          Category:dropped
                                                          Size (bytes):28326
                                                          Entropy (8bit):2.5710862958427496
                                                          Encrypted:false
                                                          SSDEEP:192:R5ZzmIhanXqiRFlbiRoXt7m4ju119MiieiK35JW0U1JIhuauz3A:R5Zz5QX1FtiRytSEu9Miiq5JW9IhuBQ
                                                          MD5:EE5DCD5040C0616D92FA8E7A3344D455
                                                          SHA1:D2A13B9E9965C99E9637FFE0CFDC54A791B0944D
                                                          SHA-256:DAA94974E168B4D92C281BA0B774390C9E052833926E22929CD5A4569A0ECB97
                                                          SHA-512:23CB22368B444E00EE5EAC5D86427801312550A1ACDF5652756A88205A32E862D9D636877323AA6503DA660107305036AFE7E7C79B9586160362E50AD138DB68
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:BM.n......6...(.......9...........pn....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Local\Temp\nsrBAB6.tmp\modern-wizard.bmp

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4
                                                          Category:dropped
                                                          Size (bytes):26494
                                                          Entropy (8bit):1.9568109962493656
                                                          Encrypted:false
                                                          SSDEEP:24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
                                                          MD5:CBE40FD2B1EC96DAEDC65DA172D90022
                                                          SHA1:366C216220AA4329DFF6C485FD0E9B0F4F0A7944
                                                          SHA-256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
                                                          SHA-512:62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

                                                          C:\Users\user\AppData\Local\Temp\nsrBAB6.tmp\nsExec.dll

                                                          Download File
                                                          Process:C:\Users\user\Desktop\SetupWIService.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):6656
                                                          Entropy (8bit):5.150852446596736
                                                          Encrypted:false
                                                          SSDEEP:96:4BNbUVOFvfcxEAxxxJzxLp+eELeoMEskzYzeHd0+uoyVeNSsX4:EUVOFvf9ABJFHE+FkEad0PLVeN
                                                          MD5:293165DB1E46070410B4209519E67494
                                                          SHA1:777B96A4F74B6C34D43A4E7C7E656757D1C97F01
                                                          SHA-256:49B7477DB8DD22F8CF2D41EE2D79CE57797F02E8C7B9E799951A6C710384349A
                                                          SHA-512:97012139F2DA5868FE8731C0B0BCB3CFDA29ED10C2E6E2336B504480C9CD9FB8F4728CCA23F1E0BD577D75DAA542E59F94D1D341F4E8AAEEBC7134BF61288C19
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........PE..L......]...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\Wildix\WIService\wiscfg.txt

                                                          Download File
                                                          Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):38
                                                          Entropy (8bit):3.8924071185928772
                                                          Encrypted:false
                                                          SSDEEP:3:z0Nc4Ac+q:wNcLc+q
                                                          MD5:79BC2DAD2D6C0232998EF454D71C4DBD
                                                          SHA1:6A026317AC5B65340BA4F744E7DE9631EA25D504
                                                          SHA-256:19C594461EC7DE3526592D1666788F41B5286995BD1BCAE55D05E84714531E1A
                                                          SHA-512:E8BDEF565DB12684DEAC6E98875419056A7BA790228720D87338913C2D871187493AAAC1F8267CC91EE43102419EB8A7792D256C2E89703707C4F0AC89248B78
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:websocket:8888;lotus:9901;oiwss:8888..

                                                          C:\Users\user\AppData\Roaming\Wildix\WIService\wissettings.json

                                                          Download File
                                                          Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                          File Type:ASCII text
                                                          Category:dropped
                                                          Size (bytes):398
                                                          Entropy (8bit):4.830856929833642
                                                          Encrypted:false
                                                          SSDEEP:12:Jh0vpUU2JEGtUwXzkQvoW4VKuYpypp8K5i:JMZWDkQvA8Ji8K8
                                                          MD5:E73256560AEC1A40FB2E71D96B632F4A
                                                          SHA1:62C9759BC34306910775C6E2F45F6B1440653273
                                                          SHA-256:103EA7703C2B315F88E0C5EC0234DD85BA5B0833765F402981DE777E9AAFC8C3
                                                          SHA-512:91C1E0ECA2DA96D05AE28B7F673EAA60BD4FCCB23147437FE34A37248C80B186B294E82B2F841D36DE865E5E649AC18D0238A85F670C21CB6BC983B943E51BF9
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:{. "activityDetection": {. "enable": false,. "interval": 0. },. "activity_detection_force_disable": false,. "authorizedApps": {},. "connection_issue": "none",. "ext": "",. "feedbackEmail": "",. "garbage_lifespan_days": 14,. "http_max_threads": 4,. "log_level": "info",. "log_max_kb": 10240,. "log_str": "c7cf40aa-1413-4854-9a93-d09041e8b8d3",. "pbx": "",. "setIconTryCount": 0.}

                                                          C:\Users\user\AppData\Roaming\Wildix\WIService\wissettings.json.backup

                                                          Download File
                                                          Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                          File Type:ASCII text
                                                          Category:dropped
                                                          Size (bytes):398
                                                          Entropy (8bit):4.830856929833642
                                                          Encrypted:false
                                                          SSDEEP:12:Jh0vpUU2JEGtUwXzkQvoW4VKuYpypp8K5i:JMZWDkQvA8Ji8K8
                                                          MD5:E73256560AEC1A40FB2E71D96B632F4A
                                                          SHA1:62C9759BC34306910775C6E2F45F6B1440653273
                                                          SHA-256:103EA7703C2B315F88E0C5EC0234DD85BA5B0833765F402981DE777E9AAFC8C3
                                                          SHA-512:91C1E0ECA2DA96D05AE28B7F673EAA60BD4FCCB23147437FE34A37248C80B186B294E82B2F841D36DE865E5E649AC18D0238A85F670C21CB6BC983B943E51BF9
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:{. "activityDetection": {. "enable": false,. "interval": 0. },. "activity_detection_force_disable": false,. "authorizedApps": {},. "connection_issue": "none",. "ext": "",. "feedbackEmail": "",. "garbage_lifespan_days": 14,. "http_max_threads": 4,. "log_level": "info",. "log_max_kb": 10240,. "log_str": "c7cf40aa-1413-4854-9a93-d09041e8b8d3",. "pbx": "",. "setIconTryCount": 0.}

                                                          C:\Windows\System32\drivers\etc\hosts

                                                          Download File
                                                          Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                          File Type:ASCII text, with CRLF, LF line terminators
                                                          Category:modified
                                                          Size (bytes):857
                                                          Entropy (8bit):4.712765723284222
                                                          Encrypted:false
                                                          SSDEEP:24:QWDZh+ragzMZfuMMs1L/JU5fFCkK8T1rTto:vDZhyoZWM9rU5fFcr
                                                          MD5:9AC77B45979A66F73EDB70B72908A616
                                                          SHA1:8B22CFA695F10D31B8300C06790B728A4E209324
                                                          SHA-256:A7777E702D4BEAD5529BFC2D026BFA2088BB64A5504DAFB57EF308CE92469E20
                                                          SHA-512:C01644C1C13F7126ED455D76A63CD3CEEB314D74265256B07AC7120F6DA512B1B632D4F21167B9E8C7AD106F75D1F20809A7B129BE6871441F8F3FF6A390CFFF
                                                          Malicious:true
                                                          Reputation:unknown
                                                          Preview:# Copyright (c) 1993-2009 Microsoft Corp...#..# This is a sample HOSTS file used by Microsoft TCP/IP for Windows...#..# This file contains the mappings of IP addresses to host names. Each..# entry should be kept on an individual line. The IP address should..# be placed in the first column followed by the corresponding host name...# The IP address and the host name should be separated by at least one..# space...#..# Additionally, comments (such as these) may be inserted on individual..# lines or following the machine name denoted by a '#' symbol...#..# For example:..#..# 102.54.94.97 rhino.acme.com # source server..# 38.25.63.10 x.acme.com # x client host....# localhost name resolution is handled within DNS itself...#.127.0.0.1 localhost..#.::1 localhost...127.0.0.1..wildixintegration.eu.

                                                          C:\Windows\System32\spool\drivers\x64\3\New\imgprint.gpd

                                                          Download File
                                                          Process:C:\Windows\System32\spoolsv.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):7996
                                                          Entropy (8bit):5.128824009655858
                                                          Encrypted:false
                                                          SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                          MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                          SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                          SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                          SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                          C:\Windows\System32\spool\drivers\x64\3\New\stddtype.gdl

                                                          Download File
                                                          Process:C:\Windows\System32\spoolsv.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):23812
                                                          Entropy (8bit):5.102231290969022
                                                          Encrypted:false
                                                          SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                          MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                          SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                          SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                          SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                          C:\Windows\System32\spool\drivers\x64\3\New\stdnames.gpd

                                                          Download File
                                                          Process:C:\Windows\System32\spoolsv.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):14362
                                                          Entropy (8bit):4.18034476253744
                                                          Encrypted:false
                                                          SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                          MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                          SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                          SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                          SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                          C:\Windows\System32\spool\drivers\x64\3\New\stdschem.gdl

                                                          Download File
                                                          Process:C:\Windows\System32\spoolsv.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):59116
                                                          Entropy (8bit):5.051886370413466
                                                          Encrypted:false
                                                          SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                          MD5:FC574EB0EAAF6A806F6488673154F91F
                                                          SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                          SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                          SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                          C:\Windows\System32\spool\drivers\x64\3\New\stdschmx.gdl

                                                          Download File
                                                          Process:C:\Windows\System32\spoolsv.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2278
                                                          Entropy (8bit):4.581866117244519
                                                          Encrypted:false
                                                          SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                          MD5:932F57E78976810729855CD1B5CCD8EF
                                                          SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                          SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                          SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                          C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dll

                                                          Download File
                                                          Process:C:\Windows\System32\spoolsv.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):531760
                                                          Entropy (8bit):6.367903460100957
                                                          Encrypted:false
                                                          SSDEEP:12288:PTIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTzOO/:PUJ/Cq2IT/PiP4dapV7LDiK
                                                          MD5:16F86997F1BD8CDE8524DD35DA677E7D
                                                          SHA1:F0930CB7D4CA6F4A7770A3BF037EB9B981F79F95
                                                          SHA-256:F9F4F52C5B5C2EE59E3A6E11214F5E3599D6C5499B61C5009456BE20E95278F8
                                                          SHA-512:FA688BC3F04BBE4876C2720E7484D8BE7C125AB619A666E86A813F2F0946D79BCF1355D9CD9CF31AE3B8FA5E41EAE54A319ED0C1F501A68336BD652D76BB1740
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0......b.....`.........................................Xp......X....................K......0)... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                          C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dll

                                                          Download File
                                                          Process:C:\Windows\System32\spoolsv.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):919344
                                                          Entropy (8bit):5.989910938073557
                                                          Encrypted:false
                                                          SSDEEP:12288:tH0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+MX:t7Hdv3DyfhP2QgYPwo3ArgX
                                                          MD5:871B629F8F6B87CDEDCA5227F46105A2
                                                          SHA1:5DA2291D6904CF1AEDB187FB05EA5D44ECB0D4DA
                                                          SHA-256:A52F712705D4D67FD8B1084353CE27810DBCD01737041882D172F0CE21C5478C
                                                          SHA-512:F42F8D745501242501CC1CA4C2CE7DBC9104F136FD9FD4781A8A132A2A67EB51D5C58F5D67635D8CA5F94CC516CE5D60BAD50E245A85504817FDC409C58CF321
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ ............`.........................................._..{...............H........1......0)..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                          C:\Windows\System32\spool\drivers\x64\3\New\unires.dll

                                                          Download File
                                                          Process:C:\Windows\System32\spoolsv.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):856368
                                                          Entropy (8bit):5.595317302196895
                                                          Encrypted:false
                                                          SSDEEP:12288:h9aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLhx:LaBEGbL4Np84TQazCSiRhx
                                                          MD5:CCED2F361AA9D3858710FEF19C11EBA6
                                                          SHA1:BB718E984F2F0AAD96C2C50862CEA7A00663FD5B
                                                          SHA-256:492B990879411715AEC292B3730629C55AFB5490CEE7197DF71B0038294E9A1C
                                                          SHA-512:C784EB5F64C75CC0DD77180214A4D707C3A5EDA837064738DF12F68E8515903025461E6069E636B171992BFBD72022F3F7F076D7BAEFE863BC47DE1DF5245A25
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." ......................................................................`.............................................................0...............0)...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                          C:\Windows\System32\spool\drivers\x64\3\imgprint.BUD

                                                          Download File
                                                          Process:C:\Windows\System32\spoolsv.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):19336
                                                          Entropy (8bit):4.312288104152102
                                                          Encrypted:false
                                                          SSDEEP:192:7mXKNT6+Y9QeSU83XGtzdHeQhlJqeB+Pu7HnjtoX2PSuNip:T6+LU832tzd+pM+Pu7HGX2quNu
                                                          MD5:115996B67784E69002E510C37A308236
                                                          SHA1:DBF83174EAE0610626B5E45663B18477255DEA99
                                                          SHA-256:296209C0B41ECE97A7474648C5357D61F0BD7F46DE42598C50A1C48CAA31FD57
                                                          SHA-512:E483C52DC80CEBCEFC277890D2C2AF83B1232716628260AA302229B4EB623A8D77D32DE4ADB039C424F3AE3DB2871DF1370E12718CB3EDD628250CEB3EA4C4B5
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:.K.. DPGr...ta..I..)........................................z........... ...........................c.......@...J........$..4........)...........+..:........-...........-...........-...........-...........-...........6...........6...........6...........6...........6...........7...........WINNT_40.WINNT_50.WINNT_51.WINNT_60.PARSER_VER_1.0.C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.s.p.o.o.l.\.D.R.I.V.E.R.S.\.x.6.4.\.3.\.i.m.g.p.r.i.n.t...g.p.d...StdNames.gpdC.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.s.p.o.o.l.\.D.R.I.V.E.R.S.\.x.6.4.\.3.\.S.t.d.N.a.m.e.s...g.p.d...ORIENTATION_DISPLAY.PAPER_SIZE_DISPLAY.PAPER_SOURCE_DISPLAY.RESOLUTION_DISPLAY.MEDIA_TYPE_DISPLAY.TEXT_QUALITY_DISPLAY.COLOR_PRINTING_MODE_DISPLAY.PRINTER_MEMORY_DISPLAY.TWO_SIDED_PRINTING_DISPLAY.PAGE_PROTECTION_DISPLAY.HALFTONING_DISPLAY.OUTPUTBIN_DISPLAY.IMAGECONTROL_DISPLAY.PRINTDENSITY_DISPLAY.GRAPHICSMODE_DISPLAY.TEXTHALFTONE_DISPLAY.GRAPHICSHALFTONE_DISPLAY.PHOTOHALFTONE_DISPLAY.RCID_DMPAPER_SYSTEM_NAME.LETTER_DISPLAY.LETTERS

                                                          C:\Windows\System32\spool\drivers\x64\imgprint.gpd

                                                          Download File
                                                          Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):7996
                                                          Entropy (8bit):5.128824009655858
                                                          Encrypted:false
                                                          SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                          MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                          SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                          SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                          SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                          C:\Windows\System32\spool\drivers\x64\stddtype.gdl

                                                          Download File
                                                          Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):23812
                                                          Entropy (8bit):5.102231290969022
                                                          Encrypted:false
                                                          SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                          MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                          SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                          SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                          SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                          C:\Windows\System32\spool\drivers\x64\stdnames.gpd

                                                          Download File
                                                          Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):14362
                                                          Entropy (8bit):4.18034476253744
                                                          Encrypted:false
                                                          SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                          MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                          SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                          SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                          SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                          C:\Windows\System32\spool\drivers\x64\stdschem.gdl

                                                          Download File
                                                          Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):59116
                                                          Entropy (8bit):5.051886370413466
                                                          Encrypted:false
                                                          SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                          MD5:FC574EB0EAAF6A806F6488673154F91F
                                                          SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                          SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                          SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                          C:\Windows\System32\spool\drivers\x64\stdschmx.gdl

                                                          Download File
                                                          Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2278
                                                          Entropy (8bit):4.581866117244519
                                                          Encrypted:false
                                                          SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                          MD5:932F57E78976810729855CD1B5CCD8EF
                                                          SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                          SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                          SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                          C:\Windows\System32\spool\drivers\x64\unidrv.dll

                                                          Download File
                                                          Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):531760
                                                          Entropy (8bit):6.367903460100957
                                                          Encrypted:false
                                                          SSDEEP:12288:PTIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTzOO/:PUJ/Cq2IT/PiP4dapV7LDiK
                                                          MD5:16F86997F1BD8CDE8524DD35DA677E7D
                                                          SHA1:F0930CB7D4CA6F4A7770A3BF037EB9B981F79F95
                                                          SHA-256:F9F4F52C5B5C2EE59E3A6E11214F5E3599D6C5499B61C5009456BE20E95278F8
                                                          SHA-512:FA688BC3F04BBE4876C2720E7484D8BE7C125AB619A666E86A813F2F0946D79BCF1355D9CD9CF31AE3B8FA5E41EAE54A319ED0C1F501A68336BD652D76BB1740
                                                          Malicious:true
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0......b.....`.........................................Xp......X....................K......0)... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                          C:\Windows\System32\spool\drivers\x64\unidrvui.dll

                                                          Download File
                                                          Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):919344
                                                          Entropy (8bit):5.989910938073557
                                                          Encrypted:false
                                                          SSDEEP:12288:tH0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+MX:t7Hdv3DyfhP2QgYPwo3ArgX
                                                          MD5:871B629F8F6B87CDEDCA5227F46105A2
                                                          SHA1:5DA2291D6904CF1AEDB187FB05EA5D44ECB0D4DA
                                                          SHA-256:A52F712705D4D67FD8B1084353CE27810DBCD01737041882D172F0CE21C5478C
                                                          SHA-512:F42F8D745501242501CC1CA4C2CE7DBC9104F136FD9FD4781A8A132A2A67EB51D5C58F5D67635D8CA5F94CC516CE5D60BAD50E245A85504817FDC409C58CF321
                                                          Malicious:true
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ ............`.........................................._..{...............H........1......0)..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                          C:\Windows\System32\spool\drivers\x64\unires.dll

                                                          Download File
                                                          Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):856368
                                                          Entropy (8bit):5.595317302196895
                                                          Encrypted:false
                                                          SSDEEP:12288:h9aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLhx:LaBEGbL4Np84TQazCSiRhx
                                                          MD5:CCED2F361AA9D3858710FEF19C11EBA6
                                                          SHA1:BB718E984F2F0AAD96C2C50862CEA7A00663FD5B
                                                          SHA-256:492B990879411715AEC292B3730629C55AFB5490CEE7197DF71B0038294E9A1C
                                                          SHA-512:C784EB5F64C75CC0DD77180214A4D707C3A5EDA837064738DF12F68E8515903025461E6069E636B171992BFBD72022F3F7F076D7BAEFE863BC47DE1DF5245A25
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." ......................................................................`.............................................................0...............0)...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                          C:\Windows\System32\wfaxport.dll

                                                          Download File
                                                          Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):357680
                                                          Entropy (8bit):6.332745772607795
                                                          Encrypted:false
                                                          SSDEEP:6144:PAcN1/tmU72EHcfmSBX/jR+vTqxqh4Gv4VCH+Jkgk7:HPmfmSBXrQvr97
                                                          MD5:384B0FBEC35D5D101DD92BCAA3EFA18A
                                                          SHA1:202128FFBE8D086F6CB0C870FC3B3C32A8B7B3ED
                                                          SHA-256:EF6EF3F750E8718D8F810EBF7C45B3209375F701C853265ADDF944E96DE87DBF
                                                          SHA-512:66B97BE9382A919686FF1B1DFCB6167AA264B7C4CE6B7D9D9E67A2C8E6C9F47C47ED65A84BBA3B2CAE7A462F62E743C42A8D52A2E5D744BAF971FD2201B1430C
                                                          Malicious:true
                                                          Reputation:unknown
                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........={..\..\..\..$..\..1-..\...)..\...)..\...)..\...)..\..7..\..7..\..7..\..\..@]..H)..\..H)..\..H)..\..H)..\..H)..\..Rich.\..................PE..d......b.........." .................e...............................................]....`.............................................p...p...|....p..h....0...8...L..0)......x.......T.......................(...p...8............................................text............................... ..`.rdata...&.......(..................@..@.data....D.......<..................@....pdata...8...0...:..................@..@.rsrc...h....p.......@..............@..@.reloc..x............D..............@..B................................................................................................................................................................................................................

                                                          C:\Windows\system32\spool\DRIVERS\x64\3\imgprint.gpd (copy)

                                                          Download File
                                                          Process:C:\Windows\System32\spoolsv.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):7996
                                                          Entropy (8bit):5.128824009655858
                                                          Encrypted:false
                                                          SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                          MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                          SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                          SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                          SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                          C:\Windows\system32\spool\drivers\x64\3\stddtype.gdl (copy)

                                                          Download File
                                                          Process:C:\Windows\System32\spoolsv.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):23812
                                                          Entropy (8bit):5.102231290969022
                                                          Encrypted:false
                                                          SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                          MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                          SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                          SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                          SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                          C:\Windows\system32\spool\drivers\x64\3\stdnames.gpd (copy)

                                                          Download File
                                                          Process:C:\Windows\System32\spoolsv.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):14362
                                                          Entropy (8bit):4.18034476253744
                                                          Encrypted:false
                                                          SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                          MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                          SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                          SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                          SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                          C:\Windows\system32\spool\drivers\x64\3\stdschem.gdl (copy)

                                                          Download File
                                                          Process:C:\Windows\System32\spoolsv.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):59116
                                                          Entropy (8bit):5.051886370413466
                                                          Encrypted:false
                                                          SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                          MD5:FC574EB0EAAF6A806F6488673154F91F
                                                          SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                          SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                          SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                          C:\Windows\system32\spool\drivers\x64\3\stdschmx.gdl (copy)

                                                          Download File
                                                          Process:C:\Windows\System32\spoolsv.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2278
                                                          Entropy (8bit):4.581866117244519
                                                          Encrypted:false
                                                          SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                          MD5:932F57E78976810729855CD1B5CCD8EF
                                                          SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                          SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                          SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                          C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)

                                                          Download File
                                                          Process:C:\Windows\System32\spoolsv.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):531760
                                                          Entropy (8bit):6.367903460100957
                                                          Encrypted:false
                                                          SSDEEP:12288:PTIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTzOO/:PUJ/Cq2IT/PiP4dapV7LDiK
                                                          MD5:16F86997F1BD8CDE8524DD35DA677E7D
                                                          SHA1:F0930CB7D4CA6F4A7770A3BF037EB9B981F79F95
                                                          SHA-256:F9F4F52C5B5C2EE59E3A6E11214F5E3599D6C5499B61C5009456BE20E95278F8
                                                          SHA-512:FA688BC3F04BBE4876C2720E7484D8BE7C125AB619A666E86A813F2F0946D79BCF1355D9CD9CF31AE3B8FA5E41EAE54A319ED0C1F501A68336BD652D76BB1740
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0......b.....`.........................................Xp......X....................K......0)... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                          C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)

                                                          Download File
                                                          Process:C:\Windows\System32\spoolsv.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):919344
                                                          Entropy (8bit):5.989910938073557
                                                          Encrypted:false
                                                          SSDEEP:12288:tH0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+MX:t7Hdv3DyfhP2QgYPwo3ArgX
                                                          MD5:871B629F8F6B87CDEDCA5227F46105A2
                                                          SHA1:5DA2291D6904CF1AEDB187FB05EA5D44ECB0D4DA
                                                          SHA-256:A52F712705D4D67FD8B1084353CE27810DBCD01737041882D172F0CE21C5478C
                                                          SHA-512:F42F8D745501242501CC1CA4C2CE7DBC9104F136FD9FD4781A8A132A2A67EB51D5C58F5D67635D8CA5F94CC516CE5D60BAD50E245A85504817FDC409C58CF321
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ ............`.........................................._..{...............H........1......0)..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                          C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)

                                                          Download File
                                                          Process:C:\Windows\System32\spoolsv.exe
                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):856368
                                                          Entropy (8bit):5.595317302196895
                                                          Encrypted:false
                                                          SSDEEP:12288:h9aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLhx:LaBEGbL4Np84TQazCSiRhx
                                                          MD5:CCED2F361AA9D3858710FEF19C11EBA6
                                                          SHA1:BB718E984F2F0AAD96C2C50862CEA7A00663FD5B
                                                          SHA-256:492B990879411715AEC292B3730629C55AFB5490CEE7197DF71B0038294E9A1C
                                                          SHA-512:C784EB5F64C75CC0DD77180214A4D707C3A5EDA837064738DF12F68E8515903025461E6069E636B171992BFBD72022F3F7F076D7BAEFE863BC47DE1DF5245A25
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." ......................................................................`.............................................................0...............0)...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                          Static File Info

                                                          General

                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                          Entropy (8bit):7.9938288458310875
                                                          TrID:
                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                          • DOS Executable Generic (2002/1) 0.02%
                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                          File name:SetupWIService.exe
                                                          File size:11834040
                                                          MD5:141d46ba18a6fb07ac40b69a22fbbcbc
                                                          SHA1:f5da2877a28f5bc52d0b3d991308a5fa8e97a262
                                                          SHA256:e22b3ffcb9eb55e53b6a95d34433567ef5d16fe8459199896229c899ff8a72b8
                                                          SHA512:76e4fc48136cd360fe9880f12e4ff0f27af3406b81f929b5eafa359f48f5936a6b7007156953af7187575fc1b3ac3ffcece725b490828fb495a59f2c84a2c67b
                                                          SSDEEP:196608:S6q1keR6vsyc5QztJX3NimlY72Y+CMUHWijGEwB1LnrqJ38EtlqVvFJ7FfYhI4:SrTcvbvztdN90jWXE4VEfqxzpw
                                                          TLSH:69C6339814E1D525CF0E02B2B6640FAE2A837D4B8739DD45823B75DFF993983604A93F
                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.w.F.*.....F...v...F...@...F.Rich..F.........PE..L......].................d...|......k2............@

                                                          File Icon

                                                          Icon Hash:f0ecacadb296d470

                                                          Static PE Info

                                                          General

                                                          Entrypoint:0x40326b
                                                          Entrypoint Section:.text
                                                          Digitally signed:true
                                                          Imagebase:0x400000
                                                          Subsystem:windows gui
                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                          Time Stamp:0x5DF6D4F0 [Mon Dec 16 00:50:56 2019 UTC]
                                                          TLS Callbacks:
                                                          CLR (.Net) Version:
                                                          OS Version Major:4
                                                          OS Version Minor:0
                                                          File Version Major:4
                                                          File Version Minor:0
                                                          Subsystem Version Major:4
                                                          Subsystem Version Minor:0
                                                          Import Hash:e9c0657252137ac61c1eeeba4c021000

                                                          Authenticode Signature

                                                          Signature Valid:true
                                                          Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                                          Signature Validation Error:The operation completed successfully
                                                          Error Number:0
                                                          Not Before, Not After
                                                          • 9/29/2021 2:00:00 AM 9/29/2024 1:59:59 AM
                                                          Subject Chain
                                                          • CN=Wildix EE OU, O=Wildix EE OU, S=Harjumaa, C=EE
                                                          Version:3
                                                          Thumbprint MD5:E55C37638C7C0FF8823DB33F19D887EC
                                                          Thumbprint SHA-1:FECCAC6BD522C81598A4C44307F6960E9C2DAE01
                                                          Thumbprint SHA-256:82CECC21617A201B0F87783A802716469AD2F6CA6725513168445AF20F9E732C
                                                          Serial:00C090271985B3889571FAD0EA7DF6AF45

                                                          Entrypoint Preview

                                                          Instruction
                                                          sub esp, 00000184h
                                                          push ebx
                                                          push esi
                                                          push edi
                                                          xor ebx, ebx
                                                          push 00008001h
                                                          mov dword ptr [esp+18h], ebx
                                                          mov dword ptr [esp+10h], 0040A198h
                                                          mov dword ptr [esp+20h], ebx
                                                          mov byte ptr [esp+14h], 00000020h
                                                          call dword ptr [004080A0h]
                                                          call dword ptr [0040809Ch]
                                                          and eax, BFFFFFFFh
                                                          cmp ax, 00000006h
                                                          mov dword ptr [0042F40Ch], eax
                                                          je 00007F5AC8D56533h
                                                          push ebx
                                                          call 00007F5AC8D5961Bh
                                                          cmp eax, ebx
                                                          je 00007F5AC8D56529h
                                                          push 00000C00h
                                                          call eax
                                                          mov esi, 00408298h
                                                          push esi
                                                          call 00007F5AC8D59597h
                                                          push esi
                                                          call dword ptr [00408098h]
                                                          lea esi, dword ptr [esi+eax+01h]
                                                          cmp byte ptr [esi], bl
                                                          jne 00007F5AC8D5650Dh
                                                          push 0000000Ah
                                                          call 00007F5AC8D595EFh
                                                          push 00000008h
                                                          call 00007F5AC8D595E8h
                                                          push 00000006h
                                                          mov dword ptr [0042F404h], eax
                                                          call 00007F5AC8D595DCh
                                                          cmp eax, ebx
                                                          je 00007F5AC8D56531h
                                                          push 0000001Eh
                                                          call eax
                                                          test eax, eax
                                                          je 00007F5AC8D56529h
                                                          or byte ptr [0042F40Fh], 00000040h
                                                          push ebp
                                                          call dword ptr [00408040h]
                                                          push ebx
                                                          call dword ptr [00408284h]
                                                          mov dword ptr [0042F4D8h], eax
                                                          push ebx
                                                          lea eax, dword ptr [esp+38h]
                                                          push 00000160h
                                                          push eax
                                                          push ebx
                                                          push 00429830h
                                                          call dword ptr [00408178h]
                                                          push 0040A188h

                                                          Rich Headers

                                                          Programming Language:
                                                          • [EXP] VC++ 6.0 SP5 build 8804

                                                          Data Directories

                                                          NameVirtual AddressVirtual Size Is in Section
                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x853c0xa0.rdata
                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x410000x191f8.rsrc
                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0xb469880x2930
                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IAT0x80000x294.rdata
                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                          Sections

                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                          .text0x10000x62ff0x6400False0.672421875data6.457821426487787IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                          .rdata0x80000x134a0x1400False0.459765625data5.238921057104071IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .data0xa0000x255180x600False0.4557291666666667data4.049203760121162IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .ndata0x300000x110000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .rsrc0x410000x191f80x19200False0.7030472636815921data6.749189154571692IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                          Resources

                                                          NameRVASizeTypeLanguageCountry
                                                          RT_ICON0x414000xbc2dPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                          RT_ICON0x4d0300x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 65279, next used block 4286513152EnglishUnited States
                                                          RT_ICON0x512580x25a8dataEnglishUnited States
                                                          RT_ICON0x538000x1a68dataEnglishUnited States
                                                          RT_ICON0x552680x10a8dataEnglishUnited States
                                                          RT_ICON0x563100xea8dataEnglishUnited States
                                                          RT_ICON0x571b80x988dataEnglishUnited States
                                                          RT_ICON0x57b400x8a8dataEnglishUnited States
                                                          RT_ICON0x583e80x6b8dataEnglishUnited States
                                                          RT_ICON0x58aa00x568GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                          RT_ICON0x590080x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                          RT_ICON0x594700x2e8dataEnglishUnited States
                                                          RT_ICON0x597580x128GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                          RT_DIALOG0x598800x200dataEnglishUnited States
                                                          RT_DIALOG0x59a800xf8dataEnglishUnited States
                                                          RT_DIALOG0x59b780xa0dataEnglishUnited States
                                                          RT_DIALOG0x59c180xeedataEnglishUnited States
                                                          RT_GROUP_ICON0x59d080xbcdataEnglishUnited States
                                                          RT_MANIFEST0x59dc80x42eXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                          Imports

                                                          DLLImport
                                                          KERNEL32.dllGetTempPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, Sleep, GetTickCount, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GetWindowsDirectoryA, SetFileAttributesA, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileTime, GetFileAttributesA, SetCurrentDirectoryA, MoveFileA, GetFullPathNameA, GetShortPathNameA, SearchPathA, CloseHandle, lstrcmpiA, CreateThread, GlobalLock, lstrcmpA, DeleteFileA, FindFirstFileA, FindNextFileA, FindClose, SetFilePointer, GetPrivateProfileStringA, WritePrivateProfileStringA, MulDiv, MultiByteToWideChar, FreeLibrary, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA
                                                          USER32.dllGetSystemMenu, SetClassLongA, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, LoadImageA, CreateDialogParamA, SetTimer, SetWindowTextA, SetForegroundWindow, ShowWindow, SetWindowLongA, SendMessageTimeoutA, FindWindowExA, IsWindow, AppendMenuA, TrackPopupMenu, CreatePopupMenu, DrawTextA, EndPaint, DestroyWindow, wsprintfA, PostQuitMessage
                                                          GDI32.dllSelectObject, SetTextColor, SetBkMode, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, GetDeviceCaps, SetBkColor
                                                          SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA
                                                          ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                          COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                          ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                          Possible Origin

                                                          Language of compilation systemCountry where language is spokenMap
                                                          EnglishUnited States

                                                          Network Behavior

                                                          Network Port Distribution

                                                          TCP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Sep 20, 2022 11:32:08.602711916 CEST49718443192.168.2.435.157.107.60
                                                          Sep 20, 2022 11:32:08.602762938 CEST4434971835.157.107.60192.168.2.4
                                                          Sep 20, 2022 11:32:08.602847099 CEST49718443192.168.2.435.157.107.60
                                                          Sep 20, 2022 11:32:08.624401093 CEST49718443192.168.2.435.157.107.60
                                                          Sep 20, 2022 11:32:08.624448061 CEST4434971835.157.107.60192.168.2.4
                                                          Sep 20, 2022 11:32:08.703825951 CEST4434971835.157.107.60192.168.2.4
                                                          Sep 20, 2022 11:32:08.704487085 CEST49718443192.168.2.435.157.107.60
                                                          Sep 20, 2022 11:32:08.704540014 CEST4434971835.157.107.60192.168.2.4
                                                          Sep 20, 2022 11:32:08.705744028 CEST4434971835.157.107.60192.168.2.4
                                                          Sep 20, 2022 11:32:08.705851078 CEST49718443192.168.2.435.157.107.60
                                                          Sep 20, 2022 11:32:08.707039118 CEST49718443192.168.2.435.157.107.60
                                                          Sep 20, 2022 11:32:08.707139015 CEST4434971835.157.107.60192.168.2.4
                                                          Sep 20, 2022 11:32:08.707429886 CEST49718443192.168.2.435.157.107.60
                                                          Sep 20, 2022 11:32:08.707462072 CEST4434971835.157.107.60192.168.2.4
                                                          Sep 20, 2022 11:32:08.795644999 CEST4434971835.157.107.60192.168.2.4
                                                          Sep 20, 2022 11:32:08.795759916 CEST49718443192.168.2.435.157.107.60
                                                          Sep 20, 2022 11:32:08.874676943 CEST49718443192.168.2.435.157.107.60
                                                          Sep 20, 2022 11:32:08.874706030 CEST4434971835.157.107.60192.168.2.4
                                                          Sep 20, 2022 11:32:12.040241003 CEST49719443192.168.2.435.157.107.60
                                                          Sep 20, 2022 11:32:12.040309906 CEST4434971935.157.107.60192.168.2.4
                                                          Sep 20, 2022 11:32:12.041477919 CEST49719443192.168.2.435.157.107.60
                                                          Sep 20, 2022 11:32:12.042939901 CEST49719443192.168.2.435.157.107.60
                                                          Sep 20, 2022 11:32:12.042979956 CEST4434971935.157.107.60192.168.2.4
                                                          Sep 20, 2022 11:32:12.084361076 CEST4434971935.157.107.60192.168.2.4
                                                          Sep 20, 2022 11:32:12.084964991 CEST49719443192.168.2.435.157.107.60
                                                          Sep 20, 2022 11:32:12.085017920 CEST4434971935.157.107.60192.168.2.4
                                                          Sep 20, 2022 11:32:12.088393927 CEST4434971935.157.107.60192.168.2.4
                                                          Sep 20, 2022 11:32:12.088557005 CEST49719443192.168.2.435.157.107.60
                                                          Sep 20, 2022 11:32:12.089741945 CEST49719443192.168.2.435.157.107.60
                                                          Sep 20, 2022 11:32:12.089879990 CEST49719443192.168.2.435.157.107.60
                                                          Sep 20, 2022 11:32:12.089898109 CEST4434971935.157.107.60192.168.2.4
                                                          Sep 20, 2022 11:32:12.089972973 CEST4434971935.157.107.60192.168.2.4
                                                          Sep 20, 2022 11:32:12.169572115 CEST4434971935.157.107.60192.168.2.4
                                                          Sep 20, 2022 11:32:12.169689894 CEST49719443192.168.2.435.157.107.60
                                                          Sep 20, 2022 11:32:12.498193026 CEST49719443192.168.2.435.157.107.60
                                                          Sep 20, 2022 11:32:12.498231888 CEST4434971935.157.107.60192.168.2.4

                                                          UDP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Sep 20, 2022 11:32:08.481585979 CEST6112453192.168.2.48.8.8.8
                                                          Sep 20, 2022 11:32:08.505237103 CEST53611248.8.8.8192.168.2.4
                                                          Sep 20, 2022 11:32:12.005795002 CEST5944453192.168.2.48.8.8.8
                                                          Sep 20, 2022 11:32:12.025585890 CEST53594448.8.8.8192.168.2.4

                                                          DNS Queries

                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                          Sep 20, 2022 11:32:08.481585979 CEST192.168.2.48.8.8.80xb71cStandard query (0)feedback.wildix.comA (IP address)IN (0x0001)false
                                                          Sep 20, 2022 11:32:12.005795002 CEST192.168.2.48.8.8.80x2e9fStandard query (0)feedback.wildix.comA (IP address)IN (0x0001)false

                                                          DNS Answers

                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                          Sep 20, 2022 11:32:08.505237103 CEST8.8.8.8192.168.2.40xb71cNo error (0)feedback.wildix.com35.157.107.60A (IP address)IN (0x0001)false
                                                          Sep 20, 2022 11:32:08.505237103 CEST8.8.8.8192.168.2.40xb71cNo error (0)feedback.wildix.com52.57.145.52A (IP address)IN (0x0001)false
                                                          Sep 20, 2022 11:32:12.025585890 CEST8.8.8.8192.168.2.40x2e9fNo error (0)feedback.wildix.com35.157.107.60A (IP address)IN (0x0001)false
                                                          Sep 20, 2022 11:32:12.025585890 CEST8.8.8.8192.168.2.40x2e9fNo error (0)feedback.wildix.com52.57.145.52A (IP address)IN (0x0001)false

                                                          HTTP Request Dependency Graph

                                                          • feedback.wildix.com

                                                          HTTPS Proxied Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          0192.168.2.44971835.157.107.60443C:\Program Files\Wildix\WIService\wiservice.exe
                                                          TimestampkBytes transferredDirectionData
                                                          2022-09-20 09:32:08 UTC0OUTPOST /api/v1/Analytics/wiservice HTTP/1.1
                                                          Host: feedback.wildix.com
                                                          Accept: */*
                                                          Content-Length: 404
                                                          Content-Type: application/x-www-form-urlencoded
                                                          2022-09-20 09:32:08 UTC0OUTData Raw: 65 76 65 6e 74 3d 77 69 53 65 72 76 69 63 65 53 74 61 72 74 65 64 26 64 61 74 61 3d 7b 22 61 70 70 4e 61 6d 65 22 3a 22 77 69 73 65 72 76 69 63 65 22 2c 22 61 75 74 6f 55 70 64 61 74 65 22 3a 22 64 69 73 61 62 6c 65 64 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 33 2e 39 2e 31 2e 31 22 7d 26 63 6f 6e 74 65 78 74 3d 7b 22 65 78 74 65 6e 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 65 72 22 3a 22 65 78 65 22 2c 22 6d 61 63 68 69 6e 65 49 64 22 3a 22 22 2c 22 6d 65 73 73 61 67 65 49 64 22 3a 22 32 66 35 34 30 64 34 34 2d 61 30 30 66 2d 34 61 33 30 2d 38 63 39 33 2d 63 62 65 61 31 39 33 38 38 34 31 31 22 2c 22 6f 73 22 3a 22 57 69 6e 64 6f 77 73 5f 4e 54 22 2c 22 6f 73 42 69 74 73 22 3a 22 36 34 62 69 74 22 2c 22 6f 73 42 75 69 6c 64 22 3a 22 22 2c 22 6f 73
                                                          Data Ascii: event=wiServiceStarted&data={"appName":"wiservice","autoUpdate":"disabled","version":"3.9.1.1"}&context={"extension":"","installer":"exe","machineId":"","messageId":"2f540d44-a00f-4a30-8c93-cbea19388411","os":"Windows_NT","osBits":"64bit","osBuild":"","os
                                                          2022-09-20 09:32:08 UTC0INHTTP/1.1 200 OK
                                                          Date: Tue, 20 Sep 2022 09:32:08 GMT
                                                          Content-Type: text/html;charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          Server: nginx/1.16.1
                                                          Access-Control-Allow-Origin: *
                                                          Access-Control-Allow-Headers: accept, authorization, content-type
                                                          Access-Control-Allow-Credentials: true
                                                          P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
                                                          2022-09-20 09:32:08 UTC0INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          1192.168.2.44971935.157.107.60443C:\Program Files\Wildix\WIService\wiservice.exe
                                                          TimestampkBytes transferredDirectionData
                                                          2022-09-20 09:32:12 UTC0OUTPOST /api/v1/Analytics/wiservice HTTP/1.1
                                                          Host: feedback.wildix.com
                                                          Accept: */*
                                                          Content-Length: 382
                                                          Content-Type: application/x-www-form-urlencoded
                                                          2022-09-20 09:32:12 UTC1OUTData Raw: 65 76 65 6e 74 3d 68 65 61 64 73 65 74 49 6e 74 65 67 72 61 74 69 6f 6e 43 6f 6e 6e 65 63 74 65 64 26 64 61 74 61 3d 7b 22 61 70 70 4e 61 6d 65 22 3a 22 68 65 61 64 73 65 74 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 22 7d 26 63 6f 6e 74 65 78 74 3d 7b 22 65 78 74 65 6e 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 65 72 22 3a 22 65 78 65 22 2c 22 6d 61 63 68 69 6e 65 49 64 22 3a 22 22 2c 22 6d 65 73 73 61 67 65 49 64 22 3a 22 30 32 65 33 30 36 36 66 2d 33 39 34 36 2d 34 33 65 62 2d 61 36 33 36 2d 36 36 36 32 38 30 36 63 34 30 36 30 22 2c 22 6f 73 22 3a 22 57 69 6e 64 6f 77 73 5f 4e 54 22 2c 22 6f 73 42 69 74 73 22 3a 22 36 34 62 69 74 22 2c 22 6f 73 42 75 69 6c 64 22 3a 22 22 2c 22 6f 73 4e 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22
                                                          Data Ascii: event=headsetIntegrationConnected&data={"appName":"headset","version":""}&context={"extension":"","installer":"exe","machineId":"","messageId":"02e3066f-3946-43eb-a636-6662806c4060","os":"Windows_NT","osBits":"64bit","osBuild":"","osName":"Windows 10 Pro"
                                                          2022-09-20 09:32:12 UTC1INHTTP/1.1 200 OK
                                                          Date: Tue, 20 Sep 2022 09:32:12 GMT
                                                          Content-Type: text/html;charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          Server: nginx/1.16.1
                                                          Access-Control-Allow-Origin: *
                                                          Access-Control-Allow-Headers: accept, authorization, content-type
                                                          Access-Control-Allow-Credentials: true
                                                          P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
                                                          2022-09-20 09:32:12 UTC1INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:11:30:27
                                                          Start date:20/09/2022
                                                          Path:C:\Users\user\Desktop\SetupWIService.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\SetupWIService.exe"
                                                          Imagebase:0x400000
                                                          File size:11834040 bytes
                                                          MD5 hash:141D46BA18A6FB07AC40B69A22FBBCBC
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:low

                                                          General

                                                          Target ID:1
                                                          Start time:11:30:29
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:cmd /C taskkill /F /IM WIService.exe
                                                          Imagebase:0xd90000
                                                          File size:232960 bytes
                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:2
                                                          Start time:11:30:30
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7c72c0000
                                                          File size:625664 bytes
                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:3
                                                          Start time:11:30:30
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:taskkill /F /IM WIService.exe
                                                          Imagebase:0x50000
                                                          File size:74752 bytes
                                                          MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:4
                                                          Start time:11:30:31
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:cmd /C taskkill /F /IM WIui.exe
                                                          Imagebase:0xd90000
                                                          File size:232960 bytes
                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:5
                                                          Start time:11:30:32
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7c72c0000
                                                          File size:625664 bytes
                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:6
                                                          Start time:11:30:32
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:taskkill /F /IM WIui.exe
                                                          Imagebase:0x50000
                                                          File size:74752 bytes
                                                          MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:7
                                                          Start time:11:30:33
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:cmd /C taskkill /F /IM wirtpproxy.exe
                                                          Imagebase:0xd90000
                                                          File size:232960 bytes
                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:8
                                                          Start time:11:30:34
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7c72c0000
                                                          File size:625664 bytes
                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:9
                                                          Start time:11:30:34
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:taskkill /F /IM wirtpproxy.exe
                                                          Imagebase:0x50000
                                                          File size:74752 bytes
                                                          MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:10
                                                          Start time:11:30:35
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:cmd /C taskkill /F /IM wiservice-ui.exe
                                                          Imagebase:0xd90000
                                                          File size:232960 bytes
                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:11
                                                          Start time:11:30:36
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7c72c0000
                                                          File size:625664 bytes
                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:12
                                                          Start time:11:30:36
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:taskkill /F /IM wiservice-ui.exe
                                                          Imagebase:0x50000
                                                          File size:74752 bytes
                                                          MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:13
                                                          Start time:11:30:37
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:cmd /C taskkill /F /IM vncsrv.exe
                                                          Imagebase:0xd90000
                                                          File size:232960 bytes
                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:14
                                                          Start time:11:30:38
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7c72c0000
                                                          File size:625664 bytes
                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:15
                                                          Start time:11:30:38
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:taskkill /F /IM vncsrv.exe
                                                          Imagebase:0x50000
                                                          File size:74752 bytes
                                                          MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:16
                                                          Start time:11:30:39
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:cmd /C taskkill /F /IM WildixOutlookIntegration.exe
                                                          Imagebase:0xd90000
                                                          File size:232960 bytes
                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:17
                                                          Start time:11:30:40
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7c72c0000
                                                          File size:625664 bytes
                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:18
                                                          Start time:11:30:41
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:taskkill /F /IM WildixOutlookIntegration.exe
                                                          Imagebase:0x50000
                                                          File size:74752 bytes
                                                          MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:20
                                                          Start time:11:30:50
                                                          Start date:20/09/2022
                                                          Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --removesvc
                                                          Imagebase:0x7ff799520000
                                                          File size:14324528 bytes
                                                          MD5 hash:C66742153E3B6174EE1B9E50F71EB1D2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:21
                                                          Start time:11:30:51
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\svchost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                          Imagebase:0x7ff61e220000
                                                          File size:51288 bytes
                                                          MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:22
                                                          Start time:11:31:04
                                                          Start date:20/09/2022
                                                          Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter
                                                          Imagebase:0x7ff799520000
                                                          File size:14324528 bytes
                                                          MD5 hash:C66742153E3B6174EE1B9E50F71EB1D2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:23
                                                          Start time:11:31:09
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\spoolsv.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\System32\spoolsv.exe
                                                          Imagebase:0x7ff703560000
                                                          File size:768512 bytes
                                                          MD5 hash:C05A19A38D7D203B738771FD1854656F
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:24
                                                          Start time:11:31:11
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\svchost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                          Imagebase:0x7ff61e220000
                                                          File size:51288 bytes
                                                          MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:25
                                                          Start time:11:31:14
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\spoolsv.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\System32\spoolsv.exe
                                                          Imagebase:0x7ff703560000
                                                          File size:768512 bytes
                                                          MD5 hash:C05A19A38D7D203B738771FD1854656F
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:28
                                                          Start time:11:31:29
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase
                                                          Imagebase:0x284c15d0000
                                                          File size:64096 bytes
                                                          MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:.Net C# or VB.NET

                                                          General

                                                          Target ID:29
                                                          Start time:11:31:30
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7c72c0000
                                                          File size:625664 bytes
                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:30
                                                          Start time:11:31:33
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase
                                                          Imagebase:0x26bc1880000
                                                          File size:64096 bytes
                                                          MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:.Net C# or VB.NET

                                                          General

                                                          Target ID:31
                                                          Start time:11:31:34
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7c72c0000
                                                          File size:625664 bytes
                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:32
                                                          Start time:11:31:36
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase
                                                          Imagebase:0x216b0170000
                                                          File size:64096 bytes
                                                          MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:.Net C# or VB.NET

                                                          General

                                                          Target ID:33
                                                          Start time:11:31:36
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7c72c0000
                                                          File size:625664 bytes
                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:34
                                                          Start time:11:31:41
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase
                                                          Imagebase:0x2c135870000
                                                          File size:64096 bytes
                                                          MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:.Net C# or VB.NET

                                                          General

                                                          Target ID:35
                                                          Start time:11:31:41
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7c72c0000
                                                          File size:625664 bytes
                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:36
                                                          Start time:11:31:43
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase
                                                          Imagebase:0x2b7e1330000
                                                          File size:64096 bytes
                                                          MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:.Net C# or VB.NET

                                                          General

                                                          Target ID:37
                                                          Start time:11:31:44
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7c72c0000
                                                          File size:625664 bytes
                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:38
                                                          Start time:11:31:45
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase
                                                          Imagebase:0x209abf00000
                                                          File size:64096 bytes
                                                          MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:.Net C# or VB.NET

                                                          General

                                                          Target ID:39
                                                          Start time:11:31:46
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7c72c0000
                                                          File size:625664 bytes
                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:40
                                                          Start time:11:31:49
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase
                                                          Imagebase:0x23e0aec0000
                                                          File size:64096 bytes
                                                          MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:.Net C# or VB.NET

                                                          General

                                                          Target ID:41
                                                          Start time:11:31:49
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7c72c0000
                                                          File size:625664 bytes
                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:42
                                                          Start time:11:31:52
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent
                                                          Imagebase:0x26801920000
                                                          File size:64096 bytes
                                                          MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:.Net C# or VB.NET

                                                          General

                                                          Target ID:43
                                                          Start time:11:31:52
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7c72c0000
                                                          File size:625664 bytes
                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:45
                                                          Start time:11:31:57
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\cmd.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
                                                          Imagebase:0x7ff632260000
                                                          File size:273920 bytes
                                                          MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:46
                                                          Start time:11:32:00
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7c72c0000
                                                          File size:625664 bytes
                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:47
                                                          Start time:11:32:00
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\schtasks.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
                                                          Imagebase:0x7ff6e7880000
                                                          File size:226816 bytes
                                                          MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:48
                                                          Start time:11:32:01
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\cmd.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                          Imagebase:0x7ff632260000
                                                          File size:273920 bytes
                                                          MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:49
                                                          Start time:11:32:02
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7c72c0000
                                                          File size:625664 bytes
                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:50
                                                          Start time:11:32:02
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\netsh.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                          Imagebase:0x7ff67e130000
                                                          File size:92672 bytes
                                                          MD5 hash:98CC37BBF363A38834253E22C80A8F32
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:51
                                                          Start time:11:32:03
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\cmd.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                          Imagebase:0x7ff632260000
                                                          File size:273920 bytes
                                                          MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:52
                                                          Start time:11:32:04
                                                          Start date:20/09/2022
                                                          Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Program Files\Wildix\WIService\WIService.exe"
                                                          Imagebase:0x7ff799520000
                                                          File size:14324528 bytes
                                                          MD5 hash:C66742153E3B6174EE1B9E50F71EB1D2
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:53
                                                          Start time:11:32:04
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7c72c0000
                                                          File size:625664 bytes
                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:54
                                                          Start time:11:32:05
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\netsh.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                          Imagebase:0x7ff67e130000
                                                          File size:92672 bytes
                                                          MD5 hash:98CC37BBF363A38834253E22C80A8F32
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:55
                                                          Start time:11:32:06
                                                          Start date:20/09/2022
                                                          Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
                                                          Imagebase:0x7ff799520000
                                                          File size:14324528 bytes
                                                          MD5 hash:C66742153E3B6174EE1B9E50F71EB1D2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:56
                                                          Start time:11:32:14
                                                          Start date:20/09/2022
                                                          Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc
                                                          Imagebase:0x7ff799520000
                                                          File size:14324528 bytes
                                                          MD5 hash:C66742153E3B6174EE1B9E50F71EB1D2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:61
                                                          Start time:11:32:22
                                                          Start date:20/09/2022
                                                          Path:C:\Windows\System32\svchost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                          Imagebase:0x7ff61e220000
                                                          File size:51288 bytes
                                                          MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:63
                                                          Start time:11:32:24
                                                          Start date:20/09/2022
                                                          Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --hostsvc
                                                          Imagebase:0x7ff799520000
                                                          File size:14324528 bytes
                                                          MD5 hash:C66742153E3B6174EE1B9E50F71EB1D2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:64
                                                          Start time:11:32:29
                                                          Start date:20/09/2022
                                                          Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                          Wow64 process (32bit):
                                                          Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher
                                                          Imagebase:
                                                          File size:14324528 bytes
                                                          MD5 hash:C66742153E3B6174EE1B9E50F71EB1D2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:65
                                                          Start time:11:32:29
                                                          Start date:20/09/2022
                                                          Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                          Wow64 process (32bit):
                                                          Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog
                                                          Imagebase:
                                                          File size:14324528 bytes
                                                          MD5 hash:C66742153E3B6174EE1B9E50F71EB1D2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language

                                                          Disassembly

                                                          Reset < >

                                                            Execution Graph

                                                            Execution Coverage:25%
                                                            Dynamic/Decrypted Code Coverage:0%
                                                            Signature Coverage:16.9%
                                                            Total number of Nodes:1513
                                                            Total number of Limit Nodes:45
                                                            execution_graph 4913 73da225a 4914 73da22c4 4913->4914 4915 73da22cf GlobalAlloc 4914->4915 4916 73da22ee 4914->4916 4915->4914 3817 401d41 3818 401d54 GetDlgItem 3817->3818 3819 401d47 3817->3819 3821 401d4e 3818->3821 3828 402b0a 3819->3828 3822 401d8f GetClientRect LoadImageA SendMessageA 3821->3822 3831 402b2c 3821->3831 3825 4029b8 3822->3825 3826 401deb 3822->3826 3826->3825 3827 401df3 DeleteObject 3826->3827 3827->3825 3837 406032 3828->3837 3830 402b1f 3830->3821 3832 402b38 3831->3832 3833 406032 17 API calls 3832->3833 3834 402b59 3833->3834 3835 402b65 3834->3835 3836 40627a 5 API calls 3834->3836 3835->3822 3836->3835 3841 40603f 3837->3841 3838 406261 3839 406276 3838->3839 3870 406010 lstrcpynA 3838->3870 3839->3830 3841->3838 3842 40623b lstrlenA 3841->3842 3843 406032 10 API calls 3841->3843 3846 406157 GetSystemDirectoryA 3841->3846 3848 40616a GetWindowsDirectoryA 3841->3848 3850 406032 10 API calls 3841->3850 3851 4061e4 lstrcatA 3841->3851 3852 40619e SHGetSpecialFolderLocation 3841->3852 3854 405ef7 3841->3854 3859 40627a 3841->3859 3868 405f6e wsprintfA 3841->3868 3869 406010 lstrcpynA 3841->3869 3842->3841 3843->3842 3846->3841 3848->3841 3850->3841 3851->3841 3852->3841 3853 4061b6 SHGetPathFromIDListA CoTaskMemFree 3852->3853 3853->3841 3871 405e96 3854->3871 3857 405f2b RegQueryValueExA RegCloseKey 3858 405f5a 3857->3858 3858->3841 3866 406286 3859->3866 3860 4062ee 3861 4062f2 CharPrevA 3860->3861 3864 40630d 3860->3864 3861->3860 3862 4062e3 CharNextA 3862->3860 3862->3866 3864->3841 3865 4062d1 CharNextA 3865->3866 3866->3860 3866->3862 3866->3865 3867 4062de CharNextA 3866->3867 3875 4059d3 3866->3875 3867->3862 3868->3841 3869->3841 3870->3839 3872 405ea5 3871->3872 3873 405ea9 3872->3873 3874 405eae RegOpenKeyExA 3872->3874 3873->3857 3873->3858 3874->3873 3876 4059d9 3875->3876 3877 4059ec 3876->3877 3878 4059df CharNextA 3876->3878 3877->3866 3878->3876 4917 73da1058 4919 73da1074 4917->4919 4918 73da10dc 4919->4918 4920 73da1091 4919->4920 4930 73da14bb 4919->4930 4922 73da14bb GlobalFree 4920->4922 4923 73da10a1 4922->4923 4924 73da10a8 GlobalSize 4923->4924 4925 73da10b1 4923->4925 4924->4925 4926 73da10c6 4925->4926 4927 73da10b5 GlobalAlloc 4925->4927 4929 73da10d1 GlobalFree 4926->4929 4928 73da14e2 3 API calls 4927->4928 4928->4926 4929->4918 4931 73da14c1 4930->4931 4932 73da14c7 4931->4932 4933 73da14d3 GlobalFree 4931->4933 4932->4920 4933->4920 4934 401ec3 4935 402b2c 17 API calls 4934->4935 4936 401ec9 4935->4936 4937 402b2c 17 API calls 4936->4937 4938 401ed2 4937->4938 4939 402b2c 17 API calls 4938->4939 4940 401edb 4939->4940 4941 402b2c 17 API calls 4940->4941 4942 401ee4 4941->4942 4943 401423 24 API calls 4942->4943 4944 401eeb 4943->4944 4951 4056f2 ShellExecuteExA 4944->4951 4946 401f29 4947 40641d 5 API calls 4946->4947 4949 402783 4946->4949 4948 401f43 FindCloseChangeNotification 4947->4948 4948->4949 4951->4946 3916 401746 3917 402b2c 17 API calls 3916->3917 3918 40174d 3917->3918 3922 405bd8 3918->3922 3920 401754 3921 405bd8 2 API calls 3920->3921 3921->3920 3923 405be3 GetTickCount GetTempFileNameA 3922->3923 3924 405c10 3923->3924 3925 405c14 3923->3925 3924->3923 3924->3925 3925->3920 4952 401947 4953 402b2c 17 API calls 4952->4953 4954 40194e lstrlenA 4953->4954 4955 4025e4 4954->4955 3926 401f48 3927 402b2c 17 API calls 3926->3927 3928 401f4e 3927->3928 3939 405137 3928->3939 3935 402783 3936 401f73 3938 401f7f FindCloseChangeNotification 3936->3938 3958 405f6e wsprintfA 3936->3958 3938->3935 3940 405152 3939->3940 3949 401f58 3939->3949 3941 40516f lstrlenA 3940->3941 3944 406032 17 API calls 3940->3944 3942 405198 3941->3942 3943 40517d lstrlenA 3941->3943 3946 4051ab 3942->3946 3947 40519e SetWindowTextA 3942->3947 3945 40518f lstrcatA 3943->3945 3943->3949 3944->3941 3945->3942 3948 4051b1 SendMessageA SendMessageA SendMessageA 3946->3948 3946->3949 3947->3946 3948->3949 3950 4056af CreateProcessA 3949->3950 3951 4056e2 CloseHandle 3950->3951 3952 401f5e 3950->3952 3951->3952 3952->3935 3952->3938 3953 40641d WaitForSingleObject 3952->3953 3954 406437 3953->3954 3955 406449 GetExitCodeProcess 3954->3955 3959 4063e4 3954->3959 3955->3936 3958->3938 3960 406401 PeekMessageA 3959->3960 3961 406411 WaitForSingleObject 3960->3961 3962 4063f7 DispatchMessageA 3960->3962 3961->3954 3962->3960 4956 401fc8 4957 402b2c 17 API calls 4956->4957 4958 401fcf 4957->4958 4959 4063a8 5 API calls 4958->4959 4960 401fde 4959->4960 4961 401ff6 GlobalAlloc 4960->4961 4963 40205e 4960->4963 4962 40200a 4961->4962 4961->4963 4964 4063a8 5 API calls 4962->4964 4965 402011 4964->4965 4966 4063a8 5 API calls 4965->4966 4967 40201b 4966->4967 4967->4963 4971 405f6e wsprintfA 4967->4971 4969 402052 4972 405f6e wsprintfA 4969->4972 4971->4969 4972->4963 4973 4025c8 4974 402b2c 17 API calls 4973->4974 4975 4025cf 4974->4975 4978 405ba9 GetFileAttributesA CreateFileA 4975->4978 4977 4025db 4978->4977 4005 403bca 4006 403be2 4005->4006 4007 403d1d 4005->4007 4006->4007 4008 403bee 4006->4008 4009 403d6e 4007->4009 4010 403d2e GetDlgItem GetDlgItem 4007->4010 4012 403bf9 SetWindowPos 4008->4012 4013 403c0c 4008->4013 4011 403dc8 4009->4011 4019 401389 2 API calls 4009->4019 4076 40409e 4010->4076 4035 403d18 4011->4035 4082 4040ea 4011->4082 4012->4013 4016 403c11 ShowWindow 4013->4016 4017 403c29 4013->4017 4016->4017 4020 403c31 DestroyWindow 4017->4020 4021 403c4b 4017->4021 4018 403d58 KiUserCallbackDispatcher 4079 40140b 4018->4079 4025 403da0 4019->4025 4075 404027 4020->4075 4023 403c50 SetWindowLongA 4021->4023 4024 403c61 4021->4024 4023->4035 4026 403d0a 4024->4026 4027 403c6d GetDlgItem 4024->4027 4025->4011 4028 403da4 SendMessageA 4025->4028 4098 404105 4026->4098 4031 403c80 SendMessageA IsWindowEnabled 4027->4031 4037 403c9d 4027->4037 4028->4035 4029 40140b 2 API calls 4066 403dda 4029->4066 4030 404029 DestroyWindow EndDialog 4030->4075 4031->4035 4031->4037 4033 404058 ShowWindow 4033->4035 4034 406032 17 API calls 4034->4066 4036 403ca2 4095 404077 4036->4095 4037->4036 4038 403caa 4037->4038 4041 403cf1 SendMessageA 4037->4041 4042 403cbd 4037->4042 4038->4036 4038->4041 4040 40409e 18 API calls 4040->4066 4041->4026 4044 403cc5 4042->4044 4045 403cda 4042->4045 4043 403cd8 4043->4026 4047 40140b 2 API calls 4044->4047 4046 40140b 2 API calls 4045->4046 4048 403ce1 4046->4048 4047->4036 4048->4026 4048->4036 4049 40409e 18 API calls 4050 403e55 GetDlgItem 4049->4050 4051 403e72 ShowWindow KiUserCallbackDispatcher 4050->4051 4052 403e6a 4050->4052 4085 4040c0 KiUserCallbackDispatcher 4051->4085 4052->4051 4054 403e9c EnableWindow 4059 403eb0 4054->4059 4055 403eb5 GetSystemMenu EnableMenuItem SendMessageA 4056 403ee5 SendMessageA 4055->4056 4055->4059 4056->4059 4059->4055 4086 4040d3 SendMessageA 4059->4086 4087 403bab 4059->4087 4090 406010 lstrcpynA 4059->4090 4061 403f14 lstrlenA 4062 406032 17 API calls 4061->4062 4063 403f25 SetWindowTextA 4062->4063 4091 401389 4063->4091 4065 403f69 DestroyWindow 4067 403f83 CreateDialogParamA 4065->4067 4065->4075 4066->4029 4066->4030 4066->4034 4066->4035 4066->4040 4066->4049 4066->4065 4068 403fb6 4067->4068 4067->4075 4069 40409e 18 API calls 4068->4069 4070 403fc1 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4069->4070 4071 401389 2 API calls 4070->4071 4072 404007 4071->4072 4072->4035 4073 40400f ShowWindow 4072->4073 4074 4040ea SendMessageA 4073->4074 4074->4075 4075->4033 4075->4035 4077 406032 17 API calls 4076->4077 4078 4040a9 SetDlgItemTextA 4077->4078 4078->4018 4080 401389 2 API calls 4079->4080 4081 401420 4080->4081 4081->4009 4083 404102 4082->4083 4084 4040f3 SendMessageA 4082->4084 4083->4066 4084->4083 4085->4054 4086->4059 4088 406032 17 API calls 4087->4088 4089 403bb9 SetWindowTextA 4088->4089 4089->4059 4090->4061 4093 401390 4091->4093 4092 4013fe 4092->4066 4093->4092 4094 4013cb MulDiv SendMessageA 4093->4094 4094->4093 4096 404084 SendMessageA 4095->4096 4097 40407e 4095->4097 4096->4043 4097->4096 4099 4041c8 4098->4099 4100 40411d GetWindowLongA 4098->4100 4099->4035 4100->4099 4101 404132 4100->4101 4101->4099 4102 404162 4101->4102 4103 40415f GetSysColor 4101->4103 4104 404172 SetBkMode 4102->4104 4105 404168 SetTextColor 4102->4105 4103->4102 4106 404190 4104->4106 4107 40418a GetSysColor 4104->4107 4105->4104 4108 404197 SetBkColor 4106->4108 4109 4041a1 4106->4109 4107->4106 4108->4109 4109->4099 4110 4041b4 DeleteObject 4109->4110 4111 4041bb CreateBrushIndirect 4109->4111 4110->4111 4111->4099 4112 4014ca 4113 405137 24 API calls 4112->4113 4114 4014d1 4113->4114 4979 73da15d1 4980 73da14bb GlobalFree 4979->4980 4983 73da15e9 4980->4983 4981 73da162f GlobalFree 4982 73da1604 4982->4981 4983->4981 4983->4982 4984 73da161b VirtualFree 4983->4984 4984->4981 4710 40254c 4711 402b6c 17 API calls 4710->4711 4712 402556 4711->4712 4713 402b0a 17 API calls 4712->4713 4714 40255f 4713->4714 4715 402586 RegEnumValueA 4714->4715 4716 40257a RegEnumKeyA 4714->4716 4718 402783 4714->4718 4717 40259b RegCloseKey 4715->4717 4716->4717 4717->4718 4985 4041d4 lstrcpynA lstrlenA 4785 4014d6 4786 402b0a 17 API calls 4785->4786 4787 4014dc Sleep 4786->4787 4789 4029b8 4787->4789 4808 401759 4809 402b2c 17 API calls 4808->4809 4810 401760 4809->4810 4811 401786 4810->4811 4812 40177e 4810->4812 4848 406010 lstrcpynA 4811->4848 4847 406010 lstrcpynA 4812->4847 4815 401784 4819 40627a 5 API calls 4815->4819 4816 401791 4817 4059a8 3 API calls 4816->4817 4818 401797 lstrcatA 4817->4818 4818->4815 4821 4017a3 4819->4821 4820 406313 2 API calls 4820->4821 4821->4820 4822 405b84 2 API calls 4821->4822 4824 4017ba CompareFileTime 4821->4824 4825 40187e 4821->4825 4827 401855 4821->4827 4830 406010 lstrcpynA 4821->4830 4834 406032 17 API calls 4821->4834 4842 40572c MessageBoxIndirectA 4821->4842 4846 405ba9 GetFileAttributesA CreateFileA 4821->4846 4822->4821 4824->4821 4826 405137 24 API calls 4825->4826 4828 401888 4826->4828 4829 405137 24 API calls 4827->4829 4836 40186a 4827->4836 4831 402ffb 31 API calls 4828->4831 4829->4836 4830->4821 4832 40189b 4831->4832 4833 4018af SetFileTime 4832->4833 4835 4018c1 FindCloseChangeNotification 4832->4835 4833->4835 4834->4821 4835->4836 4837 4018d2 4835->4837 4838 4018d7 4837->4838 4839 4018ea 4837->4839 4840 406032 17 API calls 4838->4840 4841 406032 17 API calls 4839->4841 4843 4018df lstrcatA 4840->4843 4844 4018f2 4841->4844 4842->4821 4843->4844 4844->4836 4845 40572c MessageBoxIndirectA 4844->4845 4845->4836 4846->4821 4847->4815 4848->4816 4986 401659 4987 402b2c 17 API calls 4986->4987 4988 40165f 4987->4988 4989 406313 2 API calls 4988->4989 4990 401665 4989->4990 4991 401959 4992 402b0a 17 API calls 4991->4992 4993 401960 4992->4993 4994 402b0a 17 API calls 4993->4994 4995 40196d 4994->4995 4996 402b2c 17 API calls 4995->4996 4997 401984 lstrlenA 4996->4997 4999 401994 4997->4999 4998 4019d4 4999->4998 5003 406010 lstrcpynA 4999->5003 5001 4019c4 5001->4998 5002 4019c9 lstrlenA 5001->5002 5002->4998 5003->5001 4849 4024da 4850 402b6c 17 API calls 4849->4850 4851 4024e4 4850->4851 4852 402b2c 17 API calls 4851->4852 4853 4024ed 4852->4853 4854 402783 4853->4854 4855 4024f7 RegQueryValueExA 4853->4855 4856 402517 4855->4856 4859 40251d RegCloseKey 4855->4859 4856->4859 4860 405f6e wsprintfA 4856->4860 4859->4854 4860->4859 5004 401cda 5005 402b0a 17 API calls 5004->5005 5006 401ce0 IsWindow 5005->5006 5007 401a0e 5006->5007 5008 402cdd 5009 402d05 5008->5009 5010 402cec SetTimer 5008->5010 5011 402d5a 5009->5011 5012 402d1f MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 5009->5012 5010->5009 5012->5011 5013 401a5e 5014 402b0a 17 API calls 5013->5014 5015 401a67 5014->5015 5016 402b0a 17 API calls 5015->5016 5017 401a0e 5016->5017 3879 401b63 3880 401b70 3879->3880 3881 401bb4 3879->3881 3884 40233b 3880->3884 3889 401b87 3880->3889 3882 401bb8 3881->3882 3883 401bdd GlobalAlloc 3881->3883 3893 401bf8 3882->3893 3900 406010 lstrcpynA 3882->3900 3885 406032 17 API calls 3883->3885 3886 406032 17 API calls 3884->3886 3885->3893 3888 402348 3886->3888 3888->3893 3901 40572c 3888->3901 3898 406010 lstrcpynA 3889->3898 3891 401bca GlobalFree 3891->3893 3892 401b96 3899 406010 lstrcpynA 3892->3899 3896 401ba5 3905 406010 lstrcpynA 3896->3905 3898->3892 3899->3896 3900->3891 3902 405741 3901->3902 3903 40578d 3902->3903 3904 405755 MessageBoxIndirectA 3902->3904 3903->3893 3904->3903 3905->3893 5018 401563 5019 402960 5018->5019 5022 405f6e wsprintfA 5019->5022 5021 402965 5022->5021 5023 402363 5024 402371 5023->5024 5025 40236b 5023->5025 5027 402b2c 17 API calls 5024->5027 5029 402381 5024->5029 5026 402b2c 17 API calls 5025->5026 5026->5024 5027->5029 5028 40238f 5030 402b2c 17 API calls 5028->5030 5029->5028 5031 402b2c 17 API calls 5029->5031 5032 402398 WritePrivateProfileStringA 5030->5032 5031->5028 3906 402765 3907 402b2c 17 API calls 3906->3907 3908 40276c FindFirstFileA 3907->3908 3909 40278f 3908->3909 3910 40277f 3908->3910 3914 405f6e wsprintfA 3909->3914 3912 402796 3915 406010 lstrcpynA 3912->3915 3914->3912 3915->3910 3963 4023e8 3964 40241a 3963->3964 3965 4023ef 3963->3965 3967 402b2c 17 API calls 3964->3967 3974 402b6c 3965->3974 3969 402421 3967->3969 3979 402bea 3969->3979 3971 402b2c 17 API calls 3973 402407 RegDeleteValueA RegCloseKey 3971->3973 3972 40242e 3973->3972 3975 402b2c 17 API calls 3974->3975 3976 402b83 3975->3976 3977 405e96 RegOpenKeyExA 3976->3977 3978 4023f6 3977->3978 3978->3971 3978->3972 3980 402bf6 3979->3980 3981 402bfd 3979->3981 3980->3972 3981->3980 3983 402c2e 3981->3983 3984 405e96 RegOpenKeyExA 3983->3984 3985 402c5c 3984->3985 3986 402cd6 3985->3986 3991 402c60 3985->3991 3986->3980 3987 402c82 RegEnumKeyA 3988 402c99 RegCloseKey 3987->3988 3987->3991 3996 4063a8 GetModuleHandleA 3988->3996 3990 402cba RegCloseKey 3990->3986 3991->3987 3991->3988 3991->3990 3992 402c2e 6 API calls 3991->3992 3992->3991 3994 402cca RegDeleteKeyA 3994->3986 3995 402cad 3995->3986 3997 4063c4 3996->3997 3998 4063ce GetProcAddress 3996->3998 4002 40633a GetSystemDirectoryA 3997->4002 4000 402ca9 3998->4000 4000->3994 4000->3995 4001 4063ca 4001->3998 4001->4000 4003 40635c wsprintfA LoadLibraryExA 4002->4003 4003->4001 5033 4044e9 5034 4044f9 5033->5034 5035 40451f 5033->5035 5036 40409e 18 API calls 5034->5036 5037 404105 8 API calls 5035->5037 5038 404506 SetDlgItemTextA 5036->5038 5039 40452b 5037->5039 5038->5035 4115 40206a 4116 40212a 4115->4116 4117 40207c 4115->4117 4119 401423 24 API calls 4116->4119 4118 402b2c 17 API calls 4117->4118 4120 402083 4118->4120 4125 4022a9 4119->4125 4121 402b2c 17 API calls 4120->4121 4122 40208c 4121->4122 4123 4020a1 LoadLibraryExA 4122->4123 4124 402094 GetModuleHandleA 4122->4124 4123->4116 4126 4020b1 GetProcAddress 4123->4126 4124->4123 4124->4126 4127 4020c0 4126->4127 4128 4020fd 4126->4128 4129 4020c8 4127->4129 4130 4020df 4127->4130 4131 405137 24 API calls 4128->4131 4178 401423 4129->4178 4136 73da16db 4130->4136 4133 4020d0 4131->4133 4133->4125 4134 40211e FreeLibrary 4133->4134 4134->4125 4137 73da170b 4136->4137 4181 73da1a98 4137->4181 4139 73da1712 4140 73da1834 4139->4140 4141 73da172a 4139->4141 4142 73da1723 4139->4142 4140->4133 4210 73da22f1 4141->4210 4224 73da22af 4142->4224 4147 73da178e 4153 73da17dc 4147->4153 4154 73da1794 4147->4154 4148 73da1770 4237 73da24d8 4148->4237 4149 73da1759 4163 73da174f 4149->4163 4234 73da2cc3 4149->4234 4150 73da1740 4152 73da1746 4150->4152 4158 73da1751 4150->4158 4152->4163 4220 73da2a38 4152->4220 4156 73da24d8 11 API calls 4153->4156 4256 73da156b 4154->4256 4161 73da17cd 4156->4161 4157 73da1776 4248 73da1559 4157->4248 4228 73da26b2 4158->4228 4169 73da1823 4161->4169 4262 73da249e 4161->4262 4163->4147 4163->4148 4167 73da1757 4167->4163 4168 73da24d8 11 API calls 4168->4161 4169->4140 4171 73da182d GlobalFree 4169->4171 4171->4140 4175 73da180f 4175->4169 4266 73da14e2 wsprintfA 4175->4266 4176 73da1808 FreeLibrary 4176->4175 4179 405137 24 API calls 4178->4179 4180 401431 4179->4180 4180->4133 4269 73da1215 GlobalAlloc 4181->4269 4183 73da1abf 4270 73da1215 GlobalAlloc 4183->4270 4185 73da1d00 GlobalFree GlobalFree GlobalFree 4186 73da1d1d 4185->4186 4201 73da1d67 4185->4201 4187 73da20f1 4186->4187 4193 73da1d32 4186->4193 4186->4201 4189 73da2113 GetModuleHandleA 4187->4189 4187->4201 4188 73da1bbd GlobalAlloc 4204 73da1aca 4188->4204 4192 73da2124 LoadLibraryA 4189->4192 4195 73da2139 4189->4195 4190 73da1c08 lstrcpyA 4194 73da1c12 lstrcpyA 4190->4194 4191 73da1c26 GlobalFree 4191->4204 4192->4195 4192->4201 4193->4201 4273 73da1224 4193->4273 4194->4204 4197 73da2197 lstrlenA 4195->4197 4195->4201 4196 73da1fb7 4276 73da1215 GlobalAlloc 4196->4276 4202 73da21b0 4197->4202 4200 73da2033 4200->4201 4207 73da208c lstrcpyA 4200->4207 4201->4139 4202->4201 4203 73da1ef9 GlobalFree 4203->4204 4204->4185 4204->4188 4204->4190 4204->4191 4204->4194 4204->4196 4204->4200 4204->4201 4204->4203 4205 73da1224 2 API calls 4204->4205 4206 73da1c64 4204->4206 4205->4204 4206->4204 4271 73da1534 GlobalSize GlobalAlloc 4206->4271 4207->4201 4209 73da1fbf 4209->4139 4212 73da230a 4210->4212 4211 73da1224 GlobalAlloc lstrcpynA 4211->4212 4212->4211 4214 73da2446 GlobalFree 4212->4214 4215 73da23b8 GlobalAlloc MultiByteToWideChar 4212->4215 4219 73da2405 4212->4219 4278 73da12ad 4212->4278 4214->4212 4216 73da1730 4214->4216 4217 73da23e4 GlobalAlloc CLSIDFromString GlobalFree 4215->4217 4215->4219 4216->4149 4216->4150 4216->4163 4217->4214 4219->4214 4282 73da2646 4219->4282 4222 73da2a4a 4220->4222 4221 73da2aef RegOpenKeyExA 4223 73da2b0d 4221->4223 4222->4221 4223->4163 4225 73da22c4 4224->4225 4226 73da22cf GlobalAlloc 4225->4226 4227 73da1729 4225->4227 4226->4225 4227->4141 4232 73da26e2 4228->4232 4229 73da277d GlobalAlloc 4233 73da27a0 4229->4233 4230 73da2790 4231 73da2796 GlobalSize 4230->4231 4230->4233 4231->4233 4232->4229 4232->4230 4233->4167 4235 73da2cce 4234->4235 4236 73da2d0e GlobalFree 4235->4236 4285 73da1215 GlobalAlloc 4237->4285 4239 73da2598 WideCharToMultiByte 4244 73da24e4 4239->4244 4240 73da2563 lstrcpynA 4240->4244 4241 73da2574 StringFromGUID2 WideCharToMultiByte 4241->4244 4242 73da25b9 wsprintfA 4242->4244 4243 73da25dd GlobalFree 4243->4244 4244->4239 4244->4240 4244->4241 4244->4242 4244->4243 4245 73da2617 GlobalFree 4244->4245 4246 73da1266 2 API calls 4244->4246 4286 73da12d1 4244->4286 4245->4157 4246->4244 4290 73da1215 GlobalAlloc 4248->4290 4250 73da155e 4251 73da156b 2 API calls 4250->4251 4252 73da1568 4251->4252 4253 73da1266 4252->4253 4254 73da12a8 GlobalFree 4253->4254 4255 73da126f GlobalAlloc lstrcpynA 4253->4255 4254->4161 4255->4254 4257 73da1577 wsprintfA 4256->4257 4258 73da15a4 lstrcpyA 4256->4258 4261 73da15bd 4257->4261 4258->4261 4261->4168 4263 73da24ac 4262->4263 4265 73da17ef 4262->4265 4264 73da24c5 GlobalFree 4263->4264 4263->4265 4264->4263 4265->4175 4265->4176 4267 73da1266 2 API calls 4266->4267 4268 73da1503 4267->4268 4268->4169 4269->4183 4270->4204 4272 73da1552 4271->4272 4272->4206 4277 73da1215 GlobalAlloc 4273->4277 4275 73da1233 lstrcpynA 4275->4201 4276->4209 4277->4275 4279 73da12b4 4278->4279 4280 73da1224 2 API calls 4279->4280 4281 73da12cf 4280->4281 4281->4212 4283 73da26aa 4282->4283 4284 73da2654 VirtualAlloc 4282->4284 4283->4219 4284->4283 4285->4244 4287 73da12da 4286->4287 4288 73da12f9 4286->4288 4287->4288 4289 73da12e0 lstrcpyA 4287->4289 4288->4244 4289->4288 4290->4250 5040 40166a 5041 402b2c 17 API calls 5040->5041 5042 401671 5041->5042 5043 402b2c 17 API calls 5042->5043 5044 40167a 5043->5044 5045 402b2c 17 API calls 5044->5045 5046 401683 MoveFileA 5045->5046 5047 401696 5046->5047 5048 40168f 5046->5048 5049 406313 2 API calls 5047->5049 5052 4022a9 5047->5052 5050 401423 24 API calls 5048->5050 5051 4016a5 5049->5051 5050->5052 5051->5052 5053 405def 36 API calls 5051->5053 5053->5048 5054 4025ea 5055 402603 5054->5055 5056 4025ef 5054->5056 5058 402b2c 17 API calls 5055->5058 5057 402b0a 17 API calls 5056->5057 5060 4025f8 5057->5060 5059 40260a lstrlenA 5058->5059 5059->5060 5061 40262c 5060->5061 5062 405c50 WriteFile 5060->5062 5062->5061 4313 40326b SetErrorMode GetVersion 4314 4032ac 4313->4314 4315 4032b2 4313->4315 4316 4063a8 5 API calls 4314->4316 4317 40633a 3 API calls 4315->4317 4316->4315 4318 4032c8 lstrlenA 4317->4318 4318->4315 4319 4032d7 4318->4319 4320 4063a8 5 API calls 4319->4320 4321 4032de 4320->4321 4322 4063a8 5 API calls 4321->4322 4323 4032e5 4322->4323 4324 4063a8 5 API calls 4323->4324 4325 4032f1 #17 OleInitialize SHGetFileInfoA 4324->4325 4403 406010 lstrcpynA 4325->4403 4328 40333d GetCommandLineA 4404 406010 lstrcpynA 4328->4404 4330 40334f 4331 4059d3 CharNextA 4330->4331 4332 403378 CharNextA 4331->4332 4341 403388 4332->4341 4333 403452 4334 403465 GetTempPathA 4333->4334 4405 40323a 4334->4405 4336 40347d 4337 403481 GetWindowsDirectoryA lstrcatA 4336->4337 4338 4034d7 DeleteFileA 4336->4338 4340 40323a 12 API calls 4337->4340 4415 402dc4 GetTickCount GetModuleFileNameA 4338->4415 4339 4059d3 CharNextA 4339->4341 4343 40349d 4340->4343 4341->4333 4341->4339 4344 403454 4341->4344 4343->4338 4346 4034a1 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 4343->4346 4499 406010 lstrcpynA 4344->4499 4345 4034eb 4347 403581 4345->4347 4350 403571 4345->4350 4354 4059d3 CharNextA 4345->4354 4349 40323a 12 API calls 4346->4349 4516 403753 4347->4516 4352 4034cf 4349->4352 4443 40382d 4350->4443 4352->4338 4352->4347 4356 403506 4354->4356 4364 4035b1 4356->4364 4365 40354c 4356->4365 4357 4036b9 4360 4036c1 GetCurrentProcess OpenProcessToken 4357->4360 4361 40373b ExitProcess 4357->4361 4358 40359b 4359 40572c MessageBoxIndirectA 4358->4359 4363 4035a9 ExitProcess 4359->4363 4366 40370c 4360->4366 4367 4036dc LookupPrivilegeValueA AdjustTokenPrivileges 4360->4367 4523 405697 4364->4523 4500 405a96 4365->4500 4370 4063a8 5 API calls 4366->4370 4367->4366 4373 403713 4370->4373 4376 403728 ExitWindowsEx 4373->4376 4379 403734 4373->4379 4374 4035d2 lstrcatA lstrcmpiA 4374->4347 4378 4035ee 4374->4378 4375 4035c7 lstrcatA 4375->4374 4376->4361 4376->4379 4381 4035f3 4378->4381 4382 4035fa 4378->4382 4383 40140b 2 API calls 4379->4383 4380 403566 4515 406010 lstrcpynA 4380->4515 4526 4055fd CreateDirectoryA 4381->4526 4531 40567a CreateDirectoryA 4382->4531 4383->4361 4388 4035ff SetCurrentDirectoryA 4389 403619 4388->4389 4390 40360e 4388->4390 4535 406010 lstrcpynA 4389->4535 4534 406010 lstrcpynA 4390->4534 4393 406032 17 API calls 4394 403658 DeleteFileA 4393->4394 4395 403665 CopyFileA 4394->4395 4397 403627 4394->4397 4395->4397 4396 4036ad 4398 405def 36 API calls 4396->4398 4397->4393 4397->4396 4400 406032 17 API calls 4397->4400 4401 4056af 2 API calls 4397->4401 4402 403699 CloseHandle 4397->4402 4536 405def MoveFileExA 4397->4536 4398->4347 4400->4397 4401->4397 4402->4397 4403->4328 4404->4330 4406 40627a 5 API calls 4405->4406 4408 403246 4406->4408 4407 403250 4407->4336 4408->4407 4540 4059a8 lstrlenA CharPrevA 4408->4540 4411 40567a 2 API calls 4412 40325e 4411->4412 4413 405bd8 2 API calls 4412->4413 4414 403269 4413->4414 4414->4336 4543 405ba9 GetFileAttributesA CreateFileA 4415->4543 4417 402e04 4436 402e14 4417->4436 4544 406010 lstrcpynA 4417->4544 4419 402e2a 4545 4059ef lstrlenA 4419->4545 4423 402e3b GetFileSize 4424 402f35 4423->4424 4442 402e52 4423->4442 4550 402d60 4424->4550 4426 402f3e 4428 402f6e GlobalAlloc 4426->4428 4426->4436 4585 403223 SetFilePointer 4426->4585 4561 403223 SetFilePointer 4428->4561 4431 402fa1 4433 402d60 6 API calls 4431->4433 4432 402f89 4562 402ffb 4432->4562 4433->4436 4434 402f57 4437 40320d ReadFile 4434->4437 4436->4345 4439 402f62 4437->4439 4438 402d60 6 API calls 4438->4442 4439->4428 4439->4436 4440 402f95 4440->4436 4440->4440 4441 402fd2 SetFilePointer 4440->4441 4441->4436 4442->4424 4442->4431 4442->4436 4442->4438 4582 40320d 4442->4582 4444 4063a8 5 API calls 4443->4444 4445 403841 4444->4445 4446 403847 4445->4446 4447 403859 4445->4447 4606 405f6e wsprintfA 4446->4606 4448 405ef7 3 API calls 4447->4448 4449 403884 4448->4449 4451 4038a2 lstrcatA 4449->4451 4453 405ef7 3 API calls 4449->4453 4452 403857 4451->4452 4591 403af2 4452->4591 4453->4451 4456 405a96 18 API calls 4457 4038d4 4456->4457 4458 40395d 4457->4458 4460 405ef7 3 API calls 4457->4460 4459 405a96 18 API calls 4458->4459 4461 403963 4459->4461 4462 403900 4460->4462 4463 403973 LoadImageA 4461->4463 4464 406032 17 API calls 4461->4464 4462->4458 4467 40391c lstrlenA 4462->4467 4470 4059d3 CharNextA 4462->4470 4465 403a19 4463->4465 4466 40399a RegisterClassA 4463->4466 4464->4463 4469 40140b 2 API calls 4465->4469 4468 4039d0 SystemParametersInfoA CreateWindowExA 4466->4468 4498 403a23 4466->4498 4471 403950 4467->4471 4472 40392a lstrcmpiA 4467->4472 4468->4465 4476 403a1f 4469->4476 4474 40391a 4470->4474 4473 4059a8 3 API calls 4471->4473 4472->4471 4475 40393a GetFileAttributesA 4472->4475 4478 403956 4473->4478 4474->4467 4479 403946 4475->4479 4477 403af2 18 API calls 4476->4477 4476->4498 4480 403a30 4477->4480 4607 406010 lstrcpynA 4478->4607 4479->4471 4482 4059ef 2 API calls 4479->4482 4483 403a3c ShowWindow 4480->4483 4484 403abf 4480->4484 4482->4471 4486 40633a 3 API calls 4483->4486 4599 405209 OleInitialize 4484->4599 4488 403a54 4486->4488 4487 403ac5 4489 403ae1 4487->4489 4490 403ac9 4487->4490 4491 403a62 GetClassInfoA 4488->4491 4493 40633a 3 API calls 4488->4493 4492 40140b 2 API calls 4489->4492 4496 40140b 2 API calls 4490->4496 4490->4498 4494 403a76 GetClassInfoA RegisterClassA 4491->4494 4495 403a8c DialogBoxParamA 4491->4495 4492->4498 4493->4491 4494->4495 4497 40140b 2 API calls 4495->4497 4496->4498 4497->4498 4498->4347 4499->4334 4609 406010 lstrcpynA 4500->4609 4502 405aa7 4610 405a41 CharNextA CharNextA 4502->4610 4505 403557 4505->4347 4514 406010 lstrcpynA 4505->4514 4506 40627a 5 API calls 4512 405abd 4506->4512 4507 405ae8 lstrlenA 4508 405af3 4507->4508 4507->4512 4509 4059a8 3 API calls 4508->4509 4511 405af8 GetFileAttributesA 4509->4511 4511->4505 4512->4505 4512->4507 4513 4059ef 2 API calls 4512->4513 4616 406313 FindFirstFileA 4512->4616 4513->4507 4514->4380 4515->4350 4517 40376b 4516->4517 4518 40375d CloseHandle 4516->4518 4619 403798 4517->4619 4518->4517 4524 4063a8 5 API calls 4523->4524 4525 4035b6 lstrcatA 4524->4525 4525->4374 4525->4375 4527 4035f8 4526->4527 4528 40564e GetLastError 4526->4528 4527->4388 4528->4527 4529 40565d SetFileSecurityA 4528->4529 4529->4527 4530 405673 GetLastError 4529->4530 4530->4527 4532 40568a 4531->4532 4533 40568e GetLastError 4531->4533 4532->4388 4533->4532 4534->4389 4535->4397 4537 405e10 4536->4537 4538 405e03 4536->4538 4537->4397 4676 405c7f 4538->4676 4541 4059c2 lstrcatA 4540->4541 4542 403258 4540->4542 4541->4542 4542->4411 4543->4417 4544->4419 4546 4059fc 4545->4546 4547 405a01 CharPrevA 4546->4547 4548 402e30 4546->4548 4547->4546 4547->4548 4549 406010 lstrcpynA 4548->4549 4549->4423 4551 402d81 4550->4551 4552 402d69 4550->4552 4555 402d91 GetTickCount 4551->4555 4556 402d89 4551->4556 4553 402d72 DestroyWindow 4552->4553 4554 402d79 4552->4554 4553->4554 4554->4426 4558 402dc2 4555->4558 4559 402d9f CreateDialogParamA ShowWindow 4555->4559 4557 4063e4 2 API calls 4556->4557 4560 402d8f 4557->4560 4558->4426 4559->4558 4560->4426 4561->4432 4563 403011 4562->4563 4564 40303f 4563->4564 4588 403223 SetFilePointer 4563->4588 4566 40320d ReadFile 4564->4566 4567 40304a 4566->4567 4568 4031a6 4567->4568 4569 40305c GetTickCount 4567->4569 4573 403190 4567->4573 4570 4031e8 4568->4570 4574 4031aa 4568->4574 4569->4573 4580 4030ab 4569->4580 4571 40320d ReadFile 4570->4571 4571->4573 4572 40320d ReadFile 4572->4580 4573->4440 4574->4573 4575 40320d ReadFile 4574->4575 4576 405c50 WriteFile 4574->4576 4575->4574 4576->4574 4577 403101 GetTickCount 4577->4580 4578 403126 MulDiv wsprintfA 4579 405137 24 API calls 4578->4579 4579->4580 4580->4572 4580->4573 4580->4577 4580->4578 4586 405c50 WriteFile 4580->4586 4589 405c21 ReadFile 4582->4589 4585->4434 4587 405c6e 4586->4587 4587->4580 4588->4564 4590 403220 4589->4590 4590->4442 4592 403b06 4591->4592 4608 405f6e wsprintfA 4592->4608 4594 403b77 4595 403bab 18 API calls 4594->4595 4597 403b7c 4595->4597 4596 4038b2 4596->4456 4597->4596 4598 406032 17 API calls 4597->4598 4598->4597 4600 4040ea SendMessageA 4599->4600 4602 40522c 4600->4602 4601 4040ea SendMessageA 4603 405265 OleUninitialize 4601->4603 4604 405253 4602->4604 4605 401389 2 API calls 4602->4605 4603->4487 4604->4601 4605->4602 4606->4452 4607->4458 4608->4594 4609->4502 4611 405a5c 4610->4611 4614 405a6c 4610->4614 4613 405a67 CharNextA 4611->4613 4611->4614 4612 405a8c 4612->4505 4612->4506 4613->4612 4614->4612 4615 4059d3 CharNextA 4614->4615 4615->4614 4617 406334 4616->4617 4618 406329 FindClose 4616->4618 4617->4512 4618->4617 4620 4037a6 4619->4620 4621 403770 4620->4621 4622 4037ab FreeLibrary GlobalFree 4620->4622 4623 4057d8 4621->4623 4622->4621 4622->4622 4624 405a96 18 API calls 4623->4624 4625 4057f8 4624->4625 4626 405800 DeleteFileA 4625->4626 4627 405817 4625->4627 4628 40358a OleUninitialize 4626->4628 4629 405945 4627->4629 4663 406010 lstrcpynA 4627->4663 4628->4357 4628->4358 4629->4628 4635 406313 2 API calls 4629->4635 4631 40583d 4632 405850 4631->4632 4633 405843 lstrcatA 4631->4633 4634 4059ef 2 API calls 4632->4634 4636 405856 4633->4636 4634->4636 4638 405969 4635->4638 4637 405864 lstrcatA 4636->4637 4639 40586f lstrlenA FindFirstFileA 4636->4639 4637->4639 4638->4628 4640 40596d 4638->4640 4639->4629 4649 405893 4639->4649 4641 4059a8 3 API calls 4640->4641 4643 405973 4641->4643 4642 4059d3 CharNextA 4642->4649 4644 405790 5 API calls 4643->4644 4645 40597f 4644->4645 4646 405983 4645->4646 4647 405999 4645->4647 4646->4628 4652 405137 24 API calls 4646->4652 4648 405137 24 API calls 4647->4648 4648->4628 4649->4642 4650 405924 FindNextFileA 4649->4650 4661 4058e5 4649->4661 4664 406010 lstrcpynA 4649->4664 4650->4649 4653 40593c FindClose 4650->4653 4654 405990 4652->4654 4653->4629 4655 405def 36 API calls 4654->4655 4658 405997 4655->4658 4657 4057d8 60 API calls 4657->4661 4658->4628 4659 405137 24 API calls 4659->4650 4660 405137 24 API calls 4660->4661 4661->4650 4661->4657 4661->4659 4661->4660 4662 405def 36 API calls 4661->4662 4665 405790 4661->4665 4662->4661 4663->4631 4664->4649 4673 405b84 GetFileAttributesA 4665->4673 4668 4057b3 DeleteFileA 4670 4057b9 4668->4670 4669 4057ab RemoveDirectoryA 4669->4670 4671 4057bd 4670->4671 4672 4057c9 SetFileAttributesA 4670->4672 4671->4661 4672->4671 4674 40579c 4673->4674 4675 405b96 SetFileAttributesA 4673->4675 4674->4668 4674->4669 4674->4671 4675->4674 4677 405ca5 4676->4677 4678 405ccb GetShortPathNameA 4676->4678 4703 405ba9 GetFileAttributesA CreateFileA 4677->4703 4680 405ce0 4678->4680 4681 405dea 4678->4681 4680->4681 4683 405ce8 wsprintfA 4680->4683 4681->4537 4682 405caf CloseHandle GetShortPathNameA 4682->4681 4684 405cc3 4682->4684 4685 406032 17 API calls 4683->4685 4684->4678 4684->4681 4686 405d10 4685->4686 4704 405ba9 GetFileAttributesA CreateFileA 4686->4704 4688 405d1d 4688->4681 4689 405d2c GetFileSize GlobalAlloc 4688->4689 4690 405de3 CloseHandle 4689->4690 4691 405d4e 4689->4691 4690->4681 4692 405c21 ReadFile 4691->4692 4693 405d56 4692->4693 4693->4690 4705 405b0e lstrlenA 4693->4705 4696 405d81 4698 405b0e 4 API calls 4696->4698 4697 405d6d lstrcpyA 4699 405d8f 4697->4699 4698->4699 4700 405dc6 SetFilePointer 4699->4700 4701 405c50 WriteFile 4700->4701 4702 405ddc GlobalFree 4701->4702 4702->4690 4703->4682 4704->4688 4706 405b4f lstrlenA 4705->4706 4707 405b57 4706->4707 4708 405b28 lstrcmpiA 4706->4708 4707->4696 4707->4697 4708->4707 4709 405b46 CharNextA 4708->4709 4709->4706 5063 4037eb 5064 4037f6 5063->5064 5065 4037fa 5064->5065 5066 4037fd GlobalAlloc 5064->5066 5066->5065 5067 4019ed 5068 402b2c 17 API calls 5067->5068 5069 4019f4 5068->5069 5070 402b2c 17 API calls 5069->5070 5071 4019fd 5070->5071 5072 401a04 lstrcmpiA 5071->5072 5073 401a16 lstrcmpA 5071->5073 5074 401a0a 5072->5074 5073->5074 4720 4026ef 4721 4026f6 4720->4721 4724 402965 4720->4724 4722 402b0a 17 API calls 4721->4722 4723 4026fd 4722->4723 4725 40270c SetFilePointer 4723->4725 4725->4724 4726 40271c 4725->4726 4728 405f6e wsprintfA 4726->4728 4728->4724 5075 40156f 5076 401586 5075->5076 5077 40157f ShowWindow 5075->5077 5078 401594 ShowWindow 5076->5078 5079 4029b8 5076->5079 5077->5076 5078->5079 5080 4014f4 SetForegroundWindow 5081 4029b8 5080->5081 4735 405275 4736 405420 4735->4736 4737 405297 GetDlgItem GetDlgItem GetDlgItem 4735->4737 4739 405450 4736->4739 4740 405428 GetDlgItem CreateThread FindCloseChangeNotification 4736->4740 4781 4040d3 SendMessageA 4737->4781 4741 40547e 4739->4741 4743 405466 ShowWindow ShowWindow 4739->4743 4744 40549f 4739->4744 4740->4739 4784 405209 5 API calls 4740->4784 4745 405486 4741->4745 4746 4054d9 4741->4746 4742 405307 4747 40530e GetClientRect GetSystemMetrics SendMessageA SendMessageA 4742->4747 4783 4040d3 SendMessageA 4743->4783 4751 404105 8 API calls 4744->4751 4749 4054b2 ShowWindow 4745->4749 4750 40548e 4745->4750 4746->4744 4754 4054e6 SendMessageA 4746->4754 4752 405360 SendMessageA SendMessageA 4747->4752 4753 40537c 4747->4753 4757 4054d2 4749->4757 4758 4054c4 4749->4758 4755 404077 SendMessageA 4750->4755 4756 4054ab 4751->4756 4752->4753 4759 405381 SendMessageA 4753->4759 4760 40538f 4753->4760 4754->4756 4761 4054ff CreatePopupMenu 4754->4761 4755->4744 4763 404077 SendMessageA 4757->4763 4762 405137 24 API calls 4758->4762 4759->4760 4765 40409e 18 API calls 4760->4765 4764 406032 17 API calls 4761->4764 4762->4757 4763->4746 4766 40550f AppendMenuA 4764->4766 4767 40539f 4765->4767 4768 405540 TrackPopupMenu 4766->4768 4769 40552d GetWindowRect 4766->4769 4770 4053a8 ShowWindow 4767->4770 4771 4053dc GetDlgItem SendMessageA 4767->4771 4768->4756 4772 40555c 4768->4772 4769->4768 4773 4053cb 4770->4773 4774 4053be ShowWindow 4770->4774 4771->4756 4775 405403 SendMessageA SendMessageA 4771->4775 4776 40557b SendMessageA 4772->4776 4782 4040d3 SendMessageA 4773->4782 4774->4773 4775->4756 4776->4776 4777 405598 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4776->4777 4779 4055ba SendMessageA 4777->4779 4779->4779 4780 4055dc GlobalUnlock SetClipboardData CloseClipboard 4779->4780 4780->4756 4781->4742 4782->4771 4783->4741 5082 73da2be3 5083 73da2bfb 5082->5083 5084 73da1534 2 API calls 5083->5084 5085 73da2c16 5084->5085 5086 73da10e0 5089 73da110e 5086->5089 5087 73da11c4 GlobalFree 5088 73da12ad 2 API calls 5088->5089 5089->5087 5089->5088 5090 73da11c3 5089->5090 5091 73da11ea GlobalFree 5089->5091 5092 73da1266 2 API calls 5089->5092 5093 73da1155 GlobalAlloc 5089->5093 5094 73da12d1 lstrcpyA 5089->5094 5095 73da11b1 GlobalFree 5089->5095 5090->5087 5091->5089 5092->5095 5093->5089 5094->5089 5095->5089 5096 401cfb 5097 402b0a 17 API calls 5096->5097 5098 401d02 5097->5098 5099 402b0a 17 API calls 5098->5099 5100 401d0e GetDlgItem 5099->5100 5101 4025e4 5100->5101 5102 4018fd 5103 401934 5102->5103 5104 402b2c 17 API calls 5103->5104 5105 401939 5104->5105 5106 4057d8 67 API calls 5105->5106 5107 401942 5106->5107 5108 401dff GetDC 5109 402b0a 17 API calls 5108->5109 5110 401e11 GetDeviceCaps MulDiv ReleaseDC 5109->5110 5111 402b0a 17 API calls 5110->5111 5112 401e42 5111->5112 5113 406032 17 API calls 5112->5113 5114 401e7f CreateFontIndirectA 5113->5114 5115 4025e4 5114->5115 5116 401000 5117 401037 BeginPaint GetClientRect 5116->5117 5120 40100c DefWindowProcA 5116->5120 5118 4010f3 5117->5118 5121 401073 CreateBrushIndirect FillRect DeleteObject 5118->5121 5122 4010fc 5118->5122 5123 401179 5120->5123 5121->5118 5124 401102 CreateFontIndirectA 5122->5124 5125 401167 EndPaint 5122->5125 5124->5125 5126 401112 6 API calls 5124->5126 5125->5123 5126->5125 5127 401900 5128 402b2c 17 API calls 5127->5128 5129 401907 5128->5129 5130 40572c MessageBoxIndirectA 5129->5130 5131 401910 5130->5131 5132 404881 5133 404891 5132->5133 5134 4048ad 5132->5134 5143 405710 GetDlgItemTextA 5133->5143 5136 4048e0 5134->5136 5137 4048b3 SHGetPathFromIDListA 5134->5137 5139 4048c3 5137->5139 5142 4048ca SendMessageA 5137->5142 5138 40489e SendMessageA 5138->5134 5140 40140b 2 API calls 5139->5140 5140->5142 5142->5136 5143->5138 5144 401502 5145 40150a 5144->5145 5147 40151d 5144->5147 5146 402b0a 17 API calls 5145->5146 5146->5147 5148 404209 5149 40421f 5148->5149 5154 40432b 5148->5154 5152 40409e 18 API calls 5149->5152 5150 40439a 5151 404464 5150->5151 5153 4043a4 GetDlgItem 5150->5153 5160 404105 8 API calls 5151->5160 5155 404275 5152->5155 5156 404422 5153->5156 5157 4043ba 5153->5157 5154->5150 5154->5151 5158 40436f GetDlgItem SendMessageA 5154->5158 5159 40409e 18 API calls 5155->5159 5156->5151 5162 404434 5156->5162 5157->5156 5161 4043e0 SendMessageA LoadCursorA SetCursor 5157->5161 5181 4040c0 KiUserCallbackDispatcher 5158->5181 5164 404282 CheckDlgButton 5159->5164 5173 40445f 5160->5173 5185 4044ad 5161->5185 5166 40443a SendMessageA 5162->5166 5167 40444b 5162->5167 5179 4040c0 KiUserCallbackDispatcher 5164->5179 5166->5167 5172 404451 SendMessageA 5167->5172 5167->5173 5168 404395 5182 404489 5168->5182 5170 4042a0 GetDlgItem 5180 4040d3 SendMessageA 5170->5180 5172->5173 5176 4042b6 SendMessageA 5177 4042d4 GetSysColor 5176->5177 5178 4042dd SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 5176->5178 5177->5178 5178->5173 5179->5170 5180->5176 5181->5168 5183 404497 5182->5183 5184 40449c SendMessageA 5182->5184 5183->5184 5184->5150 5188 4056f2 ShellExecuteExA 5185->5188 5187 404413 LoadCursorA SetCursor 5187->5156 5188->5187 4291 401c0a 4292 402b0a 17 API calls 4291->4292 4293 401c11 4292->4293 4294 402b0a 17 API calls 4293->4294 4295 401c1e 4294->4295 4296 401c33 4295->4296 4297 402b2c 17 API calls 4295->4297 4298 402b2c 17 API calls 4296->4298 4302 401c43 4296->4302 4297->4296 4298->4302 4299 401c9a 4301 402b2c 17 API calls 4299->4301 4300 401c4e 4303 402b0a 17 API calls 4300->4303 4305 401c9f 4301->4305 4302->4299 4302->4300 4304 401c53 4303->4304 4306 402b0a 17 API calls 4304->4306 4307 402b2c 17 API calls 4305->4307 4308 401c5f 4306->4308 4309 401ca8 FindWindowExA 4307->4309 4310 401c8a SendMessageA 4308->4310 4311 401c6c SendMessageTimeoutA 4308->4311 4312 401cc6 4309->4312 4310->4312 4311->4312 5189 401e8f 5190 402b0a 17 API calls 5189->5190 5191 401e95 5190->5191 5192 402b0a 17 API calls 5191->5192 5193 401ea1 5192->5193 5194 401eb8 EnableWindow 5193->5194 5195 401ead ShowWindow 5193->5195 5196 4029b8 5194->5196 5195->5196 5197 401490 5198 405137 24 API calls 5197->5198 5199 401497 5198->5199 5200 402993 SendMessageA 5201 4029b8 5200->5201 5202 4029ad InvalidateRect 5200->5202 5202->5201 5203 401f98 5204 402b2c 17 API calls 5203->5204 5205 401f9f 5204->5205 5206 406313 2 API calls 5205->5206 5207 401fa5 5206->5207 5209 401fb7 5207->5209 5210 405f6e wsprintfA 5207->5210 5210->5209 5211 73da1000 5214 73da101b 5211->5214 5215 73da14bb GlobalFree 5214->5215 5216 73da1020 5215->5216 5217 73da1027 GlobalAlloc 5216->5217 5218 73da1024 5216->5218 5217->5218 5219 73da14e2 3 API calls 5218->5219 5220 73da1019 5219->5220 5221 40149d 5222 4014ab PostQuitMessage 5221->5222 5223 40234e 5221->5223 5222->5223 5224 40159d 5225 402b2c 17 API calls 5224->5225 5226 4015a4 SetFileAttributesA 5225->5226 5227 4015b6 5226->5227 5228 401a1e 5229 402b2c 17 API calls 5228->5229 5230 401a27 ExpandEnvironmentStringsA 5229->5230 5231 401a3b 5230->5231 5233 401a4e 5230->5233 5232 401a40 lstrcmpA 5231->5232 5231->5233 5232->5233 5239 40171f 5240 402b2c 17 API calls 5239->5240 5241 401726 SearchPathA 5240->5241 5242 401741 5241->5242 5243 401d20 5244 402b0a 17 API calls 5243->5244 5245 401d2e SetWindowLongA 5244->5245 5246 4029b8 5245->5246 5247 402721 5248 402727 5247->5248 5249 4029b8 5248->5249 5250 40272f FindClose 5248->5250 5250->5249 5251 73da1638 5252 73da1667 5251->5252 5253 73da1a98 16 API calls 5252->5253 5254 73da166e 5253->5254 5255 73da1681 5254->5255 5256 73da1675 5254->5256 5257 73da168b 5255->5257 5258 73da16a8 5255->5258 5259 73da1266 2 API calls 5256->5259 5260 73da14e2 3 API calls 5257->5260 5261 73da16ae 5258->5261 5262 73da16d2 5258->5262 5266 73da167f 5259->5266 5264 73da1690 5260->5264 5265 73da1559 3 API calls 5261->5265 5263 73da14e2 3 API calls 5262->5263 5263->5266 5267 73da1559 3 API calls 5264->5267 5268 73da16b3 5265->5268 5269 73da1696 5267->5269 5270 73da1266 2 API calls 5268->5270 5271 73da1266 2 API calls 5269->5271 5272 73da16b9 GlobalFree 5270->5272 5273 73da169c GlobalFree 5271->5273 5272->5266 5274 73da16cd GlobalFree 5272->5274 5273->5266 5274->5266 5275 404aa3 GetDlgItem GetDlgItem 5276 404af9 7 API calls 5275->5276 5280 404d20 5275->5280 5277 404ba1 DeleteObject 5276->5277 5278 404b95 SendMessageA 5276->5278 5279 404bac 5277->5279 5278->5277 5281 404be3 5279->5281 5282 406032 17 API calls 5279->5282 5296 404e02 5280->5296 5309 404d8f 5280->5309 5328 4049f1 SendMessageA 5280->5328 5283 40409e 18 API calls 5281->5283 5287 404bc5 SendMessageA SendMessageA 5282->5287 5288 404bf7 5283->5288 5284 404eae 5285 404ec0 5284->5285 5286 404eb8 SendMessageA 5284->5286 5297 404ed2 ImageList_Destroy 5285->5297 5298 404ed9 5285->5298 5306 404ee9 5285->5306 5286->5285 5287->5279 5293 40409e 18 API calls 5288->5293 5289 404d13 5290 404105 8 API calls 5289->5290 5295 4050a4 5290->5295 5291 404df4 SendMessageA 5291->5296 5310 404c08 5293->5310 5294 404e5b SendMessageA 5294->5289 5300 404e70 SendMessageA 5294->5300 5296->5284 5296->5289 5296->5294 5297->5298 5301 404ee2 GlobalFree 5298->5301 5298->5306 5299 405058 5299->5289 5304 40506a ShowWindow GetDlgItem ShowWindow 5299->5304 5303 404e83 5300->5303 5301->5306 5302 404ce2 GetWindowLongA SetWindowLongA 5305 404cfb 5302->5305 5312 404e94 SendMessageA 5303->5312 5304->5289 5307 404d00 ShowWindow 5305->5307 5308 404d18 5305->5308 5306->5299 5322 404f24 5306->5322 5333 404a71 5306->5333 5326 4040d3 SendMessageA 5307->5326 5327 4040d3 SendMessageA 5308->5327 5309->5291 5309->5296 5310->5302 5311 404c5a SendMessageA 5310->5311 5313 404cdd 5310->5313 5316 404c98 SendMessageA 5310->5316 5317 404cac SendMessageA 5310->5317 5311->5310 5312->5284 5313->5302 5313->5305 5316->5310 5317->5310 5319 40502e InvalidateRect 5319->5299 5320 405044 5319->5320 5342 4049ac 5320->5342 5321 404f52 SendMessageA 5325 404f68 5321->5325 5322->5321 5322->5325 5324 404fdc SendMessageA SendMessageA 5324->5325 5325->5319 5325->5324 5326->5289 5327->5280 5329 404a50 SendMessageA 5328->5329 5330 404a14 GetMessagePos ScreenToClient SendMessageA 5328->5330 5331 404a48 5329->5331 5330->5331 5332 404a4d 5330->5332 5331->5309 5332->5329 5345 406010 lstrcpynA 5333->5345 5335 404a84 5346 405f6e wsprintfA 5335->5346 5337 404a8e 5338 40140b 2 API calls 5337->5338 5339 404a97 5338->5339 5347 406010 lstrcpynA 5339->5347 5341 404a9e 5341->5322 5348 4048e7 5342->5348 5344 4049c1 5344->5299 5345->5335 5346->5337 5347->5341 5349 4048fd 5348->5349 5350 406032 17 API calls 5349->5350 5351 404961 5350->5351 5352 406032 17 API calls 5351->5352 5353 40496c 5352->5353 5354 406032 17 API calls 5353->5354 5355 404982 lstrlenA wsprintfA SetDlgItemTextA 5354->5355 5355->5344 5356 4027a3 5357 402b2c 17 API calls 5356->5357 5358 4027b1 5357->5358 5359 4027c7 5358->5359 5360 402b2c 17 API calls 5358->5360 5361 405b84 2 API calls 5359->5361 5360->5359 5362 4027cd 5361->5362 5384 405ba9 GetFileAttributesA CreateFileA 5362->5384 5364 4027da 5365 4027e6 GlobalAlloc 5364->5365 5366 40287d 5364->5366 5367 402874 CloseHandle 5365->5367 5368 4027ff 5365->5368 5369 402885 DeleteFileA 5366->5369 5370 402898 5366->5370 5367->5366 5385 403223 SetFilePointer 5368->5385 5369->5370 5372 402805 5373 40320d ReadFile 5372->5373 5374 40280e GlobalAlloc 5373->5374 5375 402852 5374->5375 5376 40281e 5374->5376 5378 405c50 WriteFile 5375->5378 5377 402ffb 31 API calls 5376->5377 5383 40282b 5377->5383 5379 40285e GlobalFree 5378->5379 5380 402ffb 31 API calls 5379->5380 5381 402871 5380->5381 5381->5367 5382 402849 GlobalFree 5382->5375 5383->5382 5384->5364 5385->5372 5386 4023a7 5387 402b2c 17 API calls 5386->5387 5388 4023b8 5387->5388 5389 402b2c 17 API calls 5388->5389 5390 4023c1 5389->5390 5391 402b2c 17 API calls 5390->5391 5392 4023cb GetPrivateProfileStringA 5391->5392 5393 73da103d 5394 73da101b 5 API calls 5393->5394 5395 73da1056 5394->5395 5396 4050ab 5397 4050bb 5396->5397 5398 4050cf 5396->5398 5399 4050c1 5397->5399 5400 405118 5397->5400 5401 4050d7 IsWindowVisible 5398->5401 5407 4050ee 5398->5407 5403 4040ea SendMessageA 5399->5403 5402 40511d CallWindowProcA 5400->5402 5401->5400 5404 4050e4 5401->5404 5405 4050cb 5402->5405 5403->5405 5406 4049f1 5 API calls 5404->5406 5406->5407 5407->5402 5408 404a71 4 API calls 5407->5408 5408->5400 5409 40292c 5410 402b0a 17 API calls 5409->5410 5411 402932 5410->5411 5412 402967 5411->5412 5413 402783 5411->5413 5415 402944 5411->5415 5412->5413 5414 406032 17 API calls 5412->5414 5414->5413 5415->5413 5417 405f6e wsprintfA 5415->5417 5417->5413 5418 73da1837 5419 73da185a 5418->5419 5420 73da188a GlobalFree 5419->5420 5421 73da189c __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5419->5421 5420->5421 5422 73da1266 2 API calls 5421->5422 5423 73da1a1e GlobalFree GlobalFree 5422->5423 5424 404530 5425 40455c 5424->5425 5426 40456d 5424->5426 5485 405710 GetDlgItemTextA 5425->5485 5428 404579 GetDlgItem 5426->5428 5434 4045d8 5426->5434 5430 40458d 5428->5430 5429 404567 5432 40627a 5 API calls 5429->5432 5436 4045a1 SetWindowTextA 5430->5436 5441 405a41 4 API calls 5430->5441 5431 4046bc 5433 404866 5431->5433 5487 405710 GetDlgItemTextA 5431->5487 5432->5426 5440 404105 8 API calls 5433->5440 5434->5431 5434->5433 5438 406032 17 API calls 5434->5438 5439 40409e 18 API calls 5436->5439 5437 4046ec 5442 405a96 18 API calls 5437->5442 5443 40464c SHBrowseForFolderA 5438->5443 5444 4045bd 5439->5444 5445 40487a 5440->5445 5446 404597 5441->5446 5447 4046f2 5442->5447 5443->5431 5448 404664 CoTaskMemFree 5443->5448 5449 40409e 18 API calls 5444->5449 5446->5436 5450 4059a8 3 API calls 5446->5450 5488 406010 lstrcpynA 5447->5488 5451 4059a8 3 API calls 5448->5451 5452 4045cb 5449->5452 5450->5436 5453 404671 5451->5453 5486 4040d3 SendMessageA 5452->5486 5456 4046a8 SetDlgItemTextA 5453->5456 5461 406032 17 API calls 5453->5461 5456->5431 5457 4045d1 5459 4063a8 5 API calls 5457->5459 5458 404709 5460 4063a8 5 API calls 5458->5460 5459->5434 5468 404710 5460->5468 5462 404690 lstrcmpiA 5461->5462 5462->5456 5465 4046a1 lstrcatA 5462->5465 5463 40474c 5489 406010 lstrcpynA 5463->5489 5465->5456 5466 404753 5467 405a41 4 API calls 5466->5467 5469 404759 GetDiskFreeSpaceA 5467->5469 5468->5463 5471 4059ef 2 API calls 5468->5471 5473 4047a4 5468->5473 5472 40477d MulDiv 5469->5472 5469->5473 5471->5468 5472->5473 5474 404815 5473->5474 5475 4049ac 20 API calls 5473->5475 5476 404838 5474->5476 5477 40140b 2 API calls 5474->5477 5478 404802 5475->5478 5490 4040c0 KiUserCallbackDispatcher 5476->5490 5477->5476 5480 404817 SetDlgItemTextA 5478->5480 5481 404807 5478->5481 5480->5474 5483 4048e7 20 API calls 5481->5483 5482 404854 5482->5433 5484 404489 SendMessageA 5482->5484 5483->5474 5484->5433 5485->5429 5486->5457 5487->5437 5488->5458 5489->5466 5490->5482 5491 402631 5492 402b0a 17 API calls 5491->5492 5493 40263b 5492->5493 5494 405c21 ReadFile 5493->5494 5495 4026ab 5493->5495 5497 4026bb 5493->5497 5499 4026a9 5493->5499 5494->5493 5500 405f6e wsprintfA 5495->5500 5498 4026d1 SetFilePointer 5497->5498 5497->5499 5498->5499 5500->5499 5501 4022b2 5502 402b2c 17 API calls 5501->5502 5503 4022b8 5502->5503 5504 402b2c 17 API calls 5503->5504 5505 4022c1 5504->5505 5506 402b2c 17 API calls 5505->5506 5507 4022ca 5506->5507 5508 406313 2 API calls 5507->5508 5509 4022d3 5508->5509 5510 4022e4 lstrlenA lstrlenA 5509->5510 5514 4022d7 5509->5514 5512 405137 24 API calls 5510->5512 5511 405137 24 API calls 5515 4022df 5511->5515 5513 402320 SHFileOperationA 5512->5513 5513->5514 5513->5515 5514->5511 5514->5515 5516 402334 5517 40233b 5516->5517 5520 40234e 5516->5520 5518 406032 17 API calls 5517->5518 5519 402348 5518->5519 5519->5520 5521 40572c MessageBoxIndirectA 5519->5521 5521->5520 5522 4014b7 5523 4014bd 5522->5523 5524 401389 2 API calls 5523->5524 5525 4014c5 5524->5525 4790 402138 4791 402b2c 17 API calls 4790->4791 4792 40213f 4791->4792 4793 402b2c 17 API calls 4792->4793 4794 402149 4793->4794 4795 402b2c 17 API calls 4794->4795 4796 402153 4795->4796 4797 402b2c 17 API calls 4796->4797 4798 40215d 4797->4798 4799 402b2c 17 API calls 4798->4799 4800 402167 4799->4800 4801 4021a9 CoCreateInstance 4800->4801 4802 402b2c 17 API calls 4800->4802 4805 4021c8 4801->4805 4807 402273 4801->4807 4802->4801 4803 401423 24 API calls 4804 4022a9 4803->4804 4806 402253 MultiByteToWideChar 4805->4806 4805->4807 4806->4807 4807->4803 4807->4804 4861 4015bb 4862 402b2c 17 API calls 4861->4862 4863 4015c2 4862->4863 4864 405a41 4 API calls 4863->4864 4877 4015ca 4864->4877 4865 401624 4867 401652 4865->4867 4868 401629 4865->4868 4866 4059d3 CharNextA 4866->4877 4871 401423 24 API calls 4867->4871 4869 401423 24 API calls 4868->4869 4870 401630 4869->4870 4880 406010 lstrcpynA 4870->4880 4876 40164a 4871->4876 4873 40567a 2 API calls 4873->4877 4874 405697 5 API calls 4874->4877 4875 40163b SetCurrentDirectoryA 4875->4876 4877->4865 4877->4866 4877->4873 4877->4874 4878 40160c GetFileAttributesA 4877->4878 4879 4055fd 4 API calls 4877->4879 4878->4877 4879->4877 4880->4875 4881 40273b 4882 402741 4881->4882 4883 402745 FindNextFileA 4882->4883 4886 402757 4882->4886 4884 402796 4883->4884 4883->4886 4887 406010 lstrcpynA 4884->4887 4887->4886 5526 4016bb 5527 402b2c 17 API calls 5526->5527 5528 4016c1 GetFullPathNameA 5527->5528 5529 4016f9 5528->5529 5530 4016d8 5528->5530 5531 4029b8 5529->5531 5532 40170d GetShortPathNameA 5529->5532 5530->5529 5533 406313 2 API calls 5530->5533 5532->5531 5534 4016e9 5533->5534 5534->5529 5536 406010 lstrcpynA 5534->5536 5536->5529 4888 40243d 4889 402b2c 17 API calls 4888->4889 4890 40244f 4889->4890 4891 402b2c 17 API calls 4890->4891 4892 402459 4891->4892 4905 402bbc 4892->4905 4895 4029b8 4896 40248e 4898 40249a 4896->4898 4900 402b0a 17 API calls 4896->4900 4897 402b2c 17 API calls 4899 402487 lstrlenA 4897->4899 4901 4024b9 RegSetValueExA 4898->4901 4902 402ffb 31 API calls 4898->4902 4899->4896 4900->4898 4903 4024cf RegCloseKey 4901->4903 4902->4901 4903->4895 4906 402bd7 4905->4906 4909 405ec4 4906->4909 4910 405ed3 4909->4910 4911 402469 4910->4911 4912 405ede RegCreateKeyExA 4910->4912 4911->4895 4911->4896 4911->4897 4912->4911 5537 401b3f 5538 402b2c 17 API calls 5537->5538 5539 401b46 5538->5539 5540 402b0a 17 API calls 5539->5540 5541 401b4f wsprintfA 5540->5541 5542 4029b8 5541->5542

                                                            Executed Functions

                                                            Function 0040326B Relevance: 91.4, APIs: 32, Strings: 20, Instructions: 366stringcomfileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 0 40326b-4032aa SetErrorMode GetVersion 1 4032ac-4032b4 call 4063a8 0->1 2 4032bd 0->2 1->2 8 4032b6 1->8 3 4032c2-4032d5 call 40633a lstrlenA 2->3 9 4032d7-4032f3 call 4063a8 * 3 3->9 8->2 16 403304-403362 #17 OleInitialize SHGetFileInfoA call 406010 GetCommandLineA call 406010 9->16 17 4032f5-4032fb 9->17 24 403364-403369 16->24 25 40336e-403383 call 4059d3 CharNextA 16->25 17->16 22 4032fd 17->22 22->16 24->25 28 403448-40344c 25->28 29 403452 28->29 30 403388-40338b 28->30 33 403465-40347f GetTempPathA call 40323a 29->33 31 403393-40339b 30->31 32 40338d-403391 30->32 34 4033a3-4033a6 31->34 35 40339d-40339e 31->35 32->31 32->32 40 403481-40349f GetWindowsDirectoryA lstrcatA call 40323a 33->40 41 4034d7-4034f1 DeleteFileA call 402dc4 33->41 37 403438-403445 call 4059d3 34->37 38 4033ac-4033b0 34->38 35->34 37->28 57 403447 37->57 43 4033b2-4033b8 38->43 44 4033c8-4033f5 38->44 40->41 58 4034a1-4034d1 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 40323a 40->58 59 403585-403595 call 403753 OleUninitialize 41->59 60 4034f7-4034fd 41->60 50 4033ba-4033bc 43->50 51 4033be 43->51 46 4033f7-4033fd 44->46 47 403408-403436 44->47 53 403403 46->53 54 4033ff-403401 46->54 47->37 55 403454-403460 call 406010 47->55 50->44 50->51 51->44 53->47 54->47 54->53 55->33 57->28 58->41 58->59 72 4036b9-4036bf 59->72 73 40359b-4035ab call 40572c ExitProcess 59->73 63 403575-40357c call 40382d 60->63 64 4034ff-40350a call 4059d3 60->64 70 403581 63->70 77 403540-40354a 64->77 78 40350c-403535 64->78 70->59 75 4036c1-4036da GetCurrentProcess OpenProcessToken 72->75 76 40373b-403743 72->76 84 40370c-40371a call 4063a8 75->84 85 4036dc-403706 LookupPrivilegeValueA AdjustTokenPrivileges 75->85 79 403745 76->79 80 403749-40374d ExitProcess 76->80 82 4035b1-4035c5 call 405697 lstrcatA 77->82 83 40354c-403559 call 405a96 77->83 86 403537-403539 78->86 79->80 95 4035d2-4035ec lstrcatA lstrcmpiA 82->95 96 4035c7-4035cd lstrcatA 82->96 83->59 94 40355b-403571 call 406010 * 2 83->94 97 403728-403732 ExitWindowsEx 84->97 98 40371c-403726 84->98 85->84 86->77 90 40353b-40353e 86->90 90->77 90->86 94->63 95->59 100 4035ee-4035f1 95->100 96->95 97->76 101 403734-403736 call 40140b 97->101 98->97 98->101 103 4035f3-4035f8 call 4055fd 100->103 104 4035fa call 40567a 100->104 101->76 112 4035ff-40360c SetCurrentDirectoryA 103->112 104->112 113 403619-403641 call 406010 112->113 114 40360e-403614 call 406010 112->114 118 403647-403663 call 406032 DeleteFileA 113->118 114->113 121 4036a4-4036ab 118->121 122 403665-403675 CopyFileA 118->122 121->118 123 4036ad-4036b4 call 405def 121->123 122->121 124 403677-403697 call 405def call 406032 call 4056af 122->124 123->59 124->121 133 403699-4036a0 CloseHandle 124->133 133->121
                                                            C-Code - Quality: 86%
                                                            			_entry_() {
				signed int _t42;
				intOrPtr* _t47;
				CHAR* _t51;
				char* _t53;
				CHAR* _t55;
				void* _t59;
				intOrPtr _t61;
				int _t63;
				int _t66;
				signed int _t67;
				int _t68;
				signed int _t70;
				void* _t94;
				signed int _t110;
				void* _t113;
				void* _t118;
				intOrPtr* _t119;
				char _t122;
				signed int _t141;
				signed int _t142;
				int _t150;
				void* _t151;
				intOrPtr* _t153;
				CHAR* _t156;
				CHAR* _t157;
				void* _t159;
				char* _t160;
				void* _t163;
				void* _t164;
				char _t189;

				 *(_t164 + 0x18) = 0;
				 *((intOrPtr*)(_t164 + 0x10)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t164 + 0x20) = 0;
				 *(_t164 + 0x14) = 0x20;
				SetErrorMode(0x8001); // executed
				_t42 = GetVersion() & 0xbfffffff;
				 *0x42f40c = _t42;
				if(_t42 != 6) {
					_t119 = E004063A8(0);
					if(_t119 != 0) {
						 *_t119(0xc00);
					}
				}
				_t156 = "UXTHEME";
				do {
					E0040633A(_t156); // executed
					_t156 =  &(_t156[lstrlenA(_t156) + 1]);
				} while ( *_t156 != 0);
				E004063A8(0xa);
				 *0x42f404 = E004063A8(8);
				_t47 = E004063A8(6);
				if(_t47 != 0) {
					_t47 =  *_t47(0x1e);
					if(_t47 != 0) {
						 *0x42f40f =  *0x42f40f | 0x00000040;
					}
				}
				__imp__#17(_t159);
				__imp__OleInitialize(0); // executed
				 *0x42f4d8 = _t47;
				SHGetFileInfoA(0x429830, 0, _t164 + 0x38, 0x160, 0); // executed
				E00406010("Wildix Integration Service v3.9.1 Setup", "NSIS Error");
				_t51 = GetCommandLineA();
				_t160 = "\"C:\\Users\\jones\\Desktop\\SetupWIService.exe\" ";
				E00406010(_t160, _t51);
				 *0x42f400 = 0x400000;
				_t53 = _t160;
				if("\"C:\\Users\\jones\\Desktop\\SetupWIService.exe\" " == 0x22) {
					 *(_t164 + 0x14) = 0x22;
					_t53 =  &M00435001;
				}
				_t55 = CharNextA(E004059D3(_t53,  *(_t164 + 0x14)));
				 *(_t164 + 0x1c) = _t55;
				while(1) {
					_t122 =  *_t55;
					_t172 = _t122;
					if(_t122 == 0) {
						break;
					}
					__eflags = _t122 - 0x20;
					if(_t122 != 0x20) {
						L13:
						__eflags =  *_t55 - 0x22;
						 *(_t164 + 0x14) = 0x20;
						if( *_t55 == 0x22) {
							_t55 =  &(_t55[1]);
							__eflags = _t55;
							 *(_t164 + 0x14) = 0x22;
						}
						__eflags =  *_t55 - 0x2f;
						if( *_t55 != 0x2f) {
							L25:
							_t55 = E004059D3(_t55,  *(_t164 + 0x14));
							__eflags =  *_t55 - 0x22;
							if(__eflags == 0) {
								_t55 =  &(_t55[1]);
								__eflags = _t55;
							}
							continue;
						} else {
							_t55 =  &(_t55[1]);
							__eflags =  *_t55 - 0x53;
							if( *_t55 != 0x53) {
								L20:
								__eflags =  *_t55 - ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC");
								if( *_t55 != ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC")) {
									L24:
									__eflags =  *((intOrPtr*)(_t55 - 2)) - ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=");
									if( *((intOrPtr*)(_t55 - 2)) == ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=")) {
										 *((char*)(_t55 - 2)) = 0;
										__eflags =  &(_t55[2]);
										E00406010("C:\\Program Files\\Wildix\\WIService",  &(_t55[2]));
										L30:
										_t157 = "C:\\Users\\jones\\AppData\\Local\\Temp\\";
										GetTempPathA(0x400, _t157); // executed
										_t59 = E0040323A(_t172);
										_t173 = _t59;
										if(_t59 != 0) {
											L33:
											DeleteFileA("1033"); // executed
											_t61 = E00402DC4(_t175,  *(_t164 + 0x20)); // executed
											 *((intOrPtr*)(_t164 + 0x10)) = _t61;
											if(_t61 != 0) {
												L43:
												E00403753();
												__imp__OleUninitialize();
												_t185 =  *((intOrPtr*)(_t164 + 0x10));
												if( *((intOrPtr*)(_t164 + 0x10)) == 0) {
													__eflags =  *0x42f4b4;
													if( *0x42f4b4 == 0) {
														L67:
														_t63 =  *0x42f4cc;
														__eflags = _t63 - 0xffffffff;
														if(_t63 != 0xffffffff) {
															 *(_t164 + 0x14) = _t63;
														}
														ExitProcess( *(_t164 + 0x14));
													}
													_t66 = OpenProcessToken(GetCurrentProcess(), 0x28, _t164 + 0x18);
													__eflags = _t66;
													_t150 = 2;
													if(_t66 != 0) {
														LookupPrivilegeValueA(0, "SeShutdownPrivilege", _t164 + 0x24);
														 *(_t164 + 0x38) = 1;
														 *(_t164 + 0x44) = _t150;
														AdjustTokenPrivileges( *(_t164 + 0x2c), 0, _t164 + 0x28, 0, 0, 0);
													}
													_t67 = E004063A8(4);
													__eflags = _t67;
													if(_t67 == 0) {
														L65:
														_t68 = ExitWindowsEx(_t150, 0x80040002);
														__eflags = _t68;
														if(_t68 != 0) {
															goto L67;
														}
														goto L66;
													} else {
														_t70 =  *_t67(0, 0, 0, 0x25, 0x80040002);
														__eflags = _t70;
														if(_t70 == 0) {
															L66:
															E0040140B(9);
															goto L67;
														}
														goto L65;
													}
												}
												E0040572C( *((intOrPtr*)(_t164 + 0x10)), 0x200010);
												ExitProcess(2);
											}
											if( *0x42f420 == 0) {
												L42:
												 *0x42f4cc =  *0x42f4cc | 0xffffffff;
												 *(_t164 + 0x18) = E0040382D( *0x42f4cc);
												goto L43;
											}
											_t153 = E004059D3(_t160, 0);
											if(_t153 < _t160) {
												L39:
												_t182 = _t153 - _t160;
												 *((intOrPtr*)(_t164 + 0x10)) = "Error launching installer";
												if(_t153 < _t160) {
													_t151 = E00405697(_t185);
													lstrcatA(_t157, "~nsu");
													if(_t151 != 0) {
														lstrcatA(_t157, "A");
													}
													lstrcatA(_t157, ".tmp");
													_t162 = "C:\\Users\\jones\\Desktop";
													if(lstrcmpiA(_t157, "C:\\Users\\jones\\Desktop") != 0) {
														_push(_t157);
														if(_t151 == 0) {
															E0040567A();
														} else {
															E004055FD();
														}
														SetCurrentDirectoryA(_t157);
														_t189 = "C:\\Program Files\\Wildix\\WIService"; // 0x43
														if(_t189 == 0) {
															E00406010("C:\\Program Files\\Wildix\\WIService", _t162);
														}
														E00406010("0x00004688",  *(_t164 + 0x1c));
														_t137 = "A";
														_t163 = 0x1a;
														 *"15" = "A";
														do {
															E00406032(0, 0x429430, _t157, 0x429430,  *((intOrPtr*)( *0x42f414 + 0x120)));
															DeleteFileA(0x429430);
															if( *((intOrPtr*)(_t164 + 0x10)) != 0 && CopyFileA("C:\\Users\\jones\\Desktop\\SetupWIService.exe", 0x429430, 1) != 0) {
																E00405DEF(_t137, 0x429430, 0);
																E00406032(0, 0x429430, _t157, 0x429430,  *((intOrPtr*)( *0x42f414 + 0x124)));
																_t94 = E004056AF(0x429430);
																if(_t94 != 0) {
																	CloseHandle(_t94);
																	 *((intOrPtr*)(_t164 + 0x10)) = 0;
																}
															}
															 *"15" =  *"15" + 1;
															_t163 = _t163 - 1;
														} while (_t163 != 0);
														E00405DEF(_t137, _t157, 0);
													}
													goto L43;
												}
												 *_t153 = 0;
												_t154 = _t153 + 4;
												if(E00405A96(_t182, _t153 + 4) == 0) {
													goto L43;
												}
												E00406010("C:\\Program Files\\Wildix\\WIService", _t154);
												E00406010("C:\\Program Files\\Wildix\\WIService", _t154);
												 *((intOrPtr*)(_t164 + 0x10)) = 0;
												goto L42;
											}
											_t110 = (( *0x40a15b << 0x00000008 |  *0x40a15a) << 0x00000008 |  *0x40a159) << 0x00000008 | " _?=";
											while( *_t153 != _t110) {
												_t153 = _t153 - 1;
												if(_t153 >= _t160) {
													continue;
												}
												goto L39;
											}
											goto L39;
										}
										GetWindowsDirectoryA(_t157, 0x3fb);
										lstrcatA(_t157, "\\Temp");
										_t113 = E0040323A(_t173);
										_t174 = _t113;
										if(_t113 != 0) {
											goto L33;
										}
										GetTempPathA(0x3fc, _t157);
										lstrcatA(_t157, "Low");
										SetEnvironmentVariableA("TEMP", _t157);
										SetEnvironmentVariableA("TMP", _t157);
										_t118 = E0040323A(_t174);
										_t175 = _t118;
										if(_t118 == 0) {
											goto L43;
										}
										goto L33;
									}
									goto L25;
								}
								_t141 = _t55[4];
								__eflags = _t141 - 0x20;
								if(_t141 == 0x20) {
									L23:
									_t15 = _t164 + 0x20;
									 *_t15 =  *(_t164 + 0x20) | 0x00000004;
									__eflags =  *_t15;
									goto L24;
								}
								__eflags = _t141;
								if(_t141 != 0) {
									goto L24;
								}
								goto L23;
							}
							_t142 = _t55[1];
							__eflags = _t142 - 0x20;
							if(_t142 == 0x20) {
								L19:
								 *0x42f4c0 = 1;
								goto L20;
							}
							__eflags = _t142;
							if(_t142 != 0) {
								goto L20;
							}
							goto L19;
						}
					} else {
						goto L12;
					}
					do {
						L12:
						_t55 =  &(_t55[1]);
						__eflags =  *_t55 - 0x20;
					} while ( *_t55 == 0x20);
					goto L13;
				}
				goto L30;
			}

































                                                            0x0040327b
                                                            0x0040327f
                                                            0x00403287
                                                            0x0040328b
                                                            0x00403290
                                                            0x0040329c
                                                            0x004032a5
                                                            0x004032aa
                                                            0x004032ad
                                                            0x004032b4
                                                            0x004032bb
                                                            0x004032bb
                                                            0x004032b4
                                                            0x004032bd
                                                            0x004032c2
                                                            0x004032c3
                                                            0x004032cf
                                                            0x004032d3
                                                            0x004032d9
                                                            0x004032e7
                                                            0x004032ec
                                                            0x004032f3
                                                            0x004032f7
                                                            0x004032fb
                                                            0x004032fd
                                                            0x004032fd
                                                            0x004032fb
                                                            0x00403305
                                                            0x0040330c
                                                            0x00403312
                                                            0x00403328
                                                            0x00403338
                                                            0x0040333d
                                                            0x00403343
                                                            0x0040334a
                                                            0x00403356
                                                            0x00403360
                                                            0x00403362
                                                            0x00403364
                                                            0x00403369
                                                            0x00403369
                                                            0x00403379
                                                            0x0040337f
                                                            0x00403448
                                                            0x00403448
                                                            0x0040344a
                                                            0x0040344c
                                                            0x00000000
                                                            0x00000000
                                                            0x00403388
                                                            0x0040338b
                                                            0x00403393
                                                            0x00403393
                                                            0x00403396
                                                            0x0040339b
                                                            0x0040339d
                                                            0x0040339d
                                                            0x0040339e
                                                            0x0040339e
                                                            0x004033a3
                                                            0x004033a6
                                                            0x00403438
                                                            0x0040343d
                                                            0x00403442
                                                            0x00403445
                                                            0x00403447
                                                            0x00403447
                                                            0x00403447
                                                            0x00000000
                                                            0x004033ac
                                                            0x004033ac
                                                            0x004033ad
                                                            0x004033b0
                                                            0x004033c8
                                                            0x004033f3
                                                            0x004033f5
                                                            0x00403408
                                                            0x00403433
                                                            0x00403436
                                                            0x00403454
                                                            0x00403457
                                                            0x00403460
                                                            0x00403465
                                                            0x0040346b
                                                            0x00403476
                                                            0x00403478
                                                            0x0040347d
                                                            0x0040347f
                                                            0x004034d7
                                                            0x004034dc
                                                            0x004034e6
                                                            0x004034ed
                                                            0x004034f1
                                                            0x00403585
                                                            0x00403585
                                                            0x0040358a
                                                            0x00403590
                                                            0x00403595
                                                            0x004036b9
                                                            0x004036bf
                                                            0x0040373b
                                                            0x0040373b
                                                            0x00403740
                                                            0x00403743
                                                            0x00403745
                                                            0x00403745
                                                            0x0040374d
                                                            0x0040374d
                                                            0x004036cf
                                                            0x004036d7
                                                            0x004036d9
                                                            0x004036da
                                                            0x004036e7
                                                            0x004036fa
                                                            0x00403702
                                                            0x00403706
                                                            0x00403706
                                                            0x0040370e
                                                            0x00403713
                                                            0x0040371a
                                                            0x00403728
                                                            0x0040372a
                                                            0x00403730
                                                            0x00403732
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040371c
                                                            0x00403722
                                                            0x00403724
                                                            0x00403726
                                                            0x00403734
                                                            0x00403736
                                                            0x00000000
                                                            0x00403736
                                                            0x00000000
                                                            0x00403726
                                                            0x0040371a
                                                            0x004035a4
                                                            0x004035ab
                                                            0x004035ab
                                                            0x004034fd
                                                            0x00403575
                                                            0x00403575
                                                            0x00403581
                                                            0x00000000
                                                            0x00403581
                                                            0x00403506
                                                            0x0040350a
                                                            0x00403540
                                                            0x00403540
                                                            0x00403542
                                                            0x0040354a
                                                            0x004035bc
                                                            0x004035be
                                                            0x004035c5
                                                            0x004035cd
                                                            0x004035cd
                                                            0x004035d8
                                                            0x004035dd
                                                            0x004035ec
                                                            0x004035f0
                                                            0x004035f1
                                                            0x004035fa
                                                            0x004035f3
                                                            0x004035f3
                                                            0x004035f3
                                                            0x00403600
                                                            0x00403606
                                                            0x0040360c
                                                            0x00403614
                                                            0x00403614
                                                            0x00403622
                                                            0x00403627
                                                            0x00403639
                                                            0x00403641
                                                            0x00403647
                                                            0x00403653
                                                            0x00403659
                                                            0x00403663
                                                            0x00403679
                                                            0x0040368a
                                                            0x00403690
                                                            0x00403697
                                                            0x0040369a
                                                            0x004036a0
                                                            0x004036a0
                                                            0x00403697
                                                            0x004036a4
                                                            0x004036aa
                                                            0x004036aa
                                                            0x004036af
                                                            0x004036af
                                                            0x00000000
                                                            0x004035ec
                                                            0x0040354c
                                                            0x0040354e
                                                            0x00403559
                                                            0x00000000
                                                            0x00000000
                                                            0x00403561
                                                            0x0040356c
                                                            0x00403571
                                                            0x00000000
                                                            0x00403571
                                                            0x00403535
                                                            0x00403537
                                                            0x0040353b
                                                            0x0040353e
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040353e
                                                            0x00000000
                                                            0x00403537
                                                            0x00403487
                                                            0x00403493
                                                            0x00403498
                                                            0x0040349d
                                                            0x0040349f
                                                            0x00000000
                                                            0x00000000
                                                            0x004034a7
                                                            0x004034af
                                                            0x004034c0
                                                            0x004034c8
                                                            0x004034ca
                                                            0x004034cf
                                                            0x004034d1
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004034d1
                                                            0x00000000
                                                            0x00403436
                                                            0x004033f7
                                                            0x004033fa
                                                            0x004033fd
                                                            0x00403403
                                                            0x00403403
                                                            0x00403403
                                                            0x00403403
                                                            0x00000000
                                                            0x00403403
                                                            0x004033ff
                                                            0x00403401
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00403401
                                                            0x004033b2
                                                            0x004033b5
                                                            0x004033b8
                                                            0x004033be
                                                            0x004033be
                                                            0x00000000
                                                            0x004033be
                                                            0x004033ba
                                                            0x004033bc
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004033bc
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040338d
                                                            0x0040338d
                                                            0x0040338d
                                                            0x0040338e
                                                            0x0040338e
                                                            0x00000000
                                                            0x0040338d
                                                            0x00000000

                                                            APIs
                                                            • SetErrorMode.KERNELBASE ref: 00403290
                                                            • GetVersion.KERNEL32 ref: 00403296
                                                            • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004032C9
                                                            • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403305
                                                            • OleInitialize.OLE32(00000000), ref: 0040330C
                                                            • SHGetFileInfoA.SHELL32(00429830,00000000,?,00000160,00000000,?,00000006,00000008,0000000A), ref: 00403328
                                                            • GetCommandLineA.KERNEL32(Wildix Integration Service v3.9.1 Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040333D
                                                            • CharNextA.USER32(00000000,"C:\Users\user\Desktop\SetupWIService.exe" ,00000020,"C:\Users\user\Desktop\SetupWIService.exe" ,00000000,?,00000006,00000008,0000000A), ref: 00403379
                                                            • GetTempPathA.KERNELBASE(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000006,00000008,0000000A), ref: 00403476
                                                            • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 00403487
                                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 00403493
                                                            • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004034A7
                                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004034AF
                                                            • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004034C0
                                                            • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 004034C8
                                                            • DeleteFileA.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 004034DC
                                                              • Part of subcall function 004063A8: GetModuleHandleA.KERNEL32(?,?,?,004032DE,0000000A), ref: 004063BA
                                                              • Part of subcall function 004063A8: GetProcAddress.KERNEL32(00000000,?), ref: 004063D5
                                                              • Part of subcall function 0040382D: lstrlenA.KERNEL32(0042E3A0,?,?,?,0042E3A0,00000000,C:\Program Files\Wildix\WIService,1033,Wildix Integration Service v3.9.1 Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix Integration Service v3.9.1 Setup ,00000000,00000002,7476FA90), ref: 0040391D
                                                              • Part of subcall function 0040382D: lstrcmpiA.KERNEL32(?,.exe,0042E3A0,?,?,?,0042E3A0,00000000,C:\Program Files\Wildix\WIService,1033,Wildix Integration Service v3.9.1 Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix Integration Service v3.9.1 Setup ,00000000), ref: 00403930
                                                              • Part of subcall function 0040382D: GetFileAttributesA.KERNEL32(0042E3A0), ref: 0040393B
                                                              • Part of subcall function 0040382D: LoadImageA.USER32 ref: 00403984
                                                              • Part of subcall function 0040382D: RegisterClassA.USER32 ref: 004039C1
                                                              • Part of subcall function 00403753: CloseHandle.KERNEL32(00000288,0040358A,?,?,00000006,00000008,0000000A), ref: 0040375E
                                                            • OleUninitialize.OLE32(?,?,00000006,00000008,0000000A), ref: 0040358A
                                                            • ExitProcess.KERNEL32 ref: 004035AB
                                                            • GetCurrentProcess.KERNEL32(00000028,?,00000006,00000008,0000000A), ref: 004036C8
                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 004036CF
                                                            • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004036E7
                                                            • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00403706
                                                            • ExitWindowsEx.USER32(00000002,80040002), ref: 0040372A
                                                            • ExitProcess.KERNEL32 ref: 0040374D
                                                              • Part of subcall function 0040572C: MessageBoxIndirectA.USER32(0040A218), ref: 00405787
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Process$ExitFile$EnvironmentHandlePathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCloseCommandCurrentDeleteDirectoryErrorImageIndirectInfoInitializeLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeValueVersionlstrcmpi
                                                            • String ID: "$"C:\Users\user\Desktop\SetupWIService.exe" $.tmp$0x00004688$1033$C:\Program Files\Wildix\WIService$C:\Program Files\Wildix\WIService$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SetupWIService.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$Wildix Integration Service v3.9.1 Setup$\Temp$~nsu
                                                            • API String ID: 3776617018-1010565703
                                                            • Opcode ID: 4775c68527fbb917aecb0a7c801f737b56a4a891fa957fa25b7ad5f6c3460015
                                                            • Instruction ID: c488d4947f624a60ea111d8e8e2b3f6be1d3d76fce8bfd42f4ae142e8cae794f
                                                            • Opcode Fuzzy Hash: 4775c68527fbb917aecb0a7c801f737b56a4a891fa957fa25b7ad5f6c3460015
                                                            • Instruction Fuzzy Hash: 9EC10570104741AAD7216F759D49B2F3EA8AF4570AF44443FF582B61E2CB7C8A198B2F
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405275 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 134 405275-405291 135 405420-405426 134->135 136 405297-40535e GetDlgItem * 3 call 4040d3 call 4049c4 GetClientRect GetSystemMetrics SendMessageA * 2 134->136 138 405450-40545c 135->138 139 405428-40544a GetDlgItem CreateThread FindCloseChangeNotification 135->139 154 405360-40537a SendMessageA * 2 136->154 155 40537c-40537f 136->155 140 40547e-405484 138->140 141 40545e-405464 138->141 139->138 145 405486-40548c 140->145 146 4054d9-4054dc 140->146 143 405466-405479 ShowWindow * 2 call 4040d3 141->143 144 40549f-4054a6 call 404105 141->144 143->140 158 4054ab-4054af 144->158 151 4054b2-4054c2 ShowWindow 145->151 152 40548e-40549a call 404077 145->152 146->144 149 4054de-4054e4 146->149 149->144 156 4054e6-4054f9 SendMessageA 149->156 159 4054d2-4054d4 call 404077 151->159 160 4054c4-4054cd call 405137 151->160 152->144 154->155 161 405381-40538d SendMessageA 155->161 162 40538f-4053a6 call 40409e 155->162 163 4055f6-4055f8 156->163 164 4054ff-40552b CreatePopupMenu call 406032 AppendMenuA 156->164 159->146 160->159 161->162 173 4053a8-4053bc ShowWindow 162->173 174 4053dc-4053fd GetDlgItem SendMessageA 162->174 163->158 171 405540-405556 TrackPopupMenu 164->171 172 40552d-40553d GetWindowRect 164->172 171->163 175 40555c-405576 171->175 172->171 176 4053cb 173->176 177 4053be-4053c9 ShowWindow 173->177 174->163 178 405403-40541b SendMessageA * 2 174->178 179 40557b-405596 SendMessageA 175->179 180 4053d1-4053d7 call 4040d3 176->180 177->180 178->163 179->179 181 405598-4055b8 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 179->181 180->174 183 4055ba-4055da SendMessageA 181->183 183->183 184 4055dc-4055f0 GlobalUnlock SetClipboardData CloseClipboard 183->184 184->163
                                                            C-Code - Quality: 96%
                                                            			E00405275(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				struct tagRECT _v24;
				void* _v32;
				signed int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				void* _v56;
				void* _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t87;
				struct HWND__* _t89;
				long _t90;
				int _t95;
				int _t96;
				long _t99;
				void* _t102;
				intOrPtr _t113;
				void* _t121;
				intOrPtr _t124;
				struct HWND__* _t128;
				int _t150;
				int _t153;
				long _t157;
				struct HWND__* _t161;
				struct HMENU__* _t163;
				long _t165;
				void* _t166;
				char* _t167;
				char* _t168;
				int _t169;

				_t87 =  *0x42ebe4; // 0x103ae
				_t157 = _a8;
				_t150 = 0;
				_v8 = _t87;
				if(_t157 != 0x110) {
					__eflags = _t157 - 0x405;
					if(_t157 == 0x405) {
						_t121 = CreateThread(0, 0, E00405209, GetDlgItem(_a4, 0x3ec), 0,  &_a8); // executed
						FindCloseChangeNotification(_t121);
					}
					__eflags = _t157 - 0x111;
					if(_t157 != 0x111) {
						L17:
						__eflags = _t157 - 0x404;
						if(_t157 != 0x404) {
							L25:
							__eflags = _t157 - 0x7b;
							if(_t157 != 0x7b) {
								goto L20;
							}
							_t89 = _v8;
							__eflags = _a12 - _t89;
							if(_a12 != _t89) {
								goto L20;
							}
							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
							__eflags = _t90 - _t150;
							_a12 = _t90;
							if(_t90 <= _t150) {
								L36:
								return 0;
							}
							_t163 = CreatePopupMenu();
							AppendMenuA(_t163, _t150, 1, E00406032(_t150, _t157, _t163, _t150, 0xffffffe1));
							_t95 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t153 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v24);
								_t95 = _v24.left;
								_t153 = _v24.top;
							}
							_t96 = TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150);
							__eflags = _t96 - 1;
							if(_t96 == 1) {
								_t165 = 1;
								__eflags = 1;
								_v56 = _t150;
								_v44 = 0x42a870;
								_v40 = 0x1000;
								_a4 = _a12;
								do {
									_a4 = _a4 - 1;
									_t99 = SendMessageA(_v8, 0x102d, _a4,  &_v64);
									__eflags = _a4 - _t150;
									_t165 = _t165 + _t99 + 2;
								} while (_a4 != _t150);
								OpenClipboard(_t150);
								EmptyClipboard();
								_t102 = GlobalAlloc(0x42, _t165);
								_a4 = _t102;
								_t166 = GlobalLock(_t102);
								do {
									_v44 = _t166;
									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
									 *_t167 = 0xd;
									_t168 = _t167 + 1;
									 *_t168 = 0xa;
									_t166 = _t168 + 1;
									_t150 = _t150 + 1;
									__eflags = _t150 - _a12;
								} while (_t150 < _a12);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x42ebcc - _t150; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x42f408, 8);
							__eflags =  *0x42f4ac - _t150;
							if( *0x42f4ac == _t150) {
								_t113 =  *0x42a048; // 0x5c8834
								E00405137( *((intOrPtr*)(_t113 + 0x34)), _t150);
							}
							E00404077(1);
							goto L25;
						}
						 *0x429c40 = 2;
						E00404077(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00404105(_t157, _a12, _a16);
						}
						ShowWindow( *0x42ebd0, _t150);
						ShowWindow(_v8, 8);
						E004040D3(_v8);
						goto L17;
					}
				}
				_v48 = _v48 | 0xffffffff;
				_v36 = _v36 | 0xffffffff;
				_t169 = 2;
				_v56 = _t169;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				_t124 =  *0x42f414;
				_a12 =  *((intOrPtr*)(_t124 + 0x5c));
				_a8 =  *((intOrPtr*)(_t124 + 0x60));
				 *0x42ebd0 = GetDlgItem(_a4, 0x403);
				 *0x42ebc8 = GetDlgItem(_a4, 0x3ee);
				_t128 = GetDlgItem(_a4, 0x3f8);
				 *0x42ebe4 = _t128;
				_v8 = _t128;
				E004040D3( *0x42ebd0);
				 *0x42ebd4 = E004049C4(4);
				 *0x42ebec = 0;
				GetClientRect(_v8,  &_v24);
				_v48 = _v24.right - GetSystemMetrics(_t169);
				SendMessageA(_v8, 0x101b, 0,  &_v56);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a12 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a12);
					SendMessageA(_v8, 0x1026, 0, _a12);
				}
				if(_a8 >= _t150) {
					SendMessageA(_v8, 0x1024, _t150, _a8);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E0040409E(_a4);
				if(( *0x42f41c & 0x00000003) != 0) {
					ShowWindow( *0x42ebd0, _t150);
					if(( *0x42f41c & 0x00000002) != 0) {
						 *0x42ebd0 = _t150;
					} else {
						ShowWindow(_v8, 8);
					}
					E004040D3( *0x42ebc8);
				}
				_t161 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t161, 0x401, _t150, 0x75300000);
				if(( *0x42f41c & 0x00000004) != 0) {
					SendMessageA(_t161, 0x409, _t150, _a8);
					SendMessageA(_t161, 0x2001, _t150, _a12);
				}
				goto L36;
			}





































                                                            0x0040527b
                                                            0x00405283
                                                            0x00405286
                                                            0x0040528e
                                                            0x00405291
                                                            0x00405420
                                                            0x00405426
                                                            0x00405443
                                                            0x0040544a
                                                            0x0040544a
                                                            0x00405456
                                                            0x0040545c
                                                            0x0040547e
                                                            0x0040547e
                                                            0x00405484
                                                            0x004054d9
                                                            0x004054d9
                                                            0x004054dc
                                                            0x00000000
                                                            0x00000000
                                                            0x004054de
                                                            0x004054e1
                                                            0x004054e4
                                                            0x00000000
                                                            0x00000000
                                                            0x004054ee
                                                            0x004054f4
                                                            0x004054f6
                                                            0x004054f9
                                                            0x004055f6
                                                            0x00000000
                                                            0x004055f6
                                                            0x00405508
                                                            0x00405514
                                                            0x0040551d
                                                            0x00405524
                                                            0x00405528
                                                            0x0040552b
                                                            0x00405534
                                                            0x0040553a
                                                            0x0040553d
                                                            0x0040553d
                                                            0x0040554d
                                                            0x00405553
                                                            0x00405556
                                                            0x00405561
                                                            0x00405561
                                                            0x00405562
                                                            0x00405565
                                                            0x0040556c
                                                            0x00405573
                                                            0x0040557b
                                                            0x0040557b
                                                            0x00405589
                                                            0x0040558f
                                                            0x00405592
                                                            0x00405592
                                                            0x00405599
                                                            0x0040559f
                                                            0x004055a8
                                                            0x004055af
                                                            0x004055b8
                                                            0x004055ba
                                                            0x004055bd
                                                            0x004055cc
                                                            0x004055ce
                                                            0x004055d1
                                                            0x004055d2
                                                            0x004055d5
                                                            0x004055d6
                                                            0x004055d7
                                                            0x004055d7
                                                            0x004055df
                                                            0x004055ea
                                                            0x004055f0
                                                            0x004055f0
                                                            0x00000000
                                                            0x00405556
                                                            0x00405486
                                                            0x0040548c
                                                            0x004054ba
                                                            0x004054bc
                                                            0x004054c2
                                                            0x004054c4
                                                            0x004054cd
                                                            0x004054cd
                                                            0x004054d4
                                                            0x00000000
                                                            0x004054d4
                                                            0x00405490
                                                            0x0040549a
                                                            0x00000000
                                                            0x0040545e
                                                            0x0040545e
                                                            0x00405464
                                                            0x0040549f
                                                            0x00000000
                                                            0x004054a6
                                                            0x0040546d
                                                            0x00405474
                                                            0x00405479
                                                            0x00000000
                                                            0x00405479
                                                            0x0040545c
                                                            0x00405297
                                                            0x0040529b
                                                            0x004052a3
                                                            0x004052a7
                                                            0x004052aa
                                                            0x004052ad
                                                            0x004052b0
                                                            0x004052b3
                                                            0x004052b4
                                                            0x004052b5
                                                            0x004052ce
                                                            0x004052d1
                                                            0x004052db
                                                            0x004052ea
                                                            0x004052f2
                                                            0x004052fa
                                                            0x004052ff
                                                            0x00405302
                                                            0x0040530e
                                                            0x00405317
                                                            0x00405320
                                                            0x00405342
                                                            0x00405348
                                                            0x00405359
                                                            0x0040535e
                                                            0x0040536c
                                                            0x0040537a
                                                            0x0040537a
                                                            0x0040537f
                                                            0x0040538d
                                                            0x0040538d
                                                            0x00405392
                                                            0x00405395
                                                            0x0040539a
                                                            0x004053a6
                                                            0x004053af
                                                            0x004053bc
                                                            0x004053cb
                                                            0x004053be
                                                            0x004053c3
                                                            0x004053c3
                                                            0x004053d7
                                                            0x004053d7
                                                            0x004053eb
                                                            0x004053f4
                                                            0x004053fd
                                                            0x0040540d
                                                            0x00405419
                                                            0x00405419
                                                            0x00000000

                                                            APIs
                                                            • GetDlgItem.USER32 ref: 004052D4
                                                            • GetDlgItem.USER32 ref: 004052E3
                                                            • GetClientRect.USER32 ref: 00405320
                                                            • GetSystemMetrics.USER32 ref: 00405327
                                                            • SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405348
                                                            • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405359
                                                            • SendMessageA.USER32(?,00001001,00000000,?), ref: 0040536C
                                                            • SendMessageA.USER32(?,00001026,00000000,?), ref: 0040537A
                                                            • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040538D
                                                            • ShowWindow.USER32(00000000,?,0000001B,?), ref: 004053AF
                                                            • ShowWindow.USER32(?,00000008), ref: 004053C3
                                                            • GetDlgItem.USER32 ref: 004053E4
                                                            • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004053F4
                                                            • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040540D
                                                            • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405419
                                                            • GetDlgItem.USER32 ref: 004052F2
                                                              • Part of subcall function 004040D3: SendMessageA.USER32(00000028,?,00000001,00403F03), ref: 004040E1
                                                            • GetDlgItem.USER32 ref: 00405435
                                                            • CreateThread.KERNELBASE ref: 00405443
                                                            • FindCloseChangeNotification.KERNELBASE(00000000), ref: 0040544A
                                                            • ShowWindow.USER32(00000000), ref: 0040546D
                                                            • ShowWindow.USER32(?,00000008), ref: 00405474
                                                            • ShowWindow.USER32(00000008), ref: 004054BA
                                                            • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004054EE
                                                            • CreatePopupMenu.USER32 ref: 004054FF
                                                            • AppendMenuA.USER32 ref: 00405514
                                                            • GetWindowRect.USER32 ref: 00405534
                                                            • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040554D
                                                            • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405589
                                                            • OpenClipboard.USER32(00000000), ref: 00405599
                                                            • EmptyClipboard.USER32 ref: 0040559F
                                                            • GlobalAlloc.KERNEL32(00000042,?), ref: 004055A8
                                                            • GlobalLock.KERNEL32 ref: 004055B2
                                                            • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004055C6
                                                            • GlobalUnlock.KERNEL32(00000000), ref: 004055DF
                                                            • SetClipboardData.USER32 ref: 004055EA
                                                            • CloseClipboard.USER32 ref: 004055F0
                                                            Strings
                                                            • Wildix Integration Service v3.9.1 Setup , xrefs: 00405565
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                            • String ID: Wildix Integration Service v3.9.1 Setup
                                                            • API String ID: 4154960007-3622325919
                                                            • Opcode ID: 850865324eda7255bc617561a744910c99d6829a0b955d2a94bbb97841d7110d
                                                            • Instruction ID: 66d789517199d7de7cfadb6731c275bc9a2b232ae8febcf914e4846c803f5e83
                                                            • Opcode Fuzzy Hash: 850865324eda7255bc617561a744910c99d6829a0b955d2a94bbb97841d7110d
                                                            • Instruction Fuzzy Hash: A3A147B0900608BFDB119F61DE89AAF7F79FB08354F40403AFA41BA1A0C7755E519F68
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73DA1A98 Relevance: 25.1, APIs: 13, Strings: 1, Instructions: 591stringlibrarymemoryCOMMONCrypto
                                                            Download Yara Rule
                                                            C-Code - Quality: 95%
                                                            			E73DA1A98() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				CHAR* _v24;
				CHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				CHAR* _v48;
				signed int _v52;
				void* _v56;
				intOrPtr _v60;
				CHAR* _t207;
				signed int _t210;
				void* _t212;
				void* _t214;
				CHAR* _t216;
				void* _t224;
				struct HINSTANCE__* _t225;
				struct HINSTANCE__* _t226;
				struct HINSTANCE__* _t228;
				signed short _t230;
				struct HINSTANCE__* _t233;
				struct HINSTANCE__* _t235;
				void* _t236;
				char* _t237;
				void* _t248;
				signed char _t249;
				signed int _t250;
				void* _t254;
				struct HINSTANCE__* _t256;
				void* _t257;
				signed int _t259;
				intOrPtr _t260;
				char* _t263;
				signed int _t268;
				signed int _t271;
				signed int _t273;
				void* _t276;
				void* _t280;
				struct HINSTANCE__* _t282;
				intOrPtr _t285;
				void _t286;
				signed int _t287;
				signed int _t299;
				signed int _t300;
				intOrPtr _t303;
				void* _t304;
				signed int _t308;
				signed int _t311;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				intOrPtr _t319;
				intOrPtr* _t320;
				CHAR* _t321;
				CHAR* _t323;
				CHAR* _t324;
				struct HINSTANCE__* _t325;
				void* _t327;
				signed int _t328;
				void* _t329;

				_t282 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t329 = 0;
				_v52 = 0;
				_v44 = 0;
				_t207 = E73DA1215();
				_v24 = _t207;
				_v28 = _t207;
				_v48 = E73DA1215();
				_t320 = E73DA123B();
				_v56 = _t320;
				_v12 = _t320;
				while(1) {
					_t210 = _v32;
					_v60 = _t210;
					if(_t210 != _t282 && _t329 == _t282) {
						break;
					}
					_t319 =  *_t320;
					_t285 = _t319;
					_t212 = _t285 - _t282;
					if(_t212 == 0) {
						_t37 =  &_v32;
						 *_t37 = _v32 | 0xffffffff;
						__eflags =  *_t37;
						L20:
						_t214 = _v60 - _t282;
						if(_t214 == 0) {
							 *_v28 =  *_v28 & 0x00000000;
							__eflags = _t329 - _t282;
							if(_t329 == _t282) {
								_t254 = GlobalAlloc(0x40, 0x14a4); // executed
								_t329 = _t254;
								 *(_t329 + 0x810) = _t282;
								 *(_t329 + 0x814) = _t282;
							}
							_t286 = _v36;
							_t47 = _t329 + 8; // 0x8
							_t216 = _t47;
							_t48 = _t329 + 0x408; // 0x408
							_t321 = _t48;
							 *_t329 = _t286;
							 *_t216 =  *_t216 & 0x00000000;
							 *(_t329 + 0x808) = _t282;
							 *_t321 =  *_t321 & 0x00000000;
							_t287 = _t286 - _t282;
							__eflags = _t287;
							 *(_t329 + 0x80c) = _t282;
							 *(_t329 + 4) = _t282;
							if(_t287 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L42;
								}
								_t327 = 0;
								GlobalFree(_t329);
								_t329 = E73DA12FE(_v24);
								__eflags = _t329 - _t282;
								if(_t329 == _t282) {
									goto L42;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t248 =  *(_t329 + 0x14a0);
									__eflags = _t248 - _t282;
									if(_t248 == _t282) {
										break;
									}
									_t327 = _t329;
									_t329 = _t248;
									__eflags = _t329 - _t282;
									if(_t329 != _t282) {
										continue;
									}
									break;
								}
								__eflags = _t327 - _t282;
								if(_t327 != _t282) {
									 *(_t327 + 0x14a0) = _t282;
								}
								_t249 =  *(_t329 + 0x810);
								__eflags = _t249 & 0x00000008;
								if((_t249 & 0x00000008) == 0) {
									_t250 = _t249 | 0x00000002;
									__eflags = _t250;
									 *(_t329 + 0x810) = _t250;
								} else {
									_t329 = E73DA1534(_t329);
									 *(_t329 + 0x810) =  *(_t329 + 0x810) & 0xfffffff5;
								}
								goto L42;
							} else {
								_t299 = _t287 - 1;
								__eflags = _t299;
								if(_t299 == 0) {
									L31:
									lstrcpyA(_t216, _v48);
									L32:
									lstrcpyA(_t321, _v24);
									goto L42;
								}
								_t300 = _t299 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									goto L32;
								}
								__eflags = _t300 != 1;
								if(_t300 != 1) {
									goto L42;
								}
								goto L31;
							}
						} else {
							if(_t214 == 1) {
								_t256 = _v16;
								if(_v40 == _t282) {
									_t256 = _t256 - 1;
								}
								 *(_t329 + 0x814) = _t256;
							}
							L42:
							_v12 = _v12 + 1;
							_v28 = _v24;
							L59:
							if(_v32 != 0xffffffff) {
								_t320 = _v12;
								continue;
							}
							break;
						}
					}
					_t257 = _t212 - 0x23;
					if(_t257 == 0) {
						__eflags = _t320 - _v56;
						if(_t320 <= _v56) {
							L17:
							__eflags = _v44 - _t282;
							if(_v44 != _t282) {
								L43:
								_t259 = _v32 - _t282;
								__eflags = _t259;
								if(_t259 == 0) {
									_t260 = _t319;
									while(1) {
										__eflags = _t260 - 0x22;
										if(_t260 != 0x22) {
											break;
										}
										_t320 = _t320 + 1;
										__eflags = _v44 - _t282;
										_v12 = _t320;
										if(_v44 == _t282) {
											_v44 = 1;
											L162:
											_v28 =  &(_v28[1]);
											 *_v28 =  *_t320;
											L58:
											_t328 = _t320 + 1;
											__eflags = _t328;
											_v12 = _t328;
											goto L59;
										}
										_t260 =  *_t320;
										_v44 = _t282;
									}
									__eflags = _t260 - 0x2a;
									if(_t260 == 0x2a) {
										_v36 = 2;
										L57:
										_t320 = _v12;
										_v28 = _v24;
										_t282 = 0;
										__eflags = 0;
										goto L58;
									}
									__eflags = _t260 - 0x2d;
									if(_t260 == 0x2d) {
										L151:
										_t303 =  *_t320;
										__eflags = _t303 - 0x2d;
										if(_t303 != 0x2d) {
											L154:
											_t263 = _t320 + 1;
											__eflags =  *_t263 - 0x3a;
											if( *_t263 != 0x3a) {
												goto L162;
											}
											__eflags = _t303 - 0x2d;
											if(_t303 == 0x2d) {
												goto L162;
											}
											_v36 = 1;
											L157:
											_v12 = _t263;
											__eflags = _v28 - _v24;
											if(_v28 <= _v24) {
												 *_v48 =  *_v48 & 0x00000000;
											} else {
												 *_v28 =  *_v28 & 0x00000000;
												lstrcpyA(_v48, _v24);
											}
											goto L57;
										}
										_t263 = _t320 + 1;
										__eflags =  *_t263 - 0x3e;
										if( *_t263 != 0x3e) {
											goto L154;
										}
										_v36 = 3;
										goto L157;
									}
									__eflags = _t260 - 0x3a;
									if(_t260 != 0x3a) {
										goto L162;
									}
									goto L151;
								}
								_t268 = _t259 - 1;
								__eflags = _t268;
								if(_t268 == 0) {
									L80:
									_t304 = _t285 + 0xffffffde;
									__eflags = _t304 - 0x55;
									if(_t304 > 0x55) {
										goto L57;
									}
									switch( *((intOrPtr*)(( *(_t304 + 0x73da2259) & 0x000000ff) * 4 +  &M73DA21CD))) {
										case 0:
											__eax = _v24;
											__edi = _v12;
											while(1) {
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												L131:
												__eflags =  *(__edi + 1) - __dl;
												if( *(__edi + 1) != __dl) {
													L136:
													 *__eax =  *__eax & 0x00000000;
													__eax = E73DA1224(_v24);
													__ebx = __eax;
													goto L97;
												}
												L132:
												__eflags = __cl;
												if(__cl == 0) {
													goto L136;
												}
												__eflags = __cl - __dl;
												if(__cl == __dl) {
													__edi = __edi + 1;
													__eflags = __edi;
												}
												__cl =  *__edi;
												 *__eax =  *__edi;
												__eax = __eax + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												goto L131;
											}
										case 1:
											_v8 = 1;
											goto L57;
										case 2:
											_v8 = _v8 | 0xffffffff;
											goto L57;
										case 3:
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v16 = _v16 + 1;
											goto L85;
										case 4:
											__eflags = _v20;
											if(_v20 != 0) {
												goto L57;
											}
											_v12 = _v12 - 1;
											__ebx = E73DA1215();
											 &_v12 = E73DA1A36( &_v12);
											__eax = E73DA1429(__edx, __eax, __edx, __ebx);
											goto L97;
										case 5:
											L105:
											_v20 = _v20 + 1;
											goto L57;
										case 6:
											_push(7);
											goto L123;
										case 7:
											_push(0x19);
											goto L143;
										case 8:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L107;
										case 9:
											_push(0x15);
											goto L143;
										case 0xa:
											_push(0x16);
											goto L143;
										case 0xb:
											_push(0x18);
											goto L143;
										case 0xc:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L118;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L109;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L111;
										case 0xf:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L122;
										case 0x10:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L113;
										case 0x11:
											_push(3);
											goto L123;
										case 0x12:
											_push(0x17);
											L143:
											_pop(__ebx);
											goto L98;
										case 0x13:
											__eax =  &_v12;
											__eax = E73DA1A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											__eflags = __ebx - 0xb;
											if(__ebx < 0xb) {
												__ebx = __ebx + 0xa;
											}
											goto L97;
										case 0x14:
											__ebx = 0xffffffff;
											goto L98;
										case 0x15:
											__eax = 0;
											__eflags = 0;
											goto L116;
										case 0x16:
											__ecx = 0;
											__eflags = 0;
											goto L91;
										case 0x17:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L120;
										case 0x18:
											_t270 =  *(_t329 + 0x814);
											__eflags = _t270 - _v16;
											if(_t270 > _v16) {
												_v16 = _t270;
											}
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v36 - 3 = _t270 - (_v36 == 3);
											if(_t270 != _v36 == 3) {
												L85:
												_v40 = 1;
											}
											goto L57;
										case 0x19:
											L107:
											__ecx = 0;
											_v8 = 2;
											__ecx = 1;
											goto L91;
										case 0x1a:
											L118:
											_push(5);
											goto L123;
										case 0x1b:
											L109:
											__ecx = 0;
											_v8 = 3;
											__ecx = 1;
											goto L91;
										case 0x1c:
											L111:
											__ecx = 0;
											__ecx = 1;
											goto L91;
										case 0x1d:
											L122:
											_push(6);
											goto L123;
										case 0x1e:
											L113:
											_push(2);
											goto L123;
										case 0x1f:
											__eax =  &_v12;
											__eax = E73DA1A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											goto L97;
										case 0x20:
											L116:
											_v52 = _v52 + 1;
											_push(3);
											_pop(__ecx);
											goto L91;
										case 0x21:
											L120:
											_push(4);
											L123:
											_pop(__ecx);
											L91:
											__edi = _v16;
											__edx =  *(0x73da305c + __ecx * 4);
											__eax =  ~__eax;
											asm("sbb eax, eax");
											_v40 = 1;
											__edi = _v16 << 5;
											__eax = __eax & 0x00008000;
											__edi = (_v16 << 5) + __esi;
											__eax = __eax | __ecx;
											__eflags = _v8;
											 *(__edi + 0x818) = __eax;
											if(_v8 < 0) {
												L93:
												__edx = 0;
												__edx = 1;
												__eflags = 1;
												L94:
												__eflags = _v8 - 1;
												 *(__edi + 0x828) = __edx;
												if(_v8 == 1) {
													__eax =  &_v12;
													__eax = E73DA1A36( &_v12);
													__eax = __eax + 1;
													__eflags = __eax;
													_v8 = __eax;
												}
												__eax = _v8;
												 *((intOrPtr*)(__edi + 0x81c)) = _v8;
												_t136 = _v16 + 0x41; // 0x41
												_t136 = _t136 << 5;
												__eax = 0;
												__eflags = 0;
												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
												 *((intOrPtr*)(__edi + 0x830)) = 0;
												 *((intOrPtr*)(__edi + 0x82c)) = 0;
												L97:
												__eflags = __ebx;
												if(__ebx == 0) {
													goto L57;
												}
												L98:
												__eflags = _v20;
												_v40 = 1;
												if(_v20 != 0) {
													L103:
													__eflags = _v20 - 1;
													if(_v20 == 1) {
														__eax = _v16;
														__eax = _v16 << 5;
														__eflags = __eax;
														 *(__eax + __esi + 0x82c) = __ebx;
													}
													goto L105;
												}
												_v16 = _v16 << 5;
												_t144 = __esi + 0x830; // 0x830
												__edi = (_v16 << 5) + _t144;
												__eax =  *__edi;
												__eflags = __eax - 0xffffffff;
												if(__eax <= 0xffffffff) {
													L101:
													__eax = GlobalFree(__eax);
													L102:
													 *__edi = __ebx;
													goto L103;
												}
												__eflags = __eax - 0x19;
												if(__eax <= 0x19) {
													goto L102;
												}
												goto L101;
											}
											__eflags = __edx;
											if(__edx > 0) {
												goto L94;
											}
											goto L93;
										case 0x22:
											goto L57;
									}
								}
								_t271 = _t268 - 1;
								__eflags = _t271;
								if(_t271 == 0) {
									_v16 = _t282;
									goto L80;
								}
								__eflags = _t271 != 1;
								if(_t271 != 1) {
									goto L162;
								}
								__eflags = _t285 - 0x6e;
								if(__eflags > 0) {
									_t308 = _t285 - 0x72;
									__eflags = _t308;
									if(_t308 == 0) {
										_push(4);
										L74:
										_pop(_t273);
										L75:
										__eflags = _v8 - 1;
										if(_v8 != 1) {
											_t96 = _t329 + 0x810;
											 *_t96 =  *(_t329 + 0x810) &  !_t273;
											__eflags =  *_t96;
										} else {
											 *(_t329 + 0x810) =  *(_t329 + 0x810) | _t273;
										}
										_v8 = 1;
										goto L57;
									}
									_t311 = _t308 - 1;
									__eflags = _t311;
									if(_t311 == 0) {
										_push(0x10);
										goto L74;
									}
									__eflags = _t311 != 0;
									if(_t311 != 0) {
										goto L57;
									}
									_push(0x40);
									goto L74;
								}
								if(__eflags == 0) {
									_push(8);
									goto L74;
								}
								_t314 = _t285 - 0x21;
								__eflags = _t314;
								if(_t314 == 0) {
									_v8 =  ~_v8;
									goto L57;
								}
								_t315 = _t314 - 0x11;
								__eflags = _t315;
								if(_t315 == 0) {
									_t273 = 0x100;
									goto L75;
								}
								_t316 = _t315 - 0x31;
								__eflags = _t316;
								if(_t316 == 0) {
									_t273 = 1;
									goto L75;
								}
								__eflags = _t316 != 0;
								if(_t316 != 0) {
									goto L57;
								}
								_push(0x20);
								goto L74;
							} else {
								_v32 = _t282;
								_v36 = _t282;
								goto L20;
							}
						}
						__eflags =  *((char*)(_t320 - 1)) - 0x3a;
						if( *((char*)(_t320 - 1)) != 0x3a) {
							goto L17;
						}
						__eflags = _v32 - _t282;
						if(_v32 == _t282) {
							goto L43;
						}
						goto L17;
					}
					_t276 = _t257 - 5;
					if(_t276 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							__eflags = _v36 - 3;
							_v32 = 1;
							_v8 = _t282;
							_v20 = _t282;
							_v16 = (0 | _v36 == 0x00000003) + 1;
							_v40 = _t282;
							goto L20;
						}
					}
					_t280 = _t276 - 1;
					if(_t280 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							_v32 = 2;
							_v8 = _t282;
							_v20 = _t282;
							goto L20;
						}
					}
					if(_t280 != 0x16) {
						goto L43;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L20;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v48);
				if(_t329 == _t282 ||  *(_t329 + 0x80c) != _t282) {
					L182:
					return _t329;
				} else {
					_t224 =  *_t329 - 1;
					if(_t224 == 0) {
						_t187 = _t329 + 8; // 0x8
						_t323 = _t187;
						__eflags =  *_t323;
						if( *_t323 != 0) {
							_t225 = GetModuleHandleA(_t323);
							__eflags = _t225 - _t282;
							 *(_t329 + 0x808) = _t225;
							if(_t225 != _t282) {
								L171:
								_t192 = _t329 + 0x408; // 0x408
								_t324 = _t192;
								_t226 = E73DA15C2( *(_t329 + 0x808), _t324);
								__eflags = _t226 - _t282;
								 *(_t329 + 0x80c) = _t226;
								if(_t226 == _t282) {
									__eflags =  *_t324 - 0x23;
									if( *_t324 == 0x23) {
										_t195 = _t329 + 0x409; // 0x409
										_t230 = E73DA12FE(_t195);
										__eflags = _t230 - _t282;
										if(_t230 != _t282) {
											__eflags = _t230 & 0xffff0000;
											if((_t230 & 0xffff0000) == 0) {
												 *(_t329 + 0x80c) = GetProcAddress( *(_t329 + 0x808), _t230 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v52 - _t282;
								if(_v52 != _t282) {
									L178:
									_t324[lstrlenA(_t324)] = 0x41;
									_t228 = E73DA15C2( *(_t329 + 0x808), _t324);
									__eflags = _t228 - _t282;
									if(_t228 != _t282) {
										L166:
										 *(_t329 + 0x80c) = _t228;
										goto L182;
									}
									__eflags =  *(_t329 + 0x80c) - _t282;
									L180:
									if(__eflags != 0) {
										goto L182;
									}
									L181:
									_t205 = _t329 + 4;
									 *_t205 =  *(_t329 + 4) | 0xffffffff;
									__eflags =  *_t205;
									goto L182;
								} else {
									__eflags =  *(_t329 + 0x80c) - _t282;
									if( *(_t329 + 0x80c) != _t282) {
										goto L182;
									}
									goto L178;
								}
							}
							_t233 = LoadLibraryA(_t323);
							__eflags = _t233 - _t282;
							 *(_t329 + 0x808) = _t233;
							if(_t233 == _t282) {
								goto L181;
							}
							goto L171;
						}
						_t188 = _t329 + 0x408; // 0x408
						_t235 = E73DA12FE(_t188);
						 *(_t329 + 0x80c) = _t235;
						__eflags = _t235 - _t282;
						goto L180;
					}
					_t236 = _t224 - 1;
					if(_t236 == 0) {
						_t185 = _t329 + 0x408; // 0x408
						_t237 = _t185;
						__eflags =  *_t237;
						if( *_t237 == 0) {
							goto L182;
						}
						_t228 = E73DA12FE(_t237);
						L165:
						goto L166;
					}
					if(_t236 != 1) {
						goto L182;
					}
					_t81 = _t329 + 8; // 0x8
					_t283 = _t81;
					_t325 = E73DA12FE(_t81);
					 *(_t329 + 0x808) = _t325;
					if(_t325 == 0) {
						goto L181;
					}
					 *(_t329 + 0x84c) =  *(_t329 + 0x84c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x850)) = E73DA1224(_t283);
					 *(_t329 + 0x83c) =  *(_t329 + 0x83c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x848)) = 1;
					 *((intOrPtr*)(_t329 + 0x838)) = 1;
					_t90 = _t329 + 0x408; // 0x408
					_t228 =  *(_t325->i + E73DA12FE(_t90) * 4);
					goto L165;
				}
			}



































































                                                            0x73da1aa0
                                                            0x73da1aa3
                                                            0x73da1aa6
                                                            0x73da1aa9
                                                            0x73da1aac
                                                            0x73da1aaf
                                                            0x73da1ab2
                                                            0x73da1ab4
                                                            0x73da1ab7
                                                            0x73da1aba
                                                            0x73da1abf
                                                            0x73da1ac2
                                                            0x73da1aca
                                                            0x73da1ad2
                                                            0x73da1ad4
                                                            0x73da1ad7
                                                            0x73da1adf
                                                            0x73da1adf
                                                            0x73da1ae4
                                                            0x73da1ae7
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1af1
                                                            0x73da1af3
                                                            0x73da1af8
                                                            0x73da1afa
                                                            0x73da1b8b
                                                            0x73da1b8b
                                                            0x73da1b8b
                                                            0x73da1b8f
                                                            0x73da1b92
                                                            0x73da1b94
                                                            0x73da1bb6
                                                            0x73da1bb9
                                                            0x73da1bbb
                                                            0x73da1bc4
                                                            0x73da1bca
                                                            0x73da1bcc
                                                            0x73da1bd2
                                                            0x73da1bd2
                                                            0x73da1bd8
                                                            0x73da1bdb
                                                            0x73da1bdb
                                                            0x73da1bde
                                                            0x73da1bde
                                                            0x73da1be4
                                                            0x73da1be6
                                                            0x73da1be9
                                                            0x73da1bef
                                                            0x73da1bf2
                                                            0x73da1bf2
                                                            0x73da1bf4
                                                            0x73da1bfa
                                                            0x73da1bfd
                                                            0x73da1c21
                                                            0x73da1c24
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1c27
                                                            0x73da1c29
                                                            0x73da1c37
                                                            0x73da1c3a
                                                            0x73da1c3c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1c3e
                                                            0x73da1c3e
                                                            0x73da1c3e
                                                            0x73da1c44
                                                            0x73da1c46
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1c48
                                                            0x73da1c4a
                                                            0x73da1c4c
                                                            0x73da1c4e
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1c4e
                                                            0x73da1c50
                                                            0x73da1c52
                                                            0x73da1c54
                                                            0x73da1c54
                                                            0x73da1c5a
                                                            0x73da1c60
                                                            0x73da1c62
                                                            0x73da1c76
                                                            0x73da1c76
                                                            0x73da1c78
                                                            0x73da1c64
                                                            0x73da1c6a
                                                            0x73da1c6d
                                                            0x73da1c6d
                                                            0x00000000
                                                            0x73da1bff
                                                            0x73da1bff
                                                            0x73da1bff
                                                            0x73da1c00
                                                            0x73da1c08
                                                            0x73da1c0c
                                                            0x73da1c12
                                                            0x73da1c16
                                                            0x00000000
                                                            0x73da1c16
                                                            0x73da1c02
                                                            0x73da1c02
                                                            0x73da1c03
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1c05
                                                            0x73da1c06
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1c06
                                                            0x73da1b96
                                                            0x73da1b97
                                                            0x73da1ba0
                                                            0x73da1ba3
                                                            0x73da1bb0
                                                            0x73da1bb0
                                                            0x73da1ba5
                                                            0x73da1ba5
                                                            0x73da1c7e
                                                            0x73da1c81
                                                            0x73da1c84
                                                            0x73da1cf6
                                                            0x73da1cfa
                                                            0x73da1adc
                                                            0x00000000
                                                            0x73da1adc
                                                            0x00000000
                                                            0x73da1cfa
                                                            0x73da1b94
                                                            0x73da1b00
                                                            0x73da1b03
                                                            0x73da1b66
                                                            0x73da1b69
                                                            0x73da1b7a
                                                            0x73da1b7a
                                                            0x73da1b7d
                                                            0x73da1c89
                                                            0x73da1c8c
                                                            0x73da1c8c
                                                            0x73da1c8e
                                                            0x73da2033
                                                            0x73da2045
                                                            0x73da2045
                                                            0x73da2047
                                                            0x00000000
                                                            0x00000000
                                                            0x73da2037
                                                            0x73da2038
                                                            0x73da203b
                                                            0x73da203e
                                                            0x73da20ba
                                                            0x73da20c1
                                                            0x73da20c6
                                                            0x73da20c9
                                                            0x73da1cf2
                                                            0x73da1cf2
                                                            0x73da1cf2
                                                            0x73da1cf3
                                                            0x00000000
                                                            0x73da1cf3
                                                            0x73da2040
                                                            0x73da2042
                                                            0x73da2042
                                                            0x73da2049
                                                            0x73da204b
                                                            0x73da20ae
                                                            0x73da1ce7
                                                            0x73da1cea
                                                            0x73da1ced
                                                            0x73da1cf0
                                                            0x73da1cf0
                                                            0x00000000
                                                            0x73da1cf0
                                                            0x73da204d
                                                            0x73da204f
                                                            0x73da2055
                                                            0x73da2055
                                                            0x73da2057
                                                            0x73da205a
                                                            0x73da206d
                                                            0x73da206d
                                                            0x73da2070
                                                            0x73da2073
                                                            0x00000000
                                                            0x00000000
                                                            0x73da2075
                                                            0x73da2078
                                                            0x00000000
                                                            0x00000000
                                                            0x73da207a
                                                            0x73da2081
                                                            0x73da2081
                                                            0x73da2087
                                                            0x73da208a
                                                            0x73da20a6
                                                            0x73da208c
                                                            0x73da2095
                                                            0x73da2098
                                                            0x73da2098
                                                            0x00000000
                                                            0x73da208a
                                                            0x73da205c
                                                            0x73da205f
                                                            0x73da2062
                                                            0x00000000
                                                            0x00000000
                                                            0x73da2064
                                                            0x00000000
                                                            0x73da2064
                                                            0x73da2051
                                                            0x73da2053
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73da2053
                                                            0x73da1c94
                                                            0x73da1c94
                                                            0x73da1c95
                                                            0x73da1dde
                                                            0x73da1dde
                                                            0x73da1de5
                                                            0x73da1de8
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1df5
                                                            0x00000000
                                                            0x73da1fdb
                                                            0x73da1fde
                                                            0x73da1fe1
                                                            0x73da1fe1
                                                            0x73da1fe2
                                                            0x73da1fe5
                                                            0x73da1fe7
                                                            0x73da1fe9
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1feb
                                                            0x73da1feb
                                                            0x73da1fee
                                                            0x73da2000
                                                            0x73da2003
                                                            0x73da2006
                                                            0x73da200c
                                                            0x00000000
                                                            0x73da200c
                                                            0x73da1ff0
                                                            0x73da1ff0
                                                            0x73da1ff2
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1ff4
                                                            0x73da1ff6
                                                            0x73da1ff8
                                                            0x73da1ff8
                                                            0x73da1ff8
                                                            0x73da1ff9
                                                            0x73da1ffb
                                                            0x73da1ffd
                                                            0x73da1fe1
                                                            0x73da1fe2
                                                            0x73da1fe5
                                                            0x73da1fe7
                                                            0x73da1fe9
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1fe9
                                                            0x00000000
                                                            0x73da1e3c
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1e48
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1e2f
                                                            0x73da1e33
                                                            0x73da1e37
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1fad
                                                            0x73da1fb1
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1fb7
                                                            0x73da1fbf
                                                            0x73da1fc6
                                                            0x73da1fce
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1f15
                                                            0x73da1f15
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1e51
                                                            0x00000000
                                                            0x00000000
                                                            0x73da202b
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1f1d
                                                            0x73da1f1f
                                                            0x73da1f1f
                                                            0x00000000
                                                            0x00000000
                                                            0x73da201b
                                                            0x00000000
                                                            0x00000000
                                                            0x73da201f
                                                            0x00000000
                                                            0x00000000
                                                            0x73da2027
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1f64
                                                            0x73da1f66
                                                            0x73da1f66
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1f2f
                                                            0x73da1f31
                                                            0x73da1f31
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1f41
                                                            0x73da1f43
                                                            0x73da1f43
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1f72
                                                            0x73da1f74
                                                            0x73da1f74
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1f4c
                                                            0x73da1f4e
                                                            0x73da1f4e
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1f53
                                                            0x00000000
                                                            0x00000000
                                                            0x73da2023
                                                            0x73da202d
                                                            0x73da202d
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1f7d
                                                            0x73da1f81
                                                            0x73da1f86
                                                            0x73da1f89
                                                            0x73da1f8a
                                                            0x73da1f8d
                                                            0x73da1f93
                                                            0x73da1f93
                                                            0x00000000
                                                            0x00000000
                                                            0x73da2013
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1f57
                                                            0x73da1f57
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1e58
                                                            0x73da1e58
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1f6b
                                                            0x73da1f6d
                                                            0x73da1f6d
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1dfc
                                                            0x73da1e02
                                                            0x73da1e05
                                                            0x73da1e07
                                                            0x73da1e07
                                                            0x73da1e0a
                                                            0x73da1e0e
                                                            0x73da1e1b
                                                            0x73da1e1d
                                                            0x73da1e23
                                                            0x73da1e23
                                                            0x73da1e23
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1f20
                                                            0x73da1f20
                                                            0x73da1f22
                                                            0x73da1f29
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1f67
                                                            0x73da1f67
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1f32
                                                            0x73da1f32
                                                            0x73da1f34
                                                            0x73da1f3b
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1f44
                                                            0x73da1f44
                                                            0x73da1f46
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1f75
                                                            0x73da1f75
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1f4f
                                                            0x73da1f4f
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1f9b
                                                            0x73da1f9f
                                                            0x73da1fa4
                                                            0x73da1fa7
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1f59
                                                            0x73da1f59
                                                            0x73da1f5c
                                                            0x73da1f5e
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1f6e
                                                            0x73da1f6e
                                                            0x73da1f77
                                                            0x73da1f77
                                                            0x73da1e5a
                                                            0x73da1e5a
                                                            0x73da1e5d
                                                            0x73da1e64
                                                            0x73da1e66
                                                            0x73da1e68
                                                            0x73da1e6f
                                                            0x73da1e72
                                                            0x73da1e77
                                                            0x73da1e79
                                                            0x73da1e7b
                                                            0x73da1e7f
                                                            0x73da1e85
                                                            0x73da1e8b
                                                            0x73da1e8b
                                                            0x73da1e8d
                                                            0x73da1e8d
                                                            0x73da1e8e
                                                            0x73da1e8e
                                                            0x73da1e92
                                                            0x73da1e98
                                                            0x73da1e9a
                                                            0x73da1e9e
                                                            0x73da1ea3
                                                            0x73da1ea3
                                                            0x73da1ea5
                                                            0x73da1ea5
                                                            0x73da1ea8
                                                            0x73da1eab
                                                            0x73da1eb4
                                                            0x73da1eb7
                                                            0x73da1eba
                                                            0x73da1eba
                                                            0x73da1ebc
                                                            0x73da1ebf
                                                            0x73da1ec5
                                                            0x73da1ecb
                                                            0x73da1ecb
                                                            0x73da1ecd
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1ed3
                                                            0x73da1ed3
                                                            0x73da1ed7
                                                            0x73da1ede
                                                            0x73da1f02
                                                            0x73da1f02
                                                            0x73da1f06
                                                            0x73da1f08
                                                            0x73da1f0b
                                                            0x73da1f0b
                                                            0x73da1f0e
                                                            0x73da1f0e
                                                            0x00000000
                                                            0x73da1f06
                                                            0x73da1ee3
                                                            0x73da1ee6
                                                            0x73da1ee6
                                                            0x73da1eed
                                                            0x73da1eef
                                                            0x73da1ef2
                                                            0x73da1ef9
                                                            0x73da1efa
                                                            0x73da1f00
                                                            0x73da1f00
                                                            0x00000000
                                                            0x73da1f00
                                                            0x73da1ef4
                                                            0x73da1ef7
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1ef7
                                                            0x73da1e87
                                                            0x73da1e89
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1df5
                                                            0x73da1c9b
                                                            0x73da1c9b
                                                            0x73da1c9c
                                                            0x73da1ddb
                                                            0x00000000
                                                            0x73da1ddb
                                                            0x73da1ca2
                                                            0x73da1ca3
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1ca9
                                                            0x73da1cac
                                                            0x73da1da0
                                                            0x73da1da0
                                                            0x73da1da3
                                                            0x73da1db8
                                                            0x73da1dba
                                                            0x73da1dba
                                                            0x73da1dbb
                                                            0x73da1dbe
                                                            0x73da1dc1
                                                            0x73da1dcd
                                                            0x73da1dcd
                                                            0x73da1dcd
                                                            0x73da1dc3
                                                            0x73da1dc3
                                                            0x73da1dc3
                                                            0x73da1dd3
                                                            0x00000000
                                                            0x73da1dd3
                                                            0x73da1da5
                                                            0x73da1da5
                                                            0x73da1da6
                                                            0x73da1db4
                                                            0x00000000
                                                            0x73da1db4
                                                            0x73da1da9
                                                            0x73da1daa
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1db0
                                                            0x00000000
                                                            0x73da1db0
                                                            0x73da1cb2
                                                            0x73da1d9c
                                                            0x00000000
                                                            0x73da1d9c
                                                            0x73da1cb8
                                                            0x73da1cb8
                                                            0x73da1cbb
                                                            0x73da1ce4
                                                            0x00000000
                                                            0x73da1ce4
                                                            0x73da1cbd
                                                            0x73da1cbd
                                                            0x73da1cc0
                                                            0x73da1cda
                                                            0x00000000
                                                            0x73da1cda
                                                            0x73da1cc2
                                                            0x73da1cc2
                                                            0x73da1cc5
                                                            0x73da1cd4
                                                            0x00000000
                                                            0x73da1cd4
                                                            0x73da1cc8
                                                            0x73da1cc9
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1ccb
                                                            0x00000000
                                                            0x73da1b83
                                                            0x73da1b83
                                                            0x73da1b86
                                                            0x00000000
                                                            0x73da1b86
                                                            0x73da1b7d
                                                            0x73da1b6b
                                                            0x73da1b6f
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1b71
                                                            0x73da1b74
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1b74
                                                            0x73da1b05
                                                            0x73da1b08
                                                            0x73da1b3e
                                                            0x73da1b41
                                                            0x00000000
                                                            0x73da1b47
                                                            0x73da1b49
                                                            0x73da1b4d
                                                            0x73da1b54
                                                            0x73da1b5b
                                                            0x73da1b5e
                                                            0x73da1b61
                                                            0x00000000
                                                            0x73da1b61
                                                            0x73da1b41
                                                            0x73da1b0a
                                                            0x73da1b0b
                                                            0x73da1b26
                                                            0x73da1b29
                                                            0x00000000
                                                            0x73da1b2f
                                                            0x73da1b2f
                                                            0x73da1b36
                                                            0x73da1b39
                                                            0x00000000
                                                            0x73da1b39
                                                            0x73da1b29
                                                            0x73da1b10
                                                            0x00000000
                                                            0x73da1b16
                                                            0x73da1b16
                                                            0x73da1b1d
                                                            0x00000000
                                                            0x73da1b1d
                                                            0x73da1b10
                                                            0x73da1d09
                                                            0x73da1d0e
                                                            0x73da1d13
                                                            0x73da1d17
                                                            0x73da21c6
                                                            0x73da21cc
                                                            0x73da1d29
                                                            0x73da1d2b
                                                            0x73da1d2c
                                                            0x73da20f1
                                                            0x73da20f1
                                                            0x73da20f4
                                                            0x73da20f7
                                                            0x73da2114
                                                            0x73da211a
                                                            0x73da211c
                                                            0x73da2122
                                                            0x73da2139
                                                            0x73da2139
                                                            0x73da2139
                                                            0x73da2146
                                                            0x73da214c
                                                            0x73da214f
                                                            0x73da2155
                                                            0x73da2157
                                                            0x73da215a
                                                            0x73da215c
                                                            0x73da2163
                                                            0x73da2168
                                                            0x73da216b
                                                            0x73da216d
                                                            0x73da2172
                                                            0x73da2184
                                                            0x73da2184
                                                            0x73da2172
                                                            0x73da216b
                                                            0x73da215a
                                                            0x73da218a
                                                            0x73da218d
                                                            0x73da2197
                                                            0x73da219f
                                                            0x73da21ab
                                                            0x73da21b1
                                                            0x73da21b4
                                                            0x73da20e6
                                                            0x73da20e6
                                                            0x00000000
                                                            0x73da20e6
                                                            0x73da21ba
                                                            0x73da21c0
                                                            0x73da21c0
                                                            0x00000000
                                                            0x00000000
                                                            0x73da21c2
                                                            0x73da21c2
                                                            0x73da21c2
                                                            0x73da21c2
                                                            0x00000000
                                                            0x73da218f
                                                            0x73da218f
                                                            0x73da2195
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73da2195
                                                            0x73da218d
                                                            0x73da2125
                                                            0x73da212b
                                                            0x73da212d
                                                            0x73da2133
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73da2133
                                                            0x73da20f9
                                                            0x73da2100
                                                            0x73da2106
                                                            0x73da210c
                                                            0x00000000
                                                            0x73da210c
                                                            0x73da1d32
                                                            0x73da1d33
                                                            0x73da20d0
                                                            0x73da20d0
                                                            0x73da20d6
                                                            0x73da20d9
                                                            0x00000000
                                                            0x00000000
                                                            0x73da20e0
                                                            0x73da20e5
                                                            0x00000000
                                                            0x73da20e5
                                                            0x73da1d3a
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1d40
                                                            0x73da1d40
                                                            0x73da1d49
                                                            0x73da1d4e
                                                            0x73da1d54
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1d5a
                                                            0x73da1d67
                                                            0x73da1d6d
                                                            0x73da1d77
                                                            0x73da1d7d
                                                            0x73da1d85
                                                            0x73da1d95
                                                            0x00000000
                                                            0x73da1d95

                                                            APIs
                                                              • Part of subcall function 73DA1215: GlobalAlloc.KERNELBASE(00000040,73DA1233,?,73DA12CF,-73DA404B,73DA11AB,-000000A0), ref: 73DA121D
                                                            • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 73DA1BC4
                                                            • lstrcpyA.KERNEL32(00000008,?), ref: 73DA1C0C
                                                            • lstrcpyA.KERNEL32(00000408,?), ref: 73DA1C16
                                                            • GlobalFree.KERNEL32 ref: 73DA1C29
                                                            • GlobalFree.KERNEL32 ref: 73DA1D09
                                                            • GlobalFree.KERNEL32 ref: 73DA1D0E
                                                            • GlobalFree.KERNEL32 ref: 73DA1D13
                                                            • GlobalFree.KERNEL32 ref: 73DA1EFA
                                                            • lstrcpyA.KERNEL32(?,?), ref: 73DA2098
                                                            • GetModuleHandleA.KERNEL32(00000008), ref: 73DA2114
                                                            • LoadLibraryA.KERNEL32(00000008), ref: 73DA2125
                                                            • GetProcAddress.KERNEL32(?,?), ref: 73DA217E
                                                            • lstrlenA.KERNEL32(00000408), ref: 73DA2198
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.581302546.0000000073DA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 73DA0000, based on PE: true
                                                            • Associated: 00000000.00000002.581287668.0000000073DA0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000000.00000002.581318631.0000000073DA3000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000000.00000002.581338629.0000000073DA5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_73da0000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                            • String ID: Nqt
                                                            • API String ID: 245916457-806837294
                                                            • Opcode ID: eba6b269e7380914cd89f3db7787d9fee3d5f844396180542cc59545ea6dcba9
                                                            • Instruction ID: 6560b9db9bfce29273d4c993d776d31b54953373047c626549cf95c578cceec8
                                                            • Opcode Fuzzy Hash: eba6b269e7380914cd89f3db7787d9fee3d5f844396180542cc59545ea6dcba9
                                                            • Instruction Fuzzy Hash: 1822BB72D0420ADFDB128FADCA813ADBBF5FB05725F14452ED196B2280EB749E81CB54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004057D8 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 159filestringCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 715 4057d8-4057fe call 405a96 718 405800-405812 DeleteFileA 715->718 719 405817-40581e 715->719 720 4059a1-4059a5 718->720 721 405820-405822 719->721 722 405831-405841 call 406010 719->722 723 405828-40582b 721->723 724 40594f-405954 721->724 730 405850-405851 call 4059ef 722->730 731 405843-40584e lstrcatA 722->731 723->722 723->724 724->720 726 405956-405959 724->726 728 405963-40596b call 406313 726->728 729 40595b-405961 726->729 728->720 739 40596d-405981 call 4059a8 call 405790 728->739 729->720 734 405856-405859 730->734 731->734 735 405864-40586a lstrcatA 734->735 736 40585b-405862 734->736 738 40586f-40588d lstrlenA FindFirstFileA 735->738 736->735 736->738 740 405893-4058aa call 4059d3 738->740 741 405945-405949 738->741 751 405983-405986 739->751 752 405999-40599c call 405137 739->752 748 4058b5-4058b8 740->748 749 4058ac-4058b0 740->749 741->724 743 40594b 741->743 743->724 754 4058ba-4058bf 748->754 755 4058cb-4058d9 call 406010 748->755 749->748 753 4058b2 749->753 751->729 756 405988-405997 call 405137 call 405def 751->756 752->720 753->748 758 4058c1-4058c3 754->758 759 405924-405936 FindNextFileA 754->759 765 4058f0-4058fb call 405790 755->765 766 4058db-4058e3 755->766 756->720 758->755 764 4058c5-4058c9 758->764 759->740 763 40593c-40593f FindClose 759->763 763->741 764->755 764->759 775 40591c-40591f call 405137 765->775 776 4058fd-405900 765->776 766->759 768 4058e5-4058ee call 4057d8 766->768 768->759 775->759 778 405902-405912 call 405137 call 405def 776->778 779 405914-40591a 776->779 778->759 779->759
                                                            C-Code - Quality: 98%
                                                            			E004057D8(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				void* _t72;
				CHAR* _t73;
				char* _t76;

				_t69 = _a8;
				_t73 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E00405A96(__eflags, _t73);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t73); // executed
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x42f4a8 =  *0x42f4a8 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406010(0x42b878, _t73);
					__eflags = _a4;
					if(_a4 == 0) {
						E004059EF(_t73);
					} else {
						lstrcatA(0x42b878, "\*.*");
					}
					__eflags =  *_t73;
					if( *_t73 != 0) {
						L10:
						lstrcatA(_t73, 0x40a014);
						L11:
						_t71 =  &(_t73[lstrlenA(_t73)]); // executed
						_t40 = FindFirstFileA(0x42b878,  &_v336); // executed
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t76 =  &(_v336.cFileName);
							_t53 = E004059D3( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t76 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t76 - 0x2e;
							if( *_t76 != 0x2e) {
								L19:
								E00406010(_t71, _t76);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E00405790(__eflags, _t73, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E00405137(0xfffffff2, _t73);
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x42f4a8 =  *0x42f4a8 + 1;
										} else {
											E00405137(0xfffffff1, _t73);
											E00405DEF(_t72, _t73, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004057D8(__eflags, _t73, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t76 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t76 + 2));
							if( *((char*)(_t76 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336);
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x42b878 - 0x5c;
					if( *0x42b878 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E00406313(_t73);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E004059A8(_t73);
							_t40 = E00405790(__eflags, _t73, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E00405137(0xffffffe5, _t73);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E00405137(0xfffffff1, _t73);
							return E00405DEF(_t72, _t73, 0);
						}
						L33:
						 *0x42f4a8 =  *0x42f4a8 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}



















                                                            0x004057e2
                                                            0x004057e7
                                                            0x004057f0
                                                            0x004057f3
                                                            0x004057fb
                                                            0x004057fe
                                                            0x00405801
                                                            0x00405809
                                                            0x0040580b
                                                            0x0040580c
                                                            0x00000000
                                                            0x0040580c
                                                            0x00405817
                                                            0x0040581a
                                                            0x0040581a
                                                            0x0040581a
                                                            0x0040581e
                                                            0x00405831
                                                            0x00405838
                                                            0x0040583d
                                                            0x00405841
                                                            0x00405851
                                                            0x00405843
                                                            0x00405849
                                                            0x00405849
                                                            0x00405856
                                                            0x00405859
                                                            0x00405864
                                                            0x0040586a
                                                            0x0040586f
                                                            0x0040587f
                                                            0x00405881
                                                            0x00405887
                                                            0x0040588a
                                                            0x0040588d
                                                            0x00405945
                                                            0x00405945
                                                            0x00405949
                                                            0x0040594b
                                                            0x0040594b
                                                            0x0040594b
                                                            0x0040594b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405893
                                                            0x00405893
                                                            0x0040589c
                                                            0x004058a2
                                                            0x004058a7
                                                            0x004058aa
                                                            0x004058ac
                                                            0x004058b0
                                                            0x004058b2
                                                            0x004058b2
                                                            0x004058b0
                                                            0x004058b5
                                                            0x004058b8
                                                            0x004058cb
                                                            0x004058cd
                                                            0x004058d2
                                                            0x004058d9
                                                            0x004058f4
                                                            0x004058f9
                                                            0x004058fb
                                                            0x0040591f
                                                            0x004058fd
                                                            0x004058fd
                                                            0x00405900
                                                            0x00405914
                                                            0x00405902
                                                            0x00405905
                                                            0x0040590d
                                                            0x0040590d
                                                            0x00405900
                                                            0x004058db
                                                            0x004058e1
                                                            0x004058e3
                                                            0x004058e9
                                                            0x004058e9
                                                            0x004058e3
                                                            0x00000000
                                                            0x004058d9
                                                            0x004058ba
                                                            0x004058bd
                                                            0x004058bf
                                                            0x00000000
                                                            0x00000000
                                                            0x004058c1
                                                            0x004058c3
                                                            0x00000000
                                                            0x00000000
                                                            0x004058c5
                                                            0x004058c9
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405924
                                                            0x0040592e
                                                            0x00405934
                                                            0x00405934
                                                            0x0040593f
                                                            0x00000000
                                                            0x0040593f
                                                            0x0040585b
                                                            0x00405862
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405820
                                                            0x00405820
                                                            0x00405822
                                                            0x0040594f
                                                            0x00405951
                                                            0x00405954
                                                            0x004059a5
                                                            0x004059a5
                                                            0x004059a5
                                                            0x00405956
                                                            0x00405959
                                                            0x00405964
                                                            0x00405969
                                                            0x0040596b
                                                            0x00000000
                                                            0x00000000
                                                            0x0040596e
                                                            0x0040597a
                                                            0x0040597f
                                                            0x00405981
                                                            0x00000000
                                                            0x0040599c
                                                            0x00405983
                                                            0x00405986
                                                            0x00000000
                                                            0x00000000
                                                            0x0040598b
                                                            0x00000000
                                                            0x00405992
                                                            0x0040595b
                                                            0x0040595b
                                                            0x00000000
                                                            0x0040595b
                                                            0x00405828
                                                            0x0040582b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040582b

                                                            APIs
                                                            • DeleteFileA.KERNELBASE(?,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405801
                                                            • lstrcatA.KERNEL32(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\Wildix Outlook Integration\*.*,\*.*,C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\Wildix Outlook Integration\*.*,?,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405849
                                                            • lstrcatA.KERNEL32(?,0040A014,?,C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\Wildix Outlook Integration\*.*,?,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040586A
                                                            • lstrlenA.KERNEL32(?,?,0040A014,?,C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\Wildix Outlook Integration\*.*,?,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405870
                                                            • FindFirstFileA.KERNELBASE(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\Wildix Outlook Integration\*.*,?,?,?,0040A014,?,C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\Wildix Outlook Integration\*.*,?,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405881
                                                            • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 0040592E
                                                            • FindClose.KERNEL32(00000000), ref: 0040593F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                            • String ID: "C:\Users\user\Desktop\SetupWIService.exe" $C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\Wildix Outlook Integration\*.*$C:\Users\user\AppData\Local\Temp\$\*.*
                                                            • API String ID: 2035342205-875978646
                                                            • Opcode ID: 2683fea5af7fdc3d0ee3d5ea6d34bfce251760fda2a5c41c4c388f4f242317a9
                                                            • Instruction ID: b1b2ef924c21ee39ce724be99c412cdb4e11523259fae964be374fa5306f8f12
                                                            • Opcode Fuzzy Hash: 2683fea5af7fdc3d0ee3d5ea6d34bfce251760fda2a5c41c4c388f4f242317a9
                                                            • Instruction Fuzzy Hash: 9A51A171800A04EADB216B618C45BBF7AB8DF42728F14807BF845B51D1C73C4982DE6A
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402138 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 74%
                                                            			E00402138(void* __eflags) {
				signed int _t55;
				void* _t59;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t87;
				intOrPtr* _t95;
				signed int _t105;
				signed int _t109;
				void* _t111;

				 *(_t111 - 0x10) = E00402B2C(0xfffffff0);
				 *(_t111 - 0xc) = E00402B2C(0xffffffdf);
				 *((intOrPtr*)(_t111 - 0x44)) = E00402B2C(2);
				 *((intOrPtr*)(_t111 - 0x40)) = E00402B2C(0xffffffcd);
				 *((intOrPtr*)(_t111 - 0x4c)) = E00402B2C(0x45);
				_t55 =  *(_t111 - 0x24);
				 *(_t111 - 0x88) = _t55 & 0x00000fff;
				_t105 = _t55 & 0x00008000;
				_t109 = _t55 >> 0x0000000c & 0x00000007;
				 *(_t111 - 0x3c) = _t55 >> 0x00000010 & 0x0000ffff;
				if(E00405A15( *(_t111 - 0xc)) == 0) {
					E00402B2C(0x21);
				}
				_t59 = _t111 + 8;
				__imp__CoCreateInstance(0x40851c, _t87, 1, 0x40850c, _t59); // executed
				if(_t59 < _t87) {
					L15:
					 *((intOrPtr*)(_t111 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t63 =  *((intOrPtr*)(_t111 + 8));
					_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x40852c, _t111 - 0x1c);
					 *((intOrPtr*)(_t111 - 8)) = _t64;
					if(_t64 >= _t87) {
						_t67 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t67 + 0x50))(_t67,  *(_t111 - 0xc));
						if(_t105 == _t87) {
							_t84 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t84 + 0x24))(_t84, "C:\\Program Files\\Wildix\\WIService");
						}
						if(_t109 != _t87) {
							_t82 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t82 + 0x3c))(_t82, _t109);
						}
						_t69 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t69 + 0x34))(_t69,  *(_t111 - 0x3c));
						_t95 =  *((intOrPtr*)(_t111 - 0x40));
						if( *_t95 != _t87) {
							_t80 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t80 + 0x44))(_t80, _t95,  *(_t111 - 0x88));
						}
						_t71 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t71 + 0x2c))(_t71,  *((intOrPtr*)(_t111 - 0x44)));
						_t73 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *((intOrPtr*)(_t111 - 0x4c)));
						if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
							 *((intOrPtr*)(_t111 - 8)) = 0x80004005;
							if(MultiByteToWideChar(_t87, _t87,  *(_t111 - 0x10), 0xffffffff,  *(_t111 - 0xc), 0x400) != 0) {
								_t78 =  *((intOrPtr*)(_t111 - 0x1c));
								 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t78 + 0x18))(_t78,  *(_t111 - 0xc), 1);
							}
						}
						_t75 =  *((intOrPtr*)(_t111 - 0x1c));
						 *((intOrPtr*)( *_t75 + 8))(_t75);
					}
					_t65 =  *((intOrPtr*)(_t111 + 8));
					 *((intOrPtr*)( *_t65 + 8))(_t65);
					if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
						_push(0xfffffff4);
					} else {
						goto L15;
					}
				}
				E00401423();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t111 - 4));
				return 0;
			}






















                                                            0x00402141
                                                            0x0040214b
                                                            0x00402155
                                                            0x0040215f
                                                            0x0040216a
                                                            0x0040216d
                                                            0x00402187
                                                            0x0040218d
                                                            0x00402193
                                                            0x00402196
                                                            0x004021a0
                                                            0x004021a4
                                                            0x004021a4
                                                            0x004021a9
                                                            0x004021ba
                                                            0x004021c2
                                                            0x0040229b
                                                            0x0040229b
                                                            0x004022a2
                                                            0x004021c8
                                                            0x004021c8
                                                            0x004021d7
                                                            0x004021db
                                                            0x004021de
                                                            0x004021e4
                                                            0x004021f2
                                                            0x004021f5
                                                            0x004021f7
                                                            0x00402202
                                                            0x00402202
                                                            0x00402207
                                                            0x00402209
                                                            0x00402210
                                                            0x00402210
                                                            0x00402213
                                                            0x0040221c
                                                            0x0040221f
                                                            0x00402224
                                                            0x00402226
                                                            0x00402233
                                                            0x00402233
                                                            0x00402236
                                                            0x0040223f
                                                            0x00402242
                                                            0x0040224b
                                                            0x00402251
                                                            0x00402258
                                                            0x00402271
                                                            0x00402273
                                                            0x00402281
                                                            0x00402281
                                                            0x00402271
                                                            0x00402284
                                                            0x0040228a
                                                            0x0040228a
                                                            0x0040228d
                                                            0x00402293
                                                            0x00402299
                                                            0x004022ae
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00402299
                                                            0x004022a4
                                                            0x004029bb
                                                            0x004029c7

                                                            APIs
                                                            • CoCreateInstance.OLE32(0040851C,?,00000001,0040850C,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021BA
                                                            • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,0040850C,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402269
                                                            Strings
                                                            • C:\Program Files\Wildix\WIService, xrefs: 004021FA
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: ByteCharCreateInstanceMultiWide
                                                            • String ID: C:\Program Files\Wildix\WIService
                                                            • API String ID: 123533781-2436880260
                                                            • Opcode ID: 5e26a4cef9836c5db1ff9a72d0abbf1eb8f5a6fdc757ce25d6c6e23b25beee3e
                                                            • Instruction ID: 754b6e0833e3014b2c682637ef6945f2e05814b0a8fe180c789646af90cdafbf
                                                            • Opcode Fuzzy Hash: 5e26a4cef9836c5db1ff9a72d0abbf1eb8f5a6fdc757ce25d6c6e23b25beee3e
                                                            • Instruction Fuzzy Hash: DD510771A00209AFCB04DFE4C988A9D7BB5EF48314F2045BAF515EB2D1DB799941CF54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00406313 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00406313(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x42c0c0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x42c0c0;
			}




                                                            0x0040631e
                                                            0x00406327
                                                            0x00000000
                                                            0x00406334
                                                            0x0040632a
                                                            0x00000000

                                                            APIs
                                                            • FindFirstFileA.KERNELBASE(7476FA90,0042C0C0,C:\,00405AD9,C:\,C:\,00000000,C:\,C:\,7476FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,7476FA90,C:\Users\user\AppData\Local\Temp\), ref: 0040631E
                                                            • FindClose.KERNEL32(00000000), ref: 0040632A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Find$CloseFileFirst
                                                            • String ID: C:\
                                                            • API String ID: 2295610775-3404278061
                                                            • Opcode ID: 1839775ab65f4c7429e333cf5f3a5f1104f42c23ffe018d7624b5080913ebc3e
                                                            • Instruction ID: f1da5dbc8fb4190b670de1866088b9aea297c62f24eccc1d76d376cb4bf46ee5
                                                            • Opcode Fuzzy Hash: 1839775ab65f4c7429e333cf5f3a5f1104f42c23ffe018d7624b5080913ebc3e
                                                            • Instruction Fuzzy Hash: A8D0123250A030ABC350177C7E0C88F7A989F163347218A36F4A6F21E0C7348C2286DC
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402765 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 41%
                                                            			E00402765(char __ebx, char* __edi, char* __esi) {
				void* _t6;
				void* _t19;

				_t6 = FindFirstFileA(E00402B2C(2), _t19 - 0x1c8); // executed
				if(_t6 != 0xffffffff) {
					E00405F6E(__edi, _t6);
					_push(_t19 - 0x19c);
					_push(__esi);
					E00406010();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}





                                                            0x00402774
                                                            0x0040277d
                                                            0x00402791
                                                            0x0040279c
                                                            0x0040279d
                                                            0x004028d6
                                                            0x0040277f
                                                            0x0040277f
                                                            0x00402781
                                                            0x00402783
                                                            0x00402783
                                                            0x004029bb
                                                            0x004029c7

                                                            APIs
                                                            • FindFirstFileA.KERNELBASE(00000000,?,00000002), ref: 00402774
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: FileFindFirst
                                                            • String ID:
                                                            • API String ID: 1974802433-0
                                                            • Opcode ID: d49b052ccc37abe76686d4a71a1dd7afab77a5349bca0cf12c91bef43c1fe758
                                                            • Instruction ID: 5c82bf4159fd1739121f93a17669663fbe331ae18c29918af2b78fc5806f8225
                                                            • Opcode Fuzzy Hash: d49b052ccc37abe76686d4a71a1dd7afab77a5349bca0cf12c91bef43c1fe758
                                                            • Instruction Fuzzy Hash: 39F0EC725441009BD301EB749A49AFEB77CEF15324F60017BE141F21C1D6F84945D77A
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00403BCA Relevance: 59.8, APIs: 32, Strings: 2, Instructions: 346windowstringCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 185 403bca-403bdc 186 403be2-403be8 185->186 187 403d1d-403d2c 185->187 186->187 188 403bee-403bf7 186->188 189 403d7b-403d90 187->189 190 403d2e-403d69 GetDlgItem * 2 call 40409e KiUserCallbackDispatcher call 40140b 187->190 193 403bf9-403c06 SetWindowPos 188->193 194 403c0c-403c0f 188->194 191 403dd0-403dd5 call 4040ea 189->191 192 403d92-403d95 189->192 210 403d6e-403d76 190->210 204 403dda-403df5 191->204 196 403d97-403da2 call 401389 192->196 197 403dc8-403dca 192->197 193->194 199 403c11-403c23 ShowWindow 194->199 200 403c29-403c2f 194->200 196->197 218 403da4-403dc3 SendMessageA 196->218 197->191 203 40406b 197->203 199->200 205 403c31-403c46 DestroyWindow 200->205 206 403c4b-403c4e 200->206 208 40406d-404074 203->208 214 403df7-403df9 call 40140b 204->214 215 403dfe-403e04 204->215 209 404048-40404e 205->209 211 403c50-403c5c SetWindowLongA 206->211 212 403c61-403c67 206->212 209->203 220 404050-404056 209->220 210->189 211->208 216 403d0a-403d18 call 404105 212->216 217 403c6d-403c7e GetDlgItem 212->217 214->215 221 404029-404042 DestroyWindow EndDialog 215->221 222 403e0a-403e15 215->222 216->208 223 403c80-403c97 SendMessageA IsWindowEnabled 217->223 224 403c9d-403ca0 217->224 218->208 220->203 226 404058-404061 ShowWindow 220->226 221->209 222->221 227 403e1b-403e68 call 406032 call 40409e * 3 GetDlgItem 222->227 223->203 223->224 229 403ca2-403ca3 224->229 230 403ca5-403ca8 224->230 226->203 255 403e72-403eae ShowWindow KiUserCallbackDispatcher call 4040c0 EnableWindow 227->255 256 403e6a-403e6f 227->256 233 403cd3-403cd8 call 404077 229->233 234 403cb6-403cbb 230->234 235 403caa-403cb0 230->235 233->216 238 403cf1-403d04 SendMessageA 234->238 240 403cbd-403cc3 234->240 235->238 239 403cb2-403cb4 235->239 238->216 239->233 243 403cc5-403ccb call 40140b 240->243 244 403cda-403ce3 call 40140b 240->244 253 403cd1 243->253 244->216 252 403ce5-403cef 244->252 252->253 253->233 259 403eb0-403eb1 255->259 260 403eb3 255->260 256->255 261 403eb5-403ee3 GetSystemMenu EnableMenuItem SendMessageA 259->261 260->261 262 403ee5-403ef6 SendMessageA 261->262 263 403ef8 261->263 264 403efe-403f38 call 4040d3 call 403bab call 406010 lstrlenA call 406032 SetWindowTextA call 401389 262->264 263->264 264->204 275 403f3e-403f40 264->275 275->204 276 403f46-403f4a 275->276 277 403f69-403f7d DestroyWindow 276->277 278 403f4c-403f52 276->278 277->209 279 403f83-403fb0 CreateDialogParamA 277->279 278->203 280 403f58-403f5e 278->280 279->209 282 403fb6-40400d call 40409e GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 279->282 280->204 281 403f64 280->281 281->203 282->203 287 40400f-404022 ShowWindow call 4040ea 282->287 289 404027 287->289 289->209
                                                            C-Code - Quality: 84%
                                                            			E00403BCA(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t68;
				struct HWND__* _t74;
				signed int _t87;
				struct HWND__* _t92;
				signed int _t100;
				int _t104;
				signed int _t116;
				signed int _t117;
				int _t118;
				signed int _t123;
				struct HWND__* _t126;
				struct HWND__* _t127;
				int _t128;
				long _t131;
				int _t133;
				int _t134;
				void* _t135;
				void* _t142;
				void* _t143;

				_t116 = _a8;
				if(_t116 == 0x110 || _t116 == 0x408) {
					_t35 = _a12;
					_t126 = _a4;
					__eflags = _t116 - 0x110;
					 *0x42a858 = _t35;
					if(_t116 == 0x110) {
						 *0x42f408 = _t126;
						 *0x42a86c = GetDlgItem(_t126, 1);
						_t92 = GetDlgItem(_t126, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x429838 = _t92;
						E0040409E(_t126);
						SetClassLongA(_t126, 0xfffffff2,  *0x42ebe8); // executed
						 *0x42ebcc = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42a858 = 1;
					}
					_t123 =  *0x40a1dc; // 0x0
					_t134 = 0;
					_t131 = (_t123 << 6) +  *0x42f440;
					__eflags = _t123;
					if(_t123 < 0) {
						L34:
						E004040EA(0x40b);
						while(1) {
							_t37 =  *0x42a858; // 0x1
							 *0x40a1dc =  *0x40a1dc + _t37;
							_t131 = _t131 + (_t37 << 6);
							_t39 =  *0x40a1dc; // 0x0
							__eflags = _t39 -  *0x42f444;
							if(_t39 ==  *0x42f444) {
								E0040140B(1);
							}
							__eflags =  *0x42ebcc - _t134; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x40a1dc -  *0x42f444; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t131 + 0x14);
							E00406032(_t117, _t126, _t131, "Click Next to continue.",  *((intOrPtr*)(_t131 + 0x24)));
							_push( *((intOrPtr*)(_t131 + 0x20)));
							_push(0xfffffc19);
							E0040409E(_t126);
							_push( *((intOrPtr*)(_t131 + 0x1c)));
							_push(0xfffffc1b);
							E0040409E(_t126);
							_push( *((intOrPtr*)(_t131 + 0x28)));
							_push(0xfffffc1a);
							E0040409E(_t126);
							_t49 = GetDlgItem(_t126, 3);
							__eflags =  *0x42f4ac - _t134;
							_v32 = _t49;
							if( *0x42f4ac != _t134) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t49, _t117 & 0x00000008); // executed
							EnableWindow( *(_t135 + 0x30), _t117 & 0x00000100); // executed
							E004040C0(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x429838, _t118);
							__eflags = _t118 - _t134;
							if(_t118 == _t134) {
								_push(1);
							} else {
								_push(_t134);
							}
							EnableMenuItem(GetSystemMenu(_t126, _t134), 0xf060, ??);
							SendMessageA( *(_t135 + 0x38), 0xf4, _t134, 1);
							__eflags =  *0x42f4ac - _t134;
							if( *0x42f4ac == _t134) {
								_push( *0x42a86c);
							} else {
								SendMessageA(_t126, 0x401, 2, _t134);
								_push( *0x429838);
							}
							E004040D3();
							E00406010(0x42a870, E00403BAB());
							E00406032(0x42a870, _t126, _t131,  &(0x42a870[lstrlenA(0x42a870)]),  *((intOrPtr*)(_t131 + 0x18)));
							SetWindowTextA(_t126, 0x42a870); // executed
							_push(_t134);
							_t68 = E00401389( *((intOrPtr*)(_t131 + 8)));
							__eflags = _t68;
							if(_t68 != 0) {
								continue;
							} else {
								__eflags =  *_t131 - _t134;
								if( *_t131 == _t134) {
									continue;
								}
								__eflags =  *(_t131 + 4) - 5;
								if( *(_t131 + 4) != 5) {
									DestroyWindow( *0x42ebd8); // executed
									 *0x42a048 = _t131;
									__eflags =  *_t131 - _t134;
									if( *_t131 <= _t134) {
										goto L58;
									}
									_t74 = CreateDialogParamA( *0x42f400,  *_t131 +  *0x42ebe0 & 0x0000ffff, _t126,  *( *(_t131 + 4) * 4 + "\tB@"), _t131); // executed
									__eflags = _t74 - _t134;
									 *0x42ebd8 = _t74;
									if(_t74 == _t134) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t131 + 0x2c)));
									_push(6);
									E0040409E(_t74);
									GetWindowRect(GetDlgItem(_t126, 0x3fa), _t135 + 0x10);
									ScreenToClient(_t126, _t135 + 0x10);
									SetWindowPos( *0x42ebd8, _t134,  *(_t135 + 0x20),  *(_t135 + 0x20), _t134, _t134, 0x15);
									_push(_t134);
									E00401389( *((intOrPtr*)(_t131 + 0xc)));
									__eflags =  *0x42ebcc - _t134; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x42ebd8, 8); // executed
									E004040EA(0x405);
									goto L58;
								}
								__eflags =  *0x42f4ac - _t134;
								if( *0x42f4ac != _t134) {
									goto L61;
								}
								__eflags =  *0x42f4a0 - _t134;
								if( *0x42f4a0 != _t134) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x42ebd8);
						 *0x42f408 = _t134;
						EndDialog(_t126,  *0x429c40);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t131 - _t134;
							if( *_t131 == _t134) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t87 = E00401389( *((intOrPtr*)(_t131 + 0x10)));
						__eflags = _t87;
						if(_t87 == 0) {
							goto L33;
						}
						SendMessageA( *0x42ebd8, 0x40f, 0, 1);
						__eflags =  *0x42ebcc - _t134; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t126 = _a4;
					_t134 = 0;
					if(_t116 == 0x47) {
						SetWindowPos( *0x42a850, _t126, 0, 0, 0, 0, 0x13);
					}
					if(_t116 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x42a850,  ~(_a12 - 1) & _t116);
					}
					if(_t116 != 0x40d) {
						__eflags = _t116 - 0x11;
						if(_t116 != 0x11) {
							__eflags = _t116 - 0x111;
							if(_t116 != 0x111) {
								L26:
								return E00404105(_t116, _a12, _a16);
							}
							_t133 = _a12 & 0x0000ffff;
							_t127 = GetDlgItem(_t126, _t133);
							__eflags = _t127 - _t134;
							if(_t127 == _t134) {
								L13:
								__eflags = _t133 - 1;
								if(_t133 != 1) {
									__eflags = _t133 - 3;
									if(_t133 != 3) {
										_t128 = 2;
										__eflags = _t133 - _t128;
										if(_t133 != _t128) {
											L25:
											SendMessageA( *0x42ebd8, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42f4ac - _t134;
										if( *0x42f4ac == _t134) {
											_t100 = E0040140B(3);
											__eflags = _t100;
											if(_t100 != 0) {
												goto L26;
											}
											 *0x429c40 = 1;
											L21:
											_push(0x78);
											L22:
											E00404077();
											goto L26;
										}
										E0040140B(_t128);
										 *0x429c40 = _t128;
										goto L21;
									}
									__eflags =  *0x40a1dc - _t134; // 0x0
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t133);
								goto L22;
							}
							SendMessageA(_t127, 0xf3, _t134, _t134);
							_t104 = IsWindowEnabled(_t127);
							__eflags = _t104;
							if(_t104 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t126, _t134, _t134);
						return 1;
					} else {
						DestroyWindow( *0x42ebd8);
						 *0x42ebd8 = _a12;
						L58:
						_t142 =  *0x42b870 - _t134; // 0x1
						if(_t142 == 0) {
							_t143 =  *0x42ebd8 - _t134; // 0x103a6
							if(_t143 != 0) {
								ShowWindow(_t126, 0xa); // executed
								 *0x42b870 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}
































                                                            0x00403bd3
                                                            0x00403bdc
                                                            0x00403d1d
                                                            0x00403d21
                                                            0x00403d25
                                                            0x00403d27
                                                            0x00403d2c
                                                            0x00403d37
                                                            0x00403d42
                                                            0x00403d47
                                                            0x00403d49
                                                            0x00403d4b
                                                            0x00403d4e
                                                            0x00403d53
                                                            0x00403d61
                                                            0x00403d6e
                                                            0x00403d75
                                                            0x00403d75
                                                            0x00403d76
                                                            0x00403d76
                                                            0x00403d7b
                                                            0x00403d81
                                                            0x00403d88
                                                            0x00403d8e
                                                            0x00403d90
                                                            0x00403dd0
                                                            0x00403dd5
                                                            0x00403dda
                                                            0x00403dda
                                                            0x00403ddf
                                                            0x00403de8
                                                            0x00403dea
                                                            0x00403def
                                                            0x00403df5
                                                            0x00403df9
                                                            0x00403df9
                                                            0x00403dfe
                                                            0x00403e04
                                                            0x00000000
                                                            0x00000000
                                                            0x00403e0f
                                                            0x00403e15
                                                            0x00000000
                                                            0x00000000
                                                            0x00403e1e
                                                            0x00403e26
                                                            0x00403e2b
                                                            0x00403e2e
                                                            0x00403e34
                                                            0x00403e39
                                                            0x00403e3c
                                                            0x00403e42
                                                            0x00403e47
                                                            0x00403e4a
                                                            0x00403e50
                                                            0x00403e58
                                                            0x00403e5e
                                                            0x00403e64
                                                            0x00403e68
                                                            0x00403e6f
                                                            0x00403e6f
                                                            0x00403e6f
                                                            0x00403e79
                                                            0x00403e8b
                                                            0x00403e97
                                                            0x00403e9c
                                                            0x00403ea6
                                                            0x00403eac
                                                            0x00403eae
                                                            0x00403eb3
                                                            0x00403eb0
                                                            0x00403eb0
                                                            0x00403eb0
                                                            0x00403ec3
                                                            0x00403edb
                                                            0x00403edd
                                                            0x00403ee3
                                                            0x00403ef8
                                                            0x00403ee5
                                                            0x00403eee
                                                            0x00403ef0
                                                            0x00403ef0
                                                            0x00403efe
                                                            0x00403f0f
                                                            0x00403f20
                                                            0x00403f27
                                                            0x00403f2d
                                                            0x00403f31
                                                            0x00403f36
                                                            0x00403f38
                                                            0x00000000
                                                            0x00403f3e
                                                            0x00403f3e
                                                            0x00403f40
                                                            0x00000000
                                                            0x00000000
                                                            0x00403f46
                                                            0x00403f4a
                                                            0x00403f6f
                                                            0x00403f75
                                                            0x00403f7b
                                                            0x00403f7d
                                                            0x00000000
                                                            0x00000000
                                                            0x00403fa3
                                                            0x00403fa9
                                                            0x00403fab
                                                            0x00403fb0
                                                            0x00000000
                                                            0x00000000
                                                            0x00403fb6
                                                            0x00403fb9
                                                            0x00403fbc
                                                            0x00403fd3
                                                            0x00403fdf
                                                            0x00403ff8
                                                            0x00403ffe
                                                            0x00404002
                                                            0x00404007
                                                            0x0040400d
                                                            0x00000000
                                                            0x00000000
                                                            0x00404017
                                                            0x00404022
                                                            0x00000000
                                                            0x00404022
                                                            0x00403f4c
                                                            0x00403f52
                                                            0x00000000
                                                            0x00000000
                                                            0x00403f58
                                                            0x00403f5e
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00403f64
                                                            0x00403f38
                                                            0x0040402f
                                                            0x0040403b
                                                            0x00404042
                                                            0x00000000
                                                            0x00403d92
                                                            0x00403d92
                                                            0x00403d95
                                                            0x00403dc8
                                                            0x00403dc8
                                                            0x00403dca
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00403dca
                                                            0x00403d97
                                                            0x00403d9b
                                                            0x00403da0
                                                            0x00403da2
                                                            0x00000000
                                                            0x00000000
                                                            0x00403db2
                                                            0x00403dba
                                                            0x00000000
                                                            0x00403dc0
                                                            0x00403bee
                                                            0x00403bee
                                                            0x00403bf2
                                                            0x00403bf7
                                                            0x00403c06
                                                            0x00403c06
                                                            0x00403c0f
                                                            0x00403c18
                                                            0x00403c23
                                                            0x00403c23
                                                            0x00403c2f
                                                            0x00403c4b
                                                            0x00403c4e
                                                            0x00403c61
                                                            0x00403c67
                                                            0x00403d0a
                                                            0x00000000
                                                            0x00403d13
                                                            0x00403c6d
                                                            0x00403c7a
                                                            0x00403c7c
                                                            0x00403c7e
                                                            0x00403c9d
                                                            0x00403c9d
                                                            0x00403ca0
                                                            0x00403ca5
                                                            0x00403ca8
                                                            0x00403cb8
                                                            0x00403cb9
                                                            0x00403cbb
                                                            0x00403cf1
                                                            0x00403d04
                                                            0x00000000
                                                            0x00403d04
                                                            0x00403cbd
                                                            0x00403cc3
                                                            0x00403cdc
                                                            0x00403ce1
                                                            0x00403ce3
                                                            0x00000000
                                                            0x00000000
                                                            0x00403ce5
                                                            0x00403cd1
                                                            0x00403cd1
                                                            0x00403cd3
                                                            0x00403cd3
                                                            0x00000000
                                                            0x00403cd3
                                                            0x00403cc6
                                                            0x00403ccb
                                                            0x00000000
                                                            0x00403ccb
                                                            0x00403caa
                                                            0x00403cb0
                                                            0x00000000
                                                            0x00000000
                                                            0x00403cb2
                                                            0x00000000
                                                            0x00403cb2
                                                            0x00403ca2
                                                            0x00000000
                                                            0x00403ca2
                                                            0x00403c88
                                                            0x00403c8f
                                                            0x00403c95
                                                            0x00403c97
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00403c97
                                                            0x00403c53
                                                            0x00000000
                                                            0x00403c31
                                                            0x00403c37
                                                            0x00403c41
                                                            0x00404048
                                                            0x00404048
                                                            0x0040404e
                                                            0x00404050
                                                            0x00404056
                                                            0x0040405b
                                                            0x00404061
                                                            0x00404061
                                                            0x00404056
                                                            0x0040406b
                                                            0x00000000
                                                            0x0040406b
                                                            0x00403c2f

                                                            APIs
                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403C06
                                                            • ShowWindow.USER32(?), ref: 00403C23
                                                            • DestroyWindow.USER32 ref: 00403C37
                                                            • SetWindowLongA.USER32 ref: 00403C53
                                                            • GetDlgItem.USER32 ref: 00403C74
                                                            • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403C88
                                                            • IsWindowEnabled.USER32(00000000), ref: 00403C8F
                                                            • GetDlgItem.USER32 ref: 00403D3D
                                                            • GetDlgItem.USER32 ref: 00403D47
                                                            • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403D61
                                                            • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403DB2
                                                            • GetDlgItem.USER32 ref: 00403E58
                                                            • ShowWindow.USER32(00000000,?), ref: 00403E79
                                                            • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403E8B
                                                            • EnableWindow.USER32(?,?), ref: 00403EA6
                                                            • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403EBC
                                                            • EnableMenuItem.USER32 ref: 00403EC3
                                                            • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403EDB
                                                            • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403EEE
                                                            • lstrlenA.KERNEL32(Wildix Integration Service v3.9.1 Setup ,?,Wildix Integration Service v3.9.1 Setup ,00000000), ref: 00403F18
                                                            • SetWindowTextA.USER32(?,Wildix Integration Service v3.9.1 Setup ), ref: 00403F27
                                                            • ShowWindow.USER32(?,0000000A), ref: 0040405B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Window$Item$MessageSend$Show$CallbackDispatcherEnableMenuUser$DestroyEnabledLongSystemTextlstrlen
                                                            • String ID: Click Next to continue.$Wildix Integration Service v3.9.1 Setup
                                                            • API String ID: 3906175533-3292263704
                                                            • Opcode ID: 5ffd1eee2a53c0bce8439eebe02f74cc0bfe9fdaa9e9cbb129ddddf772baf92f
                                                            • Instruction ID: 8391a727dd330e9af47019fb45b898bbd0b6ec160f5193fdc8e4d7e88c7c5567
                                                            • Opcode Fuzzy Hash: 5ffd1eee2a53c0bce8439eebe02f74cc0bfe9fdaa9e9cbb129ddddf772baf92f
                                                            • Instruction Fuzzy Hash: 39C1B171600704AFDB20AF62EE45E2B3AA9FB95706F40043EF642B51E1CB799852DB1D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040382D Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 290 40382d-403845 call 4063a8 293 403847-403857 call 405f6e 290->293 294 403859-40388a call 405ef7 290->294 303 4038ad-4038d6 call 403af2 call 405a96 293->303 299 4038a2-4038a8 lstrcatA 294->299 300 40388c-40389d call 405ef7 294->300 299->303 300->299 308 4038dc-4038e1 303->308 309 40395d-403965 call 405a96 303->309 308->309 310 4038e3-4038fb call 405ef7 308->310 315 403973-403998 LoadImageA 309->315 316 403967-40396e call 406032 309->316 314 403900-403907 310->314 314->309 317 403909-40390b 314->317 319 403a19-403a21 call 40140b 315->319 320 40399a-4039ca RegisterClassA 315->320 316->315 321 40391c-403928 lstrlenA 317->321 322 40390d-40391a call 4059d3 317->322 334 403a23-403a26 319->334 335 403a2b-403a36 call 403af2 319->335 323 4039d0-403a14 SystemParametersInfoA CreateWindowExA 320->323 324 403ae8 320->324 328 403950-403958 call 4059a8 call 406010 321->328 329 40392a-403938 lstrcmpiA 321->329 322->321 323->319 327 403aea-403af1 324->327 328->309 329->328 333 40393a-403944 GetFileAttributesA 329->333 338 403946-403948 333->338 339 40394a-40394b call 4059ef 333->339 334->327 343 403a3c-403a56 ShowWindow call 40633a 335->343 344 403abf-403ac0 call 405209 335->344 338->328 338->339 339->328 351 403a62-403a74 GetClassInfoA 343->351 352 403a58-403a5d call 40633a 343->352 347 403ac5-403ac7 344->347 349 403ae1-403ae3 call 40140b 347->349 350 403ac9-403acf 347->350 349->324 350->334 353 403ad5-403adc call 40140b 350->353 356 403a76-403a86 GetClassInfoA RegisterClassA 351->356 357 403a8c-403aaf DialogBoxParamA call 40140b 351->357 352->351 353->334 356->357 361 403ab4-403abd call 40377d 357->361 361->327
                                                            C-Code - Quality: 96%
                                                            			E0040382D(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				int _t34;
				int _t35;
				intOrPtr _t36;
				int _t39;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t81;

				_t76 =  *0x42f414;
				_t17 = E004063A8(2);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x42a870;
					"1033" = 0x30;
					 *0x436001 = 0x78;
					 *0x436002 = 0;
					E00405EF7(_t71, __eflags, 0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x42a870, 0);
					__eflags =  *0x42a870; // 0x57
					if(__eflags == 0) {
						E00405EF7(_t71, __eflags, 0x80000003, ".DEFAULT\\Control Panel\\International",  &M00408362, 0x42a870, 0);
					}
					lstrcatA("1033", _t74);
				} else {
					E00405F6E("1033",  *_t17() & 0x0000ffff);
				}
				E00403AF2(_t71, _t84);
				_t80 = "C:\\Program Files\\Wildix\\WIService";
				 *0x42f4a0 =  *0x42f41c & 0x00000020;
				 *0x42f4bc = 0x10000;
				if(E00405A96(_t84, "C:\\Program Files\\Wildix\\WIService") != 0) {
					L16:
					if(E00405A96(_t92, _t80) == 0) {
						E00406032(0, _t74, _t76, _t80,  *((intOrPtr*)(_t76 + 0x118))); // executed
					}
					_t25 = LoadImageA( *0x42f400, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x42ebe8 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403AF2(_t71, __eflags);
							__eflags =  *0x42f4c0;
							if( *0x42f4c0 != 0) {
								_t28 = E00405209(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42ebcc; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42a850, 5); // executed
							_t34 = E0040633A("RichEd20"); // executed
							__eflags = _t34;
							if(_t34 == 0) {
								E0040633A("RichEd32");
							}
							_t81 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t81, 0x42eba0);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x42eba0);
								 *0x42ebc4 = _t81;
								RegisterClassA(0x42eba0);
							}
							_t36 =  *0x42ebe0; // 0x0
							_t39 = DialogBoxParamA( *0x42f400, _t36 + 0x00000069 & 0x0000ffff, 0, E00403BCA, 0); // executed
							E0040377D(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x42f400;
						 *0x42eba4 = E00401000;
						 *0x42ebb0 =  *0x42f400;
						 *0x42ebb4 = _t25;
						 *0x42ebc4 = 0x40a1f4;
						if(RegisterClassA(0x42eba0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x42a850 = CreateWindowExA(0x80, 0x40a1f4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42f400, 0);
						goto L21;
					}
				} else {
					_t71 =  *(_t76 + 0x48);
					_t86 = _t71;
					if(_t71 == 0) {
						goto L16;
					}
					_t74 = 0x42e3a0;
					E00405EF7(_t71, _t86,  *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) +  *0x42f458, 0x42e3a0, 0);
					_t57 =  *0x42e3a0; // 0x0
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x42e3a1;
						 *((char*)(E004059D3(0x42e3a1, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E00406010(_t80, E004059A8(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E004059EF(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                            0x00403833
                                                            0x0040383c
                                                            0x00403843
                                                            0x00403845
                                                            0x00403859
                                                            0x0040386b
                                                            0x00403872
                                                            0x00403879
                                                            0x0040387f
                                                            0x00403884
                                                            0x0040388a
                                                            0x0040389d
                                                            0x0040389d
                                                            0x004038a8
                                                            0x00403847
                                                            0x00403852
                                                            0x00403852
                                                            0x004038ad
                                                            0x004038b7
                                                            0x004038c0
                                                            0x004038c5
                                                            0x004038d6
                                                            0x0040395d
                                                            0x00403965
                                                            0x0040396e
                                                            0x0040396e
                                                            0x00403984
                                                            0x0040398a
                                                            0x00403998
                                                            0x00403a19
                                                            0x00403a21
                                                            0x00403a2b
                                                            0x00403a30
                                                            0x00403a36
                                                            0x00403ac0
                                                            0x00403ac5
                                                            0x00403ac7
                                                            0x00403ae3
                                                            0x00000000
                                                            0x00403ae3
                                                            0x00403ac9
                                                            0x00403acf
                                                            0x00403ad7
                                                            0x00403ad7
                                                            0x00000000
                                                            0x00403acf
                                                            0x00403a44
                                                            0x00403a4f
                                                            0x00403a54
                                                            0x00403a56
                                                            0x00403a5d
                                                            0x00403a5d
                                                            0x00403a68
                                                            0x00403a70
                                                            0x00403a72
                                                            0x00403a74
                                                            0x00403a7d
                                                            0x00403a80
                                                            0x00403a86
                                                            0x00403a86
                                                            0x00403a8c
                                                            0x00403aa5
                                                            0x00403ab6
                                                            0x00000000
                                                            0x00403abb
                                                            0x00403a23
                                                            0x00403a25
                                                            0x00000000
                                                            0x0040399a
                                                            0x0040399a
                                                            0x004039a6
                                                            0x004039b0
                                                            0x004039b6
                                                            0x004039bb
                                                            0x004039ca
                                                            0x00403ae8
                                                            0x00403ae8
                                                            0x00000000
                                                            0x00403ae8
                                                            0x004039d9
                                                            0x00403a14
                                                            0x00000000
                                                            0x00403a14
                                                            0x004038dc
                                                            0x004038dc
                                                            0x004038df
                                                            0x004038e1
                                                            0x00000000
                                                            0x00000000
                                                            0x004038eb
                                                            0x004038fb
                                                            0x00403900
                                                            0x00403907
                                                            0x00000000
                                                            0x00000000
                                                            0x0040390b
                                                            0x0040390d
                                                            0x0040391a
                                                            0x0040391a
                                                            0x00403922
                                                            0x00403928
                                                            0x00403950
                                                            0x00403958
                                                            0x00000000
                                                            0x0040393a
                                                            0x0040393b
                                                            0x00403944
                                                            0x0040394a
                                                            0x0040394b
                                                            0x00000000
                                                            0x0040394b
                                                            0x00403946
                                                            0x00403948
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00403948
                                                            0x00403928

                                                            APIs
                                                              • Part of subcall function 004063A8: GetModuleHandleA.KERNEL32(?,?,?,004032DE,0000000A), ref: 004063BA
                                                              • Part of subcall function 004063A8: GetProcAddress.KERNEL32(00000000,?), ref: 004063D5
                                                            • lstrcatA.KERNEL32(1033,Wildix Integration Service v3.9.1 Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix Integration Service v3.9.1 Setup ,00000000,00000002,7476FA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SetupWIService.exe" ,00000000), ref: 004038A8
                                                            • lstrlenA.KERNEL32(0042E3A0,?,?,?,0042E3A0,00000000,C:\Program Files\Wildix\WIService,1033,Wildix Integration Service v3.9.1 Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix Integration Service v3.9.1 Setup ,00000000,00000002,7476FA90), ref: 0040391D
                                                            • lstrcmpiA.KERNEL32(?,.exe,0042E3A0,?,?,?,0042E3A0,00000000,C:\Program Files\Wildix\WIService,1033,Wildix Integration Service v3.9.1 Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix Integration Service v3.9.1 Setup ,00000000), ref: 00403930
                                                            • GetFileAttributesA.KERNEL32(0042E3A0), ref: 0040393B
                                                            • LoadImageA.USER32 ref: 00403984
                                                              • Part of subcall function 00405F6E: wsprintfA.USER32 ref: 00405F7B
                                                            • RegisterClassA.USER32 ref: 004039C1
                                                            • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 004039D9
                                                            • CreateWindowExA.USER32 ref: 00403A0E
                                                            • ShowWindow.USER32(00000005,00000000), ref: 00403A44
                                                            • GetClassInfoA.USER32 ref: 00403A70
                                                            • GetClassInfoA.USER32 ref: 00403A7D
                                                            • RegisterClassA.USER32 ref: 00403A86
                                                            • DialogBoxParamA.USER32 ref: 00403AA5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                            • String ID: "C:\Users\user\Desktop\SetupWIService.exe" $-proxyex$.DEFAULT\Control Panel\International$.exe$1033$C:\Program Files\Wildix\WIService$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$Wildix Integration Service v3.9.1 Setup $_Nb
                                                            • API String ID: 1975747703-216176041
                                                            • Opcode ID: 15822f17e376e41266fbf8a251ac5c412d7bb8a3b85e81a9d7c16052a8cecaf4
                                                            • Instruction ID: 5bdd09b32da2b5bd11ad56600dd1adb443959310d265eb20ccced3f07ac4f103
                                                            • Opcode Fuzzy Hash: 15822f17e376e41266fbf8a251ac5c412d7bb8a3b85e81a9d7c16052a8cecaf4
                                                            • Instruction Fuzzy Hash: B461C770340201AED620BB669D45F2B3E6CEB54749F80447FF981B22E2CB7D9D469B2D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402DC4 Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 181memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 364 402dc4-402e12 GetTickCount GetModuleFileNameA call 405ba9 367 402e14-402e19 364->367 368 402e1e-402e4c call 406010 call 4059ef call 406010 GetFileSize 364->368 369 402ff4-402ff8 367->369 376 402e52 368->376 377 402f37-402f45 call 402d60 368->377 379 402e57-402e6e 376->379 383 402f47-402f4a 377->383 384 402f9a-402f9f 377->384 381 402e70 379->381 382 402e72-402e7b call 40320d 379->382 381->382 391 402fa1-402fa9 call 402d60 382->391 392 402e81-402e88 382->392 386 402f4c-402f64 call 403223 call 40320d 383->386 387 402f6e-402f98 GlobalAlloc call 403223 call 402ffb 383->387 384->369 386->384 415 402f66-402f6c 386->415 387->384 413 402fab-402fbc 387->413 391->384 393 402f04-402f08 392->393 394 402e8a-402e9e call 405b64 392->394 401 402f12-402f18 393->401 402 402f0a-402f11 call 402d60 393->402 394->401 411 402ea0-402ea7 394->411 404 402f27-402f2f 401->404 405 402f1a-402f24 call 40645f 401->405 402->401 404->379 412 402f35 404->412 405->404 411->401 417 402ea9-402eb0 411->417 412->377 418 402fc4-402fc9 413->418 419 402fbe 413->419 415->384 415->387 417->401 420 402eb2-402eb9 417->420 421 402fca-402fd0 418->421 419->418 420->401 422 402ebb-402ec2 420->422 421->421 423 402fd2-402fed SetFilePointer call 405b64 421->423 422->401 424 402ec4-402ee4 422->424 427 402ff2 423->427 424->384 426 402eea-402eee 424->426 428 402ef0-402ef4 426->428 429 402ef6-402efe 426->429 427->369 428->412 428->429 429->401 430 402f00-402f02 429->430 430->401
                                                            C-Code - Quality: 80%
                                                            			E00402DC4(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\jones\\Desktop\\SetupWIService.exe";
				 *0x42f410 = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\jones\\Desktop\\SetupWIService.exe", 0x400);
				_t89 = E00405BA9(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\jones\\Desktop";
				E00406010("C:\\Users\\jones\\Desktop", _t91);
				E00406010("SetupWIService.exe", E004059EF(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x42942c = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402D60(1);
					__eflags =  *0x42f418 - _t82;
					if( *0x42f418 == _t82) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						E00403223( *0x42f418 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402FFB(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x42f414 = _t94;
							 *0x42f41c =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x42f420 =  *0x42f420 + 1;
								__eflags =  *0x42f420;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405B64(0x42f440, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E00403223( *0x41d420);
					_t65 = E0040320D( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x42f418) & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E0040320D(0x415420, _t90);
						__eflags = _t71;
						if(_t71 == 0) {
							E00402D60(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42f418;
						if( *0x42f418 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402D60(0);
							}
							goto L20;
						}
						E00405B64( &_v44, 0x415420, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x41d420; // 0xb46984
						 *0x42f4c0 =  *0x42f4c0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x42f418 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t24 = _t80 - 4; // 0x40a194
							_t93 = _t24;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x42942c; // 0xb492b8
						if(__eflags < 0) {
							_v12 = E0040645F(_v12, 0x415420, _t90);
						}
						 *0x41d420 =  *0x41d420 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 != 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}































                                                            0x00402dcc
                                                            0x00402dcf
                                                            0x00402dd2
                                                            0x00402dd5
                                                            0x00402ddb
                                                            0x00402dec
                                                            0x00402df1
                                                            0x00402e04
                                                            0x00402e09
                                                            0x00402e0c
                                                            0x00402e12
                                                            0x00000000
                                                            0x00402e14
                                                            0x00402e1f
                                                            0x00402e25
                                                            0x00402e36
                                                            0x00402e3d
                                                            0x00402e43
                                                            0x00402e45
                                                            0x00402e4a
                                                            0x00402e4c
                                                            0x00402f37
                                                            0x00402f39
                                                            0x00402f3e
                                                            0x00402f45
                                                            0x00000000
                                                            0x00000000
                                                            0x00402f47
                                                            0x00402f4a
                                                            0x00402f6e
                                                            0x00402f73
                                                            0x00402f79
                                                            0x00402f84
                                                            0x00402f89
                                                            0x00402f8c
                                                            0x00402f8d
                                                            0x00402f8e
                                                            0x00402f90
                                                            0x00402f95
                                                            0x00402f98
                                                            0x00402fab
                                                            0x00402faf
                                                            0x00402fb7
                                                            0x00402fbc
                                                            0x00402fbe
                                                            0x00402fbe
                                                            0x00402fbe
                                                            0x00402fc6
                                                            0x00402fc6
                                                            0x00402fc9
                                                            0x00402fca
                                                            0x00402fca
                                                            0x00402fcd
                                                            0x00402fcf
                                                            0x00402fcf
                                                            0x00402fcf
                                                            0x00402fd9
                                                            0x00402fdf
                                                            0x00402fed
                                                            0x00402ff2
                                                            0x00000000
                                                            0x00402ff2
                                                            0x00000000
                                                            0x00402f98
                                                            0x00402f52
                                                            0x00402f5d
                                                            0x00402f62
                                                            0x00402f64
                                                            0x00000000
                                                            0x00000000
                                                            0x00402f69
                                                            0x00402f6c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00402e52
                                                            0x00402e57
                                                            0x00402e5c
                                                            0x00402e60
                                                            0x00402e67
                                                            0x00402e6c
                                                            0x00402e6e
                                                            0x00402e70
                                                            0x00402e70
                                                            0x00402e74
                                                            0x00402e79
                                                            0x00402e7b
                                                            0x00402fa3
                                                            0x00402f9a
                                                            0x00000000
                                                            0x00402f9a
                                                            0x00402e81
                                                            0x00402e88
                                                            0x00402f04
                                                            0x00402f08
                                                            0x00402f0c
                                                            0x00402f11
                                                            0x00000000
                                                            0x00402f08
                                                            0x00402e91
                                                            0x00402e96
                                                            0x00402e99
                                                            0x00402e9e
                                                            0x00000000
                                                            0x00000000
                                                            0x00402ea0
                                                            0x00402ea7
                                                            0x00000000
                                                            0x00000000
                                                            0x00402ea9
                                                            0x00402eb0
                                                            0x00000000
                                                            0x00000000
                                                            0x00402eb2
                                                            0x00402eb9
                                                            0x00000000
                                                            0x00000000
                                                            0x00402ebb
                                                            0x00402ec2
                                                            0x00000000
                                                            0x00000000
                                                            0x00402ec4
                                                            0x00402eca
                                                            0x00402ed3
                                                            0x00402ed9
                                                            0x00402edc
                                                            0x00402ede
                                                            0x00402ee4
                                                            0x00000000
                                                            0x00000000
                                                            0x00402eea
                                                            0x00402eee
                                                            0x00402ef6
                                                            0x00402ef6
                                                            0x00402ef9
                                                            0x00402ef9
                                                            0x00402efc
                                                            0x00402efe
                                                            0x00402f00
                                                            0x00402f00
                                                            0x00000000
                                                            0x00402efe
                                                            0x00402ef0
                                                            0x00402ef4
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00402f12
                                                            0x00402f12
                                                            0x00402f18
                                                            0x00402f24
                                                            0x00402f24
                                                            0x00402f27
                                                            0x00402f2d
                                                            0x00402f2d
                                                            0x00402f2d
                                                            0x00402f35
                                                            0x00402f35
                                                            0x00000000
                                                            0x00402f35

                                                            APIs
                                                            • GetTickCount.KERNEL32 ref: 00402DD5
                                                            • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\SetupWIService.exe,00000400), ref: 00402DF1
                                                              • Part of subcall function 00405BA9: GetFileAttributesA.KERNELBASE(00000003,00402E04,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405BAD
                                                              • Part of subcall function 00405BA9: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BCF
                                                            • GetFileSize.KERNEL32(00000000,00000000,SetupWIService.exe,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SetupWIService.exe,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00402E3D
                                                            • GlobalAlloc.KERNELBASE(00000040,00000020), ref: 00402F73
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                            • String ID: TA$"C:\Users\user\Desktop\SetupWIService.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SetupWIService.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$SetupWIService.exe$soft
                                                            • API String ID: 2803837635-1824014388
                                                            • Opcode ID: a6173edc5218a8736919d7ec244e80ad4ff8d0a671bf7eda1f584d4bdf14a1ba
                                                            • Instruction ID: 027006cf2d98db9fa9c400e5027e86f3261d974ae097fd254c994c4dc937b6e6
                                                            • Opcode Fuzzy Hash: a6173edc5218a8736919d7ec244e80ad4ff8d0a671bf7eda1f584d4bdf14a1ba
                                                            • Instruction Fuzzy Hash: FF51E471900215ABCB20AF64DE89B9F7BB8EB14359F50403BF500B32D1C6BC9E459AAD
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00406032 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 199stringCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 653 406032-40603d 654 406050-406066 653->654 655 40603f-40604e 653->655 656 406257-40625b 654->656 657 40606c-406077 654->657 655->654 658 406261-40626b 656->658 659 406089-406093 656->659 657->656 660 40607d-406084 657->660 662 406276-406277 658->662 663 40626d-406271 call 406010 658->663 659->658 661 406099-4060a0 659->661 660->656 664 4060a6-4060da 661->664 665 40624a 661->665 663->662 667 4060e0-4060ea 664->667 668 4061f7-4061fa 664->668 669 406254-406256 665->669 670 40624c-406252 665->670 671 406104 667->671 672 4060ec-4060f0 667->672 673 40622a-40622d 668->673 674 4061fc-4061ff 668->674 669->656 670->656 678 40610b-406112 671->678 672->671 675 4060f2-4060f6 672->675 679 40623b-406248 lstrlenA 673->679 680 40622f-406236 call 406032 673->680 676 406201-40620d call 405f6e 674->676 677 40620f-40621b call 406010 674->677 675->671 682 4060f8-4060fc 675->682 691 406220-406226 676->691 677->691 684 406114-406116 678->684 685 406117-406119 678->685 679->656 680->679 682->671 687 4060fe-406102 682->687 684->685 689 406152-406155 685->689 690 40611b-406136 call 405ef7 685->690 687->678 692 406165-406168 689->692 693 406157-406163 GetSystemDirectoryA 689->693 699 40613b-40613e 690->699 691->679 695 406228 691->695 697 4061d5-4061d7 692->697 698 40616a-406178 GetWindowsDirectoryA 692->698 696 4061d9-4061dc 693->696 700 4061ef-4061f5 call 40627a 695->700 696->700 701 4061de-4061e2 696->701 697->696 703 40617a-406184 697->703 698->697 699->701 704 406144-40614d call 406032 699->704 700->679 701->700 706 4061e4-4061ea lstrcatA 701->706 708 406186-406189 703->708 709 40619e-4061b4 SHGetSpecialFolderLocation 703->709 704->696 706->700 708->709 711 40618b-406192 708->711 712 4061d2 709->712 713 4061b6-4061d0 SHGetPathFromIDListA CoTaskMemFree 709->713 714 40619a-40619c 711->714 712->697 713->696 713->712 714->696 714->709
                                                            C-Code - Quality: 72%
                                                            			E00406032(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				struct _ITEMIDLIST* _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t38;
				CHAR* _t39;
				signed int _t41;
				char _t52;
				char _t53;
				char _t55;
				char _t57;
				void* _t65;
				char* _t66;
				signed int _t80;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				CHAR* _t90;
				void* _t92;
				signed int _t97;
				signed int _t99;
				void* _t100;

				_t92 = __esi;
				_t89 = __edi;
				_t65 = __ebx;
				_t38 = _a8;
				if(_t38 < 0) {
					_t86 =  *0x42ebdc; // 0x5d4598
					_t38 =  *(_t86 - 4 + _t38 * 4);
				}
				_push(_t65);
				_push(_t92);
				_push(_t89);
				_t66 = _t38 +  *0x42f458;
				_t39 = 0x42e3a0;
				_t90 = 0x42e3a0;
				if(_a4 >= 0x42e3a0 && _a4 - 0x42e3a0 < 0x800) {
					_t90 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t88 =  *_t66;
					if(_t88 == 0) {
						break;
					}
					__eflags = _t90 - _t39 - 0x400;
					if(_t90 - _t39 >= 0x400) {
						break;
					}
					_t66 = _t66 + 1;
					__eflags = _t88 - 4;
					_a8 = _t66;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t90 = _t88;
							_t90 =  &(_t90[1]);
							__eflags = _t90;
						} else {
							 *_t90 =  *_t66;
							_t90 =  &(_t90[1]);
							_t66 = _t66 + 1;
						}
						continue;
					}
					_t41 =  *((char*)(_t66 + 1));
					_t80 =  *_t66;
					_t97 = (_t41 & 0x0000007f) << 0x00000007 | _t80 & 0x0000007f;
					_v24 = _t80;
					_v28 = _t80 | 0x00000080;
					_v16 = _t41;
					_v20 = _t41 | 0x00000080;
					_t66 = _a8 + 2;
					__eflags = _t88 - 2;
					if(_t88 != 2) {
						__eflags = _t88 - 3;
						if(_t88 != 3) {
							__eflags = _t88 - 1;
							if(_t88 == 1) {
								__eflags = (_t41 | 0xffffffff) - _t97;
								E00406032(_t66, _t90, _t97, _t90, (_t41 | 0xffffffff) - _t97);
							}
							L42:
							_t90 =  &(_t90[lstrlenA(_t90)]);
							_t39 = 0x42e3a0;
							continue;
						}
						__eflags = _t97 - 0x1d;
						if(_t97 != 0x1d) {
							__eflags = "0x00004688" + (_t97 << 0xa);
							E00406010(_t90, "0x00004688" + (_t97 << 0xa));
						} else {
							E00405F6E(_t90,  *0x42f408);
						}
						__eflags = _t97 + 0xffffffeb - 7;
						if(_t97 + 0xffffffeb < 7) {
							L33:
							E0040627A(_t90);
						}
						goto L42;
					}
					_t52 =  *0x42f40c;
					__eflags = _t52;
					_t99 = 2;
					if(_t52 >= 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x42f4a4;
						if( *0x42f4a4 != 0) {
							_t99 = 4;
						}
						__eflags = _t80;
						if(__eflags >= 0) {
							__eflags = _t80 - 0x25;
							if(_t80 != 0x25) {
								__eflags = _t80 - 0x24;
								if(_t80 == 0x24) {
									GetWindowsDirectoryA(_t90, 0x400);
									_t99 = 0;
								}
								while(1) {
									__eflags = _t99;
									if(_t99 == 0) {
										goto L30;
									}
									_t53 =  *0x42f404;
									_t99 = _t99 - 1;
									__eflags = _t53;
									if(_t53 == 0) {
										L26:
										_t55 = SHGetSpecialFolderLocation( *0x42f408,  *(_t100 + _t99 * 4 - 0x18),  &_v8);
										__eflags = _t55;
										if(_t55 != 0) {
											L28:
											 *_t90 =  *_t90 & 0x00000000;
											__eflags =  *_t90;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v8, _t90);
										_v12 = _t55;
										__imp__CoTaskMemFree(_v8);
										__eflags = _v12;
										if(_v12 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t57 =  *_t53( *0x42f408,  *(_t100 + _t99 * 4 - 0x18), 0, 0, _t90); // executed
									__eflags = _t57;
									if(_t57 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t90, 0x400);
							goto L30;
						} else {
							E00405EF7((_t80 & 0x0000003f) +  *0x42f458, __eflags, 0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t80 & 0x0000003f) +  *0x42f458, _t90, _t80 & 0x00000040); // executed
							__eflags =  *_t90;
							if( *_t90 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t90, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E00406032(_t66, _t90, _t99, _t90, _v16);
							L30:
							__eflags =  *_t90;
							if( *_t90 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags = _t52 - 0x5a04;
					if(_t52 == 0x5a04) {
						goto L13;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L13;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L13;
					} else {
						_a8 = _a8 & 0x00000000;
						goto L14;
					}
				}
				 *_t90 =  *_t90 & 0x00000000;
				if(_a4 == 0) {
					return _t39;
				}
				return E00406010(_a4, _t39);
			}



























                                                            0x00406032
                                                            0x00406032
                                                            0x00406032
                                                            0x00406038
                                                            0x0040603d
                                                            0x0040603f
                                                            0x0040604e
                                                            0x0040604e
                                                            0x00406056
                                                            0x00406057
                                                            0x00406058
                                                            0x00406059
                                                            0x0040605c
                                                            0x00406064
                                                            0x00406066
                                                            0x0040607d
                                                            0x00406080
                                                            0x00406080
                                                            0x00406257
                                                            0x00406257
                                                            0x0040625b
                                                            0x00000000
                                                            0x00000000
                                                            0x0040608d
                                                            0x00406093
                                                            0x00000000
                                                            0x00000000
                                                            0x00406099
                                                            0x0040609a
                                                            0x0040609d
                                                            0x004060a0
                                                            0x0040624a
                                                            0x00406254
                                                            0x00406256
                                                            0x00406256
                                                            0x0040624c
                                                            0x0040624e
                                                            0x00406250
                                                            0x00406251
                                                            0x00406251
                                                            0x00000000
                                                            0x0040624a
                                                            0x004060a6
                                                            0x004060aa
                                                            0x004060ba
                                                            0x004060c1
                                                            0x004060c4
                                                            0x004060cc
                                                            0x004060cf
                                                            0x004060d6
                                                            0x004060d7
                                                            0x004060da
                                                            0x004061f7
                                                            0x004061fa
                                                            0x0040622a
                                                            0x0040622d
                                                            0x00406232
                                                            0x00406236
                                                            0x00406236
                                                            0x0040623b
                                                            0x00406241
                                                            0x00406243
                                                            0x00000000
                                                            0x00406243
                                                            0x004061fc
                                                            0x004061ff
                                                            0x00406214
                                                            0x0040621b
                                                            0x00406201
                                                            0x00406208
                                                            0x00406208
                                                            0x00406223
                                                            0x00406226
                                                            0x004061ef
                                                            0x004061f0
                                                            0x004061f0
                                                            0x00000000
                                                            0x00406226
                                                            0x004060e0
                                                            0x004060e7
                                                            0x004060e9
                                                            0x004060ea
                                                            0x00406104
                                                            0x00406104
                                                            0x0040610b
                                                            0x0040610b
                                                            0x00406112
                                                            0x00406116
                                                            0x00406116
                                                            0x00406117
                                                            0x00406119
                                                            0x00406152
                                                            0x00406155
                                                            0x00406165
                                                            0x00406168
                                                            0x00406170
                                                            0x00406176
                                                            0x00406176
                                                            0x004061d5
                                                            0x004061d5
                                                            0x004061d7
                                                            0x00000000
                                                            0x00000000
                                                            0x0040617a
                                                            0x00406181
                                                            0x00406182
                                                            0x00406184
                                                            0x0040619e
                                                            0x004061ac
                                                            0x004061b2
                                                            0x004061b4
                                                            0x004061d2
                                                            0x004061d2
                                                            0x004061d2
                                                            0x00000000
                                                            0x004061d2
                                                            0x004061ba
                                                            0x004061c3
                                                            0x004061c6
                                                            0x004061cc
                                                            0x004061d0
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004061d0
                                                            0x00406186
                                                            0x00406189
                                                            0x00000000
                                                            0x00000000
                                                            0x00406198
                                                            0x0040619a
                                                            0x0040619c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040619c
                                                            0x00000000
                                                            0x004061d5
                                                            0x0040615d
                                                            0x00000000
                                                            0x0040611b
                                                            0x00406136
                                                            0x0040613b
                                                            0x0040613e
                                                            0x004061de
                                                            0x004061de
                                                            0x004061e2
                                                            0x004061ea
                                                            0x004061ea
                                                            0x00000000
                                                            0x004061e2
                                                            0x00406148
                                                            0x004061d9
                                                            0x004061d9
                                                            0x004061dc
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004061dc
                                                            0x00406119
                                                            0x004060ec
                                                            0x004060f0
                                                            0x00000000
                                                            0x00000000
                                                            0x004060f2
                                                            0x004060f6
                                                            0x00000000
                                                            0x00000000
                                                            0x004060f8
                                                            0x004060fc
                                                            0x00000000
                                                            0x004060fe
                                                            0x004060fe
                                                            0x00000000
                                                            0x004060fe
                                                            0x004060fc
                                                            0x00406261
                                                            0x0040626b
                                                            0x00406277
                                                            0x00406277
                                                            0x00000000

                                                            APIs
                                                            • GetSystemDirectoryA.KERNEL32 ref: 0040615D
                                                            • GetWindowsDirectoryA.KERNEL32(0042E3A0,00000400,?,Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,00000000,0040516F,Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,00000000), ref: 00406170
                                                            • SHGetSpecialFolderLocation.SHELL32(0040516F,7476EA30,?,Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,00000000,0040516F,Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,00000000), ref: 004061AC
                                                            • SHGetPathFromIDListA.SHELL32(7476EA30,0042E3A0), ref: 004061BA
                                                            • CoTaskMemFree.OLE32(7476EA30), ref: 004061C6
                                                            • lstrcatA.KERNEL32(0042E3A0,\Microsoft\Internet Explorer\Quick Launch), ref: 004061EA
                                                            • lstrlenA.KERNEL32(0042E3A0,?,Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,00000000,0040516F,Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,00000000,00000000,00421E7B,7476EA30), ref: 0040623C
                                                            Strings
                                                            • Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc, xrefs: 00406057
                                                            • 0x00004688, xrefs: 00406214
                                                            • \Microsoft\Internet Explorer\Quick Launch, xrefs: 004061E4
                                                            • Software\Microsoft\Windows\CurrentVersion, xrefs: 0040612C
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                            • String ID: 0x00004688$Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                            • API String ID: 717251189-1121203310
                                                            • Opcode ID: b5f21783dff86301b55f28ea11f9c7815398c55a2ca1ca21ed943f87329636d9
                                                            • Instruction ID: 0eb145c1bee873094c14c85ea59bbbcbcc52f889deb60e0de917f7e6e63be494
                                                            • Opcode Fuzzy Hash: b5f21783dff86301b55f28ea11f9c7815398c55a2ca1ca21ed943f87329636d9
                                                            • Instruction Fuzzy Hash: F1610171900114AEDF24AF64CC84BBE3BA5AB15314F52417FE913BA2D2C77C49A2CB5E
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401759 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 147stringtimeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 784 401759-40177c call 402b2c call 405a15 789 401786-401798 call 406010 call 4059a8 lstrcatA 784->789 790 40177e-401784 call 406010 784->790 795 40179d-4017a3 call 40627a 789->795 790->795 800 4017a8-4017ac 795->800 801 4017ae-4017b8 call 406313 800->801 802 4017df-4017e2 800->802 809 4017ca-4017dc 801->809 810 4017ba-4017c8 CompareFileTime 801->810 804 4017e4-4017e5 call 405b84 802->804 805 4017ea-401806 call 405ba9 802->805 804->805 812 401808-40180b 805->812 813 40187e-4018a7 call 405137 call 402ffb 805->813 809->802 810->809 815 401860-40186a call 405137 812->815 816 40180d-40184f call 406010 * 2 call 406032 call 406010 call 40572c 812->816 827 4018a9-4018ad 813->827 828 4018af-4018bb SetFileTime 813->828 825 401873-401879 815->825 816->800 849 401855-401856 816->849 829 4029c1 825->829 827->828 831 4018c1-4018cc FindCloseChangeNotification 827->831 828->831 833 4029c3-4029c7 829->833 834 4018d2-4018d5 831->834 835 4029b8-4029bb 831->835 837 4018d7-4018e8 call 406032 lstrcatA 834->837 838 4018ea-4018ed call 406032 834->838 835->829 844 4018f2-402349 837->844 838->844 847 40234e-402353 844->847 848 402349 call 40572c 844->848 847->833 848->847 849->825 850 401858-401859 849->850 850->815
                                                            C-Code - Quality: 61%
                                                            			E00401759(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				CHAR* _t83;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402B2C(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x34) & 0x00000007;
				_t33 = E00405A15(_t82);
				_push(_t82);
				_t83 = "--proxyex";
				if(_t33 == 0) {
					lstrcatA(E004059A8(E00406010(_t83, "C:\\Program Files\\Wildix\\WIService")), ??);
				} else {
					E00406010();
				}
				E0040627A(_t83);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00406313(_t83);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x28);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405B84(_t83);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405BA9(_t83, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0xc) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00405137(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x42f4a8;
						goto L32;
					} else {
						E00406010(0x40ac18, "0x00004688");
						E00406010("0x00004688", _t83);
						E00406032(_t75, 0x40ac18, _t83, "C:\Program Files\Wildix\WIService\proxyex.lnk",  *((intOrPtr*)(_t85 - 0x20)));
						E00406010("0x00004688", 0x40ac18);
						_t62 = E0040572C("C:\Program Files\Wildix\WIService\proxyex.lnk",  *(_t85 - 0x34) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x42f4a8 =  &( *0x42f4a8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(_t83);
								_push(0xfffffffa);
								E00405137();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00405137(0xffffffea,  *(_t85 - 8)); // executed
				 *0x42f4d4 =  *0x42f4d4 + 1;
				_push(_t75);
				_push(_t75);
				_push( *(_t85 - 0xc));
				_push( *((intOrPtr*)(_t85 - 0x2c)));
				_t43 = E00402FFB(); // executed
				 *0x42f4d4 =  *0x42f4d4 - 1;
				__eflags =  *(_t85 - 0x28) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x28) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0xc), _t85 - 0x28, _t75, _t85 - 0x28); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x24)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x24)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0xc)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00406032(_t75, _t80, _t83, _t83, 0xffffffee);
					} else {
						E00406032(_t75, _t80, _t83, _t83, 0xffffffe9);
						lstrcatA(_t83,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(_t83);
					E0040572C();
					goto L29;
				}
				goto L33;
			}

















                                                            0x00401759
                                                            0x00401760
                                                            0x00401769
                                                            0x0040176c
                                                            0x0040176f
                                                            0x00401774
                                                            0x00401775
                                                            0x0040177c
                                                            0x00401798
                                                            0x0040177e
                                                            0x0040177f
                                                            0x0040177f
                                                            0x0040179e
                                                            0x004017a8
                                                            0x004017a8
                                                            0x004017ac
                                                            0x004017af
                                                            0x004017b4
                                                            0x004017b6
                                                            0x004017b8
                                                            0x004017bd
                                                            0x004017bd
                                                            0x004017c8
                                                            0x004017c8
                                                            0x004017d9
                                                            0x004017db
                                                            0x004017db
                                                            0x004017dc
                                                            0x004017dc
                                                            0x004017df
                                                            0x004017e2
                                                            0x004017e5
                                                            0x004017e5
                                                            0x004017ec
                                                            0x004017fb
                                                            0x00401800
                                                            0x00401803
                                                            0x00401806
                                                            0x00000000
                                                            0x00000000
                                                            0x00401808
                                                            0x0040180b
                                                            0x00401865
                                                            0x0040186a
                                                            0x004015b0
                                                            0x00402783
                                                            0x00402783
                                                            0x004029b8
                                                            0x004029bb
                                                            0x004029bb
                                                            0x00000000
                                                            0x0040180d
                                                            0x00401813
                                                            0x0040181e
                                                            0x0040182b
                                                            0x00401836
                                                            0x0040184c
                                                            0x0040184c
                                                            0x0040184f
                                                            0x00000000
                                                            0x00401855
                                                            0x00401855
                                                            0x00401856
                                                            0x00401873
                                                            0x004029c1
                                                            0x004029c1
                                                            0x004029c1
                                                            0x00401858
                                                            0x00401858
                                                            0x00401859
                                                            0x00401492
                                                            0x0040234e
                                                            0x0040234e
                                                            0x0040234e
                                                            0x00401856
                                                            0x0040184f
                                                            0x004029c3
                                                            0x004029c7
                                                            0x004029c7
                                                            0x00401883
                                                            0x00401888
                                                            0x0040188e
                                                            0x0040188f
                                                            0x00401890
                                                            0x00401893
                                                            0x00401896
                                                            0x0040189b
                                                            0x004018a1
                                                            0x004018a5
                                                            0x004018a7
                                                            0x004018af
                                                            0x004018bb
                                                            0x004018a9
                                                            0x004018a9
                                                            0x004018ad
                                                            0x00000000
                                                            0x00000000
                                                            0x004018ad
                                                            0x004018c4
                                                            0x004018ca
                                                            0x004018cc
                                                            0x00000000
                                                            0x004018d2
                                                            0x004018d2
                                                            0x004018d5
                                                            0x004018ed
                                                            0x004018d7
                                                            0x004018da
                                                            0x004018e3
                                                            0x004018e3
                                                            0x004018f2
                                                            0x004018f7
                                                            0x00402349
                                                            0x00000000
                                                            0x00402349
                                                            0x00000000

                                                            APIs
                                                            • lstrcatA.KERNEL32(00000000,00000000,--proxyex,C:\Program Files\Wildix\WIService,00000000,00000000,00000031), ref: 00401798
                                                            • CompareFileTime.KERNEL32(-00000014,?,--proxyex,--proxyex,00000000,00000000,--proxyex,C:\Program Files\Wildix\WIService,00000000,00000000,00000031), ref: 004017C2
                                                              • Part of subcall function 00406010: lstrcpynA.KERNEL32(?,?,00000400,0040333D,Wildix Integration Service v3.9.1 Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040601D
                                                              • Part of subcall function 00405137: lstrlenA.KERNEL32(Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,00000000,00421E7B,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                              • Part of subcall function 00405137: lstrlenA.KERNEL32(00403156,Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,00000000,00421E7B,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                              • Part of subcall function 00405137: lstrcatA.KERNEL32(Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,00403156,00403156,Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,00000000,00421E7B,7476EA30), ref: 00405193
                                                              • Part of subcall function 00405137: SetWindowTextA.USER32(Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc), ref: 004051A5
                                                              • Part of subcall function 00405137: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004051CB
                                                              • Part of subcall function 00405137: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004051E5
                                                              • Part of subcall function 00405137: SendMessageA.USER32(?,00001013,?,00000000), ref: 004051F3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                            • String ID: --proxyex$0x00004688$C:\Program Files\Wildix\WIService$C:\Program Files\Wildix\WIService\proxyex.lnk$C:\Program Files\Wildix\WIService\proxyex.lnk
                                                            • API String ID: 1941528284-1761011089
                                                            • Opcode ID: d2d4c9be4c77887772f7a063183bc6da9d3610935c72e1bf3270bbb4a4cc9717
                                                            • Instruction ID: fcac4804817dd72ce497849c2c59a0292666c96c0e268c836f952ab8254f0f2b
                                                            • Opcode Fuzzy Hash: d2d4c9be4c77887772f7a063183bc6da9d3610935c72e1bf3270bbb4a4cc9717
                                                            • Instruction Fuzzy Hash: 5941E571900114BACF10BBB5CD45E9F3A79EF45369F20823BF412F20E2DA7C8A519A6D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405137 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 851 405137-40514c 852 405202-405206 851->852 853 405152-405164 851->853 854 405166-40516a call 406032 853->854 855 40516f-40517b lstrlenA 853->855 854->855 856 405198-40519c 855->856 857 40517d-40518d lstrlenA 855->857 860 4051ab-4051af 856->860 861 40519e-4051a5 SetWindowTextA 856->861 857->852 859 40518f-405193 lstrcatA 857->859 859->856 862 4051b1-4051f3 SendMessageA * 3 860->862 863 4051f5-4051f7 860->863 861->860 862->863 863->852 864 4051f9-4051fc 863->864 864->852
                                                            C-Code - Quality: 100%
                                                            			E00405137(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x42ebe4; // 0x103ae
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x42f4d4;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00406032(0, _t39, 0x42a050, 0x42a050, _a4);
					}
					_t26 = lstrlenA(0x42a050);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x42ebc8, 0x42a050); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x42a050;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52); // executed
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x42a050)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x42a050, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                            0x0040513d
                                                            0x00405149
                                                            0x0040514c
                                                            0x00405152
                                                            0x0040515e
                                                            0x00405161
                                                            0x00405164
                                                            0x0040516a
                                                            0x0040516a
                                                            0x00405170
                                                            0x00405178
                                                            0x0040517b
                                                            0x00405198
                                                            0x0040519c
                                                            0x004051a5
                                                            0x004051a5
                                                            0x004051af
                                                            0x004051b8
                                                            0x004051c4
                                                            0x004051cb
                                                            0x004051cf
                                                            0x004051d2
                                                            0x004051e5
                                                            0x004051f3
                                                            0x004051f3
                                                            0x004051f7
                                                            0x004051f9
                                                            0x004051fc
                                                            0x00000000
                                                            0x004051fc
                                                            0x0040517d
                                                            0x00405185
                                                            0x0040518d
                                                            0x00405193
                                                            0x00000000
                                                            0x00405193
                                                            0x0040518d
                                                            0x0040517b
                                                            0x00405206

                                                            APIs
                                                            • lstrlenA.KERNEL32(Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,00000000,00421E7B,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                            • lstrlenA.KERNEL32(00403156,Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,00000000,00421E7B,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                            • lstrcatA.KERNEL32(Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,00403156,00403156,Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,00000000,00421E7B,7476EA30), ref: 00405193
                                                            • SetWindowTextA.USER32(Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc), ref: 004051A5
                                                            • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004051CB
                                                            • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004051E5
                                                            • SendMessageA.USER32(?,00001013,?,00000000), ref: 004051F3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                            • String ID: Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc
                                                            • API String ID: 2531174081-1730707008
                                                            • Opcode ID: 2f522a59394b9be444cbcacf3a1b4d18be92345b96de9eacb0d1f76aaf85f54b
                                                            • Instruction ID: 7d4789c60296e211bada9a9e2a19d16c38d622f2d1b0cadef69f4b7d7b7d07eb
                                                            • Opcode Fuzzy Hash: 2f522a59394b9be444cbcacf3a1b4d18be92345b96de9eacb0d1f76aaf85f54b
                                                            • Instruction Fuzzy Hash: CE21A971900118BFDB119FA5CD85ADEBFA9EF08354F04807AF844A6291C7398E408FA8
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004055FD Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 865 4055fd-405648 CreateDirectoryA 866 40564a-40564c 865->866 867 40564e-40565b GetLastError 865->867 868 405675-405677 866->868 867->868 869 40565d-405671 SetFileSecurityA 867->869 869->866 870 405673 GetLastError 869->870 870->868
                                                            C-Code - Quality: 100%
                                                            			E004055FD(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x40837c;
				_v36.Group = 0x40837c;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x40836c;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                            0x00405608
                                                            0x0040560c
                                                            0x0040560f
                                                            0x00405615
                                                            0x00405619
                                                            0x0040561d
                                                            0x00405625
                                                            0x0040562c
                                                            0x00405632
                                                            0x00405639
                                                            0x00405640
                                                            0x00405648
                                                            0x0040564a
                                                            0x00000000
                                                            0x0040564a
                                                            0x00405654
                                                            0x0040565b
                                                            0x00405671
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405673
                                                            0x00405677

                                                            APIs
                                                            • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405640
                                                            • GetLastError.KERNEL32 ref: 00405654
                                                            • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405669
                                                            • GetLastError.KERNEL32 ref: 00405673
                                                            Strings
                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405623
                                                            • C:\Users\user\Desktop, xrefs: 004055FD
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                            • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                                            • API String ID: 3449924974-2028306314
                                                            • Opcode ID: 3f07113bbed92aa299f899006a5ac68722d9e9d13463f273e10feef126da3ab7
                                                            • Instruction ID: eb9787142c6b7489d22a19a099e3bfbf20428df61be735a73e08cf58b85abbae
                                                            • Opcode Fuzzy Hash: 3f07113bbed92aa299f899006a5ac68722d9e9d13463f273e10feef126da3ab7
                                                            • Instruction Fuzzy Hash: 89010871C00219EAEF009FA1C904BEFBBB8EB14354F00847AD545B6290DB7996088FA9
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040633A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 871 40633a-40635a GetSystemDirectoryA 872 40635c 871->872 873 40635e-406360 871->873 872->873 874 406370-406372 873->874 875 406362-40636a 873->875 877 406373-4063a5 wsprintfA LoadLibraryExA 874->877 875->874 876 40636c-40636e 875->876 876->877
                                                            C-Code - Quality: 100%
                                                            			E0040633A(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x40a014; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                            0x00406351
                                                            0x0040635a
                                                            0x0040635c
                                                            0x0040635c
                                                            0x00406360
                                                            0x00406372
                                                            0x0040636c
                                                            0x0040636c
                                                            0x0040636c
                                                            0x00406376
                                                            0x0040638a
                                                            0x0040639e
                                                            0x004063a5

                                                            APIs
                                                            • GetSystemDirectoryA.KERNEL32 ref: 00406351
                                                            • wsprintfA.USER32 ref: 0040638A
                                                            • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040639E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: DirectoryLibraryLoadSystemwsprintf
                                                            • String ID: %s%s.dll$UXTHEME$\
                                                            • API String ID: 2200240437-4240819195
                                                            • Opcode ID: 99878a05f639d6717cee7e73d8174e66263622090e4b33b6bcde024c159c7dc8
                                                            • Instruction ID: 4d0fdf3fe302aa3e605d302367287b0bc06203fc89102858e08200231af957cf
                                                            • Opcode Fuzzy Hash: 99878a05f639d6717cee7e73d8174e66263622090e4b33b6bcde024c159c7dc8
                                                            • Instruction Fuzzy Hash: 9EF0F670510609ABEB24AB74DD0DFEB366CAB08305F14057AAA86E11D1EA78D9358BDC
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402FFB Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 878 402ffb-40300f 879 403011 878->879 880 403018-403021 878->880 879->880 881 403023 880->881 882 40302a-40302f 880->882 881->882 883 403031-40303a call 403223 882->883 884 40303f-40304c call 40320d 882->884 883->884 888 403052-403056 884->888 889 4031fb 884->889 890 4031a6-4031a8 888->890 891 40305c-4030a5 GetTickCount 888->891 892 4031fd-4031fe 889->892 893 4031e8-4031eb 890->893 894 4031aa-4031ad 890->894 895 403203 891->895 896 4030ab-4030b3 891->896 897 403206-40320a 892->897 898 4031f0-4031f9 call 40320d 893->898 899 4031ed 893->899 894->895 900 4031af 894->900 895->897 901 4030b5 896->901 902 4030b8-4030c6 call 40320d 896->902 898->889 911 403200 898->911 899->898 904 4031b2-4031b8 900->904 901->902 902->889 910 4030cc-4030d5 902->910 908 4031ba 904->908 909 4031bc-4031ca call 40320d 904->909 908->909 909->889 915 4031cc-4031d8 call 405c50 909->915 913 4030db-4030fb call 4064cd 910->913 911->895 920 403101-403114 GetTickCount 913->920 921 40319e-4031a0 913->921 922 4031a2-4031a4 915->922 923 4031da-4031e4 915->923 924 403116-40311e 920->924 925 403159-40315b 920->925 921->892 922->892 923->904 926 4031e6 923->926 927 403120-403124 924->927 928 403126-403151 MulDiv wsprintfA call 405137 924->928 929 403192-403196 925->929 930 40315d-403161 925->930 926->895 927->925 927->928 936 403156 928->936 929->896 931 40319c 929->931 933 403163-40316a call 405c50 930->933 934 403178-403183 930->934 931->895 939 40316f-403171 933->939 935 403186-40318a 934->935 935->913 938 403190 935->938 936->925 938->895 939->922 940 403173-403176 939->940 940->935
                                                            C-Code - Quality: 95%
                                                            			E00402FFB(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				char _v88;
				void* _t65;
				long _t70;
				intOrPtr _t75;
				long _t76;
				intOrPtr _t77;
				void* _t78;
				int _t88;
				intOrPtr _t92;
				intOrPtr _t95;
				long _t96;
				signed int _t97;
				int _t98;
				int _t99;
				intOrPtr _t100;
				void* _t101;
				void* _t102;

				_t97 = _a16;
				_t92 = _a12;
				_v12 = _t97;
				if(_t92 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t92;
				if(_t92 == 0) {
					_v16 = 0x421428;
				}
				_t62 = _a4;
				if(_a4 >= 0) {
					E00403223( *0x42f478 + _t62);
				}
				if(E0040320D( &_a16, 4) == 0) {
					L41:
					_push(0xfffffffd);
					goto L42;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t92 != 0) {
							if(_a16 < _t97) {
								_t97 = _a16;
							}
							if(E0040320D(_t92, _t97) != 0) {
								_v8 = _t97;
								L44:
								return _v8;
							} else {
								goto L41;
							}
						}
						if(_a16 <= _t92) {
							goto L44;
						}
						_t88 = _v12;
						while(1) {
							_t98 = _a16;
							if(_a16 >= _t88) {
								_t98 = _t88;
							}
							if(E0040320D(0x41d428, _t98) == 0) {
								goto L41;
							}
							if(E00405C50(_a8, 0x41d428, _t98) == 0) {
								L28:
								_push(0xfffffffe);
								L42:
								_pop(_t65);
								return _t65;
							}
							_v8 = _v8 + _t98;
							_a16 = _a16 - _t98;
							if(_a16 > 0) {
								continue;
							}
							goto L44;
						}
						goto L41;
					}
					_t70 = GetTickCount();
					 *0x40bd8c =  *0x40bd8c & 0x00000000;
					 *0x40bd88 =  *0x40bd88 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t70;
					 *0x40b870 = 8;
					 *0x415418 = 0x40d410;
					 *0x415414 = 0x40d410;
					 *0x415410 = 0x415410;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L44;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E0040320D(0x41d428, _t99) == 0) {
							goto L41;
						}
						_a16 = _a16 - _t99;
						 *0x40b860 = 0x41d428;
						 *0x40b864 = _t99;
						while(1) {
							_t95 = _v16;
							 *0x40b868 = _t95;
							 *0x40b86c = _v12;
							_t75 = E004064CD(0x40b860);
							_v24 = _t75;
							if(_t75 < 0) {
								break;
							}
							_t100 =  *0x40b868; // 0x421e7b
							_t101 = _t100 - _t95;
							_t76 = GetTickCount();
							_t96 = _t76;
							if(( *0x42f4d4 & 0x00000001) != 0 && (_t76 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v88, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E00405137(0,  &_v88); // executed
								_v20 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L44;
							} else {
								if(_a12 != 0) {
									_t77 =  *0x40b868; // 0x421e7b
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_v16 = _t77;
									L23:
									if(_v24 != 1) {
										continue;
									}
									goto L44;
								}
								_t78 = E00405C50(_a8, _v16, _t101); // executed
								if(_t78 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t101;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L42;
					}
					goto L41;
				}
			}

























                                                            0x00403003
                                                            0x00403007
                                                            0x0040300a
                                                            0x0040300f
                                                            0x00403011
                                                            0x00403011
                                                            0x00403018
                                                            0x0040301c
                                                            0x00403021
                                                            0x00403023
                                                            0x00403023
                                                            0x0040302a
                                                            0x0040302f
                                                            0x0040303a
                                                            0x0040303a
                                                            0x0040304c
                                                            0x004031fb
                                                            0x004031fb
                                                            0x00000000
                                                            0x00403052
                                                            0x00403056
                                                            0x004031a8
                                                            0x004031eb
                                                            0x004031ed
                                                            0x004031ed
                                                            0x004031f9
                                                            0x00403200
                                                            0x00403203
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004031f9
                                                            0x004031ad
                                                            0x00000000
                                                            0x00000000
                                                            0x004031af
                                                            0x004031b2
                                                            0x004031b5
                                                            0x004031b8
                                                            0x004031ba
                                                            0x004031ba
                                                            0x004031ca
                                                            0x00000000
                                                            0x00000000
                                                            0x004031d8
                                                            0x004031a2
                                                            0x004031a2
                                                            0x004031fd
                                                            0x004031fd
                                                            0x00000000
                                                            0x004031fd
                                                            0x004031da
                                                            0x004031dd
                                                            0x004031e4
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004031e6
                                                            0x00000000
                                                            0x004031b2
                                                            0x00403062
                                                            0x00403064
                                                            0x0040306b
                                                            0x00403072
                                                            0x00403072
                                                            0x00403079
                                                            0x00403081
                                                            0x0040308b
                                                            0x00403090
                                                            0x00403098
                                                            0x004030a2
                                                            0x004030a5
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004030ab
                                                            0x004030ab
                                                            0x004030ab
                                                            0x004030b3
                                                            0x004030b5
                                                            0x004030b5
                                                            0x004030c6
                                                            0x00000000
                                                            0x00000000
                                                            0x004030cc
                                                            0x004030cf
                                                            0x004030d5
                                                            0x004030db
                                                            0x004030db
                                                            0x004030e6
                                                            0x004030ec
                                                            0x004030f1
                                                            0x004030f8
                                                            0x004030fb
                                                            0x00000000
                                                            0x00000000
                                                            0x00403101
                                                            0x00403107
                                                            0x00403109
                                                            0x00403112
                                                            0x00403114
                                                            0x00403142
                                                            0x00403148
                                                            0x00403151
                                                            0x00403156
                                                            0x00403156
                                                            0x0040315b
                                                            0x00403196
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040315d
                                                            0x00403161
                                                            0x00403178
                                                            0x0040317d
                                                            0x00403180
                                                            0x00403183
                                                            0x00403186
                                                            0x0040318a
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00403190
                                                            0x0040316a
                                                            0x00403171
                                                            0x00000000
                                                            0x00000000
                                                            0x00403173
                                                            0x00000000
                                                            0x00403173
                                                            0x0040315b
                                                            0x0040319e
                                                            0x00000000
                                                            0x0040319e
                                                            0x00000000
                                                            0x004030ab

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: CountTick$wsprintf
                                                            • String ID: ... %d%%
                                                            • API String ID: 551687249-2449383134
                                                            • Opcode ID: fadbfff98126c3f33fc218ff52c7570f2bc54738a50a490896210387b9f65f46
                                                            • Instruction ID: 2f86f0e091d903dd4c8dc1f0d7d1d97a23866136c8ad304ef4da6da149bc5d25
                                                            • Opcode Fuzzy Hash: fadbfff98126c3f33fc218ff52c7570f2bc54738a50a490896210387b9f65f46
                                                            • Instruction Fuzzy Hash: D2518D71801219EBDB10DF65DA44A9E7FB8EF08316F10817BE810B72E1C7789B44CBA9
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040206A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 941 40206a-402076 942 402131-402133 941->942 943 40207c-402092 call 402b2c * 2 941->943 944 4022a4-4022a9 call 401423 942->944 953 4020a1-4020af LoadLibraryExA 943->953 954 402094-40209f GetModuleHandleA 943->954 950 4029b8-4029c7 944->950 956 4020b1-4020be GetProcAddress 953->956 957 40212a-40212c 953->957 954->953 954->956 958 4020c0-4020c6 956->958 959 4020fd-402102 call 405137 956->959 957->944 960 4020c8-4020d4 call 401423 958->960 961 4020df-4020f6 call 73da16db 958->961 964 402107-40210a 959->964 960->964 972 4020d6-4020dd 960->972 966 4020f8-4020fb 961->966 964->950 967 402110-402118 call 4037cd 964->967 966->964 967->950 971 40211e-402125 FreeLibrary 967->971 971->950 972->964
                                                            C-Code - Quality: 60%
                                                            			E0040206A(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x42f4d8");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42f4a8 =  *0x42f4a8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402B2C(0xfffffff0);
				 *(_t34 + 8) = E00402B2C(1);
				if( *((intOrPtr*)(_t34 - 0x24)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00405137(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x2c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, "0x00004688", 0x40b858, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x2c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x28)) == _t27 && E004037CD(_t30) != 0) {
						FreeLibrary(_t30); // executed
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                            0x0040206a
                                                            0x0040206a
                                                            0x0040206f
                                                            0x00402076
                                                            0x00402131
                                                            0x004022a4
                                                            0x004022a4
                                                            0x004029b8
                                                            0x004029bb
                                                            0x004029c7
                                                            0x004029c7
                                                            0x00402085
                                                            0x0040208f
                                                            0x00402092
                                                            0x004020a1
                                                            0x004020a5
                                                            0x004020ab
                                                            0x004020af
                                                            0x0040212a
                                                            0x00000000
                                                            0x0040212a
                                                            0x004020b1
                                                            0x004020ba
                                                            0x004020be
                                                            0x00402102
                                                            0x004020c0
                                                            0x004020c3
                                                            0x004020c6
                                                            0x004020f6
                                                            0x004020c8
                                                            0x004020cb
                                                            0x004020d4
                                                            0x004020d6
                                                            0x004020d6
                                                            0x004020d4
                                                            0x004020c6
                                                            0x0040210a
                                                            0x0040211f
                                                            0x0040211f
                                                            0x00000000
                                                            0x0040210a
                                                            0x00402095
                                                            0x0040209b
                                                            0x0040209f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000

                                                            APIs
                                                            • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00402095
                                                              • Part of subcall function 00405137: lstrlenA.KERNEL32(Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,00000000,00421E7B,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                              • Part of subcall function 00405137: lstrlenA.KERNEL32(00403156,Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,00000000,00421E7B,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                              • Part of subcall function 00405137: lstrcatA.KERNEL32(Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,00403156,00403156,Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,00000000,00421E7B,7476EA30), ref: 00405193
                                                              • Part of subcall function 00405137: SetWindowTextA.USER32(Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc), ref: 004051A5
                                                              • Part of subcall function 00405137: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004051CB
                                                              • Part of subcall function 00405137: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004051E5
                                                              • Part of subcall function 00405137: SendMessageA.USER32(?,00001013,?,00000000), ref: 004051F3
                                                            • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 004020A5
                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 004020B5
                                                            • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040211F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                            • String ID: 0x00004688
                                                            • API String ID: 2987980305-684011574
                                                            • Opcode ID: 532ce0de4b0eb58012e9db3c58e41f5788510b7f5f76953fa1d2d9dfe9513583
                                                            • Instruction ID: 166643d80e3f452ca3a3677f95ea327ecca8534a485506fba34b2def260d9046
                                                            • Opcode Fuzzy Hash: 532ce0de4b0eb58012e9db3c58e41f5788510b7f5f76953fa1d2d9dfe9513583
                                                            • Instruction Fuzzy Hash: EA21C671900214ABCF217FA4CF89AAE7A74AF15318F20413BF601B62D0D6FD49829A5E
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405BD8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 974 405bd8-405be2 975 405be3-405c0e GetTickCount GetTempFileNameA 974->975 976 405c10-405c12 975->976 977 405c1d-405c1f 975->977 976->975 978 405c14 976->978 979 405c17-405c1a 977->979 978->979
                                                            C-Code - Quality: 100%
                                                            			E00405BD8(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x40a3b4; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}









                                                            0x00405bdc
                                                            0x00405be2
                                                            0x00405be3
                                                            0x00405be3
                                                            0x00405be8
                                                            0x00405be9
                                                            0x00405bec
                                                            0x00405bf6
                                                            0x00405c03
                                                            0x00405c06
                                                            0x00405c0e
                                                            0x00000000
                                                            0x00000000
                                                            0x00405c12
                                                            0x00000000
                                                            0x00000000
                                                            0x00405c14
                                                            0x00000000
                                                            0x00405c14
                                                            0x00000000

                                                            APIs
                                                            • GetTickCount.KERNEL32 ref: 00405BEC
                                                            • GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000006,00000008,0000000A), ref: 00405C06
                                                            Strings
                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BDB
                                                            • "C:\Users\user\Desktop\SetupWIService.exe" , xrefs: 00405BD8
                                                            • nsa, xrefs: 00405BE3
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: CountFileNameTempTick
                                                            • String ID: "C:\Users\user\Desktop\SetupWIService.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                            • API String ID: 1716503409-719238357
                                                            • Opcode ID: 81a8a72dc23b4af90602e2553ee1124644ae594fa0167b908fb3a738e8e2aa10
                                                            • Instruction ID: 7981c9ddf24778652055132877b92488972f9a5eb9cf132aa873dca7e4a118a1
                                                            • Opcode Fuzzy Hash: 81a8a72dc23b4af90602e2553ee1124644ae594fa0167b908fb3a738e8e2aa10
                                                            • Instruction Fuzzy Hash: 0FF082363183046BEB109F56DD04B9B7BA9DFD2750F14803BFA489B290D6B4A9548B58
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401D41 Relevance: 7.6, APIs: 5, Instructions: 70windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 980 401d41-401d45 981 401d54-401d58 GetDlgItem 980->981 982 401d47-401d52 call 402b0a 980->982 984 401d5e-401d87 981->984 982->984 985 401d91 984->985 986 401d89-401d8f call 402b2c 984->986 989 401d95-401de5 GetClientRect LoadImageA SendMessageA 985->989 986->989 991 4029b8-4029c7 989->991 992 401deb-401ded 989->992 992->991 993 401df3-401dfa DeleteObject 992->993 993->991
                                                            C-Code - Quality: 94%
                                                            			E00401D41(int __edx) {
				struct HWND__* _t24;
				CHAR* _t30;
				long _t39;
				void* _t40;
				void* _t44;
				signed int _t46;
				int _t50;
				signed int _t53;
				void* _t57;

				_t48 = __edx;
				if(( *(_t57 - 0x2b) & 0x00000001) == 0) {
					_t24 = GetDlgItem( *(_t57 - 8), __edx);
				} else {
					_t24 = E00402B0A(1);
					 *(_t57 - 0x10) = _t48;
				}
				_t46 =  *(_t57 - 0x2c);
				 *(_t57 + 8) = _t24;
				 *(_t57 - 8) = _t46 >> 0x1f;
				_t50 = _t46 & 0x00000003;
				_t53 = _t46 & 0x00000004;
				 *(_t57 - 0x1c) = _t46 >> 0x0000001e & 0x00000001;
				if((_t46 & 0x00010000) == 0) {
					_t30 =  *(_t57 - 0x34) & 0x0000ffff;
				} else {
					_t30 = E00402B2C(_t44);
				}
				 *(_t57 - 0xc) = _t30;
				GetClientRect( *(_t57 + 8), _t57 - 0x58);
				asm("sbb esi, esi");
				_t39 = LoadImageA( ~_t53 &  *0x42f400,  *(_t57 - 0xc), _t50,  *(_t57 - 0x50) *  *(_t57 - 8),  *(_t57 - 0x4c) *  *(_t57 - 0x1c),  *(_t57 - 0x2c) & 0x0000fef0); // executed
				_t40 = SendMessageA( *(_t57 + 8), 0x172, _t50, _t39); // executed
				if(_t40 != _t44 && _t50 == _t44) {
					DeleteObject(_t40);
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t57 - 4));
				return 0;
			}












                                                            0x00401d41
                                                            0x00401d45
                                                            0x00401d58
                                                            0x00401d47
                                                            0x00401d49
                                                            0x00401d4f
                                                            0x00401d4f
                                                            0x00401d5e
                                                            0x00401d61
                                                            0x00401d6b
                                                            0x00401d72
                                                            0x00401d78
                                                            0x00401d84
                                                            0x00401d87
                                                            0x00401d91
                                                            0x00401d89
                                                            0x00401d8a
                                                            0x00401d8a
                                                            0x00401d95
                                                            0x00401d9f
                                                            0x00401dc4
                                                            0x00401dcd
                                                            0x00401ddd
                                                            0x00401de5
                                                            0x00401df4
                                                            0x00401df4
                                                            0x004029bb
                                                            0x004029c7

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                            • String ID:
                                                            • API String ID: 1849352358-0
                                                            • Opcode ID: 00f1612270fd0f543acd8efcffc28e16e01318b1b3b826732ee9862bf9fbfd2f
                                                            • Instruction ID: 7a7dd6c208c7a4d57f36c402fdb0fe657614a2e015b6db45afd3f1aca9992802
                                                            • Opcode Fuzzy Hash: 00f1612270fd0f543acd8efcffc28e16e01318b1b3b826732ee9862bf9fbfd2f
                                                            • Instruction Fuzzy Hash: 30215172E00109AFDB05DF98DE44AEEBBB9FB58310F10403AF945F62A1CB789941CB58
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73DA16DB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 94%
                                                            			E73DA16DB(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v88;
				struct HINSTANCE__* _t37;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x73da405c = _a8;
				 *0x73da4060 = _a16;
				 *0x73da4064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x73da4038, E73DA1556);
				_push(1); // executed
				_t37 = E73DA1A98(); // executed
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E73DA22AF(_t54);
					}
					E73DA22F1(_t67, _t54);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x810) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_t37 = E73DA24D8(_t54);
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x818; // 0x818
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E73DA156B(_t54,  &_v88);
								 *(_t54 + 0x834) =  *(_t54 + 0x834) & 0x00000000;
								_t18 = _t54 + 0x818; // 0x818
								_t72 = _t18;
								 *((intOrPtr*)(_t54 + 0x820)) = _t42;
								 *_t72 = 3;
								E73DA24D8(_t54);
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							E73DA24D8(_t54);
							_t37 = GlobalFree(E73DA1266(E73DA1559(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E73DA249E(_t54);
							if(( *(_t54 + 0x810) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x808);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x810) & 0x00000020) != 0) {
								_t37 = E73DA14E2( *0x73da4058);
							}
						}
						if(( *(_t54 + 0x810) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t54);
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E73DA2CC3(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E73DA2A38(_t57, _t54); // executed
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E73DA26B2(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}


















                                                            0x73da16db
                                                            0x73da16db
                                                            0x73da16db
                                                            0x73da16e5
                                                            0x73da16ed
                                                            0x73da16fa
                                                            0x73da1708
                                                            0x73da170b
                                                            0x73da170d
                                                            0x73da1712
                                                            0x73da1717
                                                            0x73da1836
                                                            0x73da1836
                                                            0x73da171d
                                                            0x73da1721
                                                            0x73da1724
                                                            0x73da1729
                                                            0x73da172b
                                                            0x73da1731
                                                            0x73da1737
                                                            0x73da1767
                                                            0x73da176e
                                                            0x73da1792
                                                            0x73da17dd
                                                            0x73da1794
                                                            0x73da1794
                                                            0x73da1795
                                                            0x73da179b
                                                            0x73da179c
                                                            0x73da17a6
                                                            0x73da17a9
                                                            0x73da17ae
                                                            0x73da17b5
                                                            0x73da17b5
                                                            0x73da17bc
                                                            0x73da17c2
                                                            0x73da17c8
                                                            0x73da17d5
                                                            0x73da17d6
                                                            0x73da17d9
                                                            0x73da1770
                                                            0x73da1771
                                                            0x73da1786
                                                            0x73da1786
                                                            0x73da17e7
                                                            0x73da17ea
                                                            0x73da17f7
                                                            0x73da17fe
                                                            0x73da1806
                                                            0x73da1809
                                                            0x73da1809
                                                            0x73da1806
                                                            0x73da1816
                                                            0x73da181e
                                                            0x73da1823
                                                            0x73da1816
                                                            0x73da182b
                                                            0x00000000
                                                            0x73da182d
                                                            0x00000000
                                                            0x73da182e
                                                            0x73da182b
                                                            0x73da173b
                                                            0x73da173e
                                                            0x73da175c
                                                            0x00000000
                                                            0x00000000
                                                            0x73da175f
                                                            0x73da1764
                                                            0x73da1764
                                                            0x73da1766
                                                            0x00000000
                                                            0x73da1766
                                                            0x73da1740
                                                            0x73da1741
                                                            0x73da1749
                                                            0x73da174a
                                                            0x00000000
                                                            0x73da174a
                                                            0x73da1743
                                                            0x73da1744
                                                            0x73da1752
                                                            0x00000000
                                                            0x73da1752
                                                            0x73da1747
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1747

                                                            APIs
                                                              • Part of subcall function 73DA1A98: GlobalFree.KERNEL32 ref: 73DA1D09
                                                              • Part of subcall function 73DA1A98: GlobalFree.KERNEL32 ref: 73DA1D0E
                                                              • Part of subcall function 73DA1A98: GlobalFree.KERNEL32 ref: 73DA1D13
                                                            • GlobalFree.KERNEL32 ref: 73DA1786
                                                            • FreeLibrary.KERNEL32(?), ref: 73DA1809
                                                            • GlobalFree.KERNEL32 ref: 73DA182E
                                                              • Part of subcall function 73DA22AF: GlobalAlloc.KERNEL32(00000040,?), ref: 73DA22E0
                                                              • Part of subcall function 73DA26B2: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,73DA1757,00000000), ref: 73DA2782
                                                              • Part of subcall function 73DA156B: wsprintfA.USER32 ref: 73DA1599
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.581302546.0000000073DA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 73DA0000, based on PE: true
                                                            • Associated: 00000000.00000002.581287668.0000000073DA0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000000.00000002.581318631.0000000073DA3000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000000.00000002.581338629.0000000073DA5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_73da0000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Global$Free$Alloc$Librarywsprintf
                                                            • String ID:
                                                            • API String ID: 3962662361-3916222277
                                                            • Opcode ID: 1c728f4a3114323e8bc365640311d4333de04cadce2907a5924e72a3306d3e3f
                                                            • Instruction ID: 93c2fe6c2253934ae7dbe3e7c96767339c1b0626cd77ad62a2adec4df1719a59
                                                            • Opcode Fuzzy Hash: 1c728f4a3114323e8bc365640311d4333de04cadce2907a5924e72a3306d3e3f
                                                            • Instruction Fuzzy Hash: 47419272000308DBDB01AF7D8B84B9637BDBF04621F189425E95ABA1C6DB78CD45C7B5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401C0A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 59%
                                                            			E00401C0A(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				CHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402B0A(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 8) = _t29;
				_t30 = E00402B0A(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x20) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402B2C(0x33);
				}
				__eflags =  *(_t64 - 0x20) & 0x00000002;
				if(( *(_t64 - 0x20) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402B2C(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x38)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402B2C();
					_t32 = E00402B2C();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExA( *(_t64 - 8),  *(_t64 + 8), _t35,  ~( *_t32) & _t32); // executed
					goto L10;
				} else {
					_t61 = E00402B0A();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402B0A(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x20) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8)); // executed
						L10:
						 *(_t64 - 0xc) = _t36;
					} else {
						_t42 = SendMessageTimeoutA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8), _t46, _t56, _t64 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x34)) >= _t46) {
					_push( *(_t64 - 0xc));
					E00405F6E();
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                            0x00401c0a
                                                            0x00401c0c
                                                            0x00401c13
                                                            0x00401c16
                                                            0x00401c19
                                                            0x00401c23
                                                            0x00401c27
                                                            0x00401c2a
                                                            0x00401c33
                                                            0x00401c33
                                                            0x00401c36
                                                            0x00401c3a
                                                            0x00401c43
                                                            0x00401c43
                                                            0x00401c46
                                                            0x00401c4a
                                                            0x00401c4c
                                                            0x00401ca1
                                                            0x00401ca3
                                                            0x00401cac
                                                            0x00401cb4
                                                            0x00401cb7
                                                            0x00401cb7
                                                            0x00401cc0
                                                            0x00000000
                                                            0x00401c4e
                                                            0x00401c55
                                                            0x00401c57
                                                            0x00401c5a
                                                            0x00401c60
                                                            0x00401c67
                                                            0x00401c6a
                                                            0x00401c92
                                                            0x00401cc6
                                                            0x00401cc6
                                                            0x00401c6c
                                                            0x00401c7a
                                                            0x00401c82
                                                            0x00401c85
                                                            0x00401c85
                                                            0x00401c6a
                                                            0x00401cc9
                                                            0x00401ccc
                                                            0x00401cd2
                                                            0x00402960
                                                            0x00402960
                                                            0x004029bb
                                                            0x004029c7

                                                            APIs
                                                            • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C7A
                                                            • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C92
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Timeout
                                                            • String ID: !
                                                            • API String ID: 1777923405-2657877971
                                                            • Opcode ID: d1a5455d7aacc09bf912e97d7887ce2258fe7abf1a6a230a252a42dd7e2e40c1
                                                            • Instruction ID: f2250e9d7a54984aac42e0f48c7b57cae310fb8b86675e6ff90c870375dfe4cb
                                                            • Opcode Fuzzy Hash: d1a5455d7aacc09bf912e97d7887ce2258fe7abf1a6a230a252a42dd7e2e40c1
                                                            • Instruction Fuzzy Hash: 4D216BB1944208BEEF06AFA4D98AAAD7FB5EB44304F10447EF501B61D1C7B88640DB18
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040243D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 83%
                                                            			E0040243D(void* __eax, int __ebx, intOrPtr __edx, void* __eflags) {
				void* _t18;
				void* _t19;
				int _t22;
				long _t23;
				int _t28;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t35;
				void* _t37;
				void* _t40;

				_t40 = __eflags;
				_t31 = __edx;
				_t28 = __ebx;
				_t35 =  *((intOrPtr*)(_t37 - 0x24));
				_t32 = __eax;
				 *(_t37 - 0x10) =  *(_t37 - 0x20);
				 *(_t37 - 0x4c) = E00402B2C(2);
				_t18 = E00402B2C(0x11);
				 *(_t37 - 4) = 1;
				_t19 = E00402BBC(_t40, _t32, _t18, 2); // executed
				 *(_t37 + 8) = _t19;
				if(_t19 != __ebx) {
					_t22 = 0;
					if(_t35 == 1) {
						E00402B2C(0x23);
						_t22 = lstrlenA(0x40ac18) + 1;
					}
					if(_t35 == 4) {
						 *0x40ac18 = E00402B0A(3);
						 *((intOrPtr*)(_t37 - 0x44)) = _t31;
						_t22 = _t35;
					}
					if(_t35 == 3) {
						_t22 = E00402FFB( *((intOrPtr*)(_t37 - 0x28)), _t28, 0x40ac18, 0xc00);
					}
					_t23 = RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x4c), _t28,  *(_t37 - 0x10), 0x40ac18, _t22); // executed
					if(_t23 == 0) {
						 *(_t37 - 4) = _t28;
					}
					_push( *(_t37 + 8));
					RegCloseKey(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *(_t37 - 4);
				return 0;
			}













                                                            0x0040243d
                                                            0x0040243d
                                                            0x0040243d
                                                            0x0040243d
                                                            0x00402440
                                                            0x00402447
                                                            0x00402451
                                                            0x00402454
                                                            0x0040245d
                                                            0x00402464
                                                            0x0040246b
                                                            0x0040246e
                                                            0x00402474
                                                            0x0040247e
                                                            0x00402482
                                                            0x0040248d
                                                            0x0040248d
                                                            0x00402491
                                                            0x0040249b
                                                            0x004024a1
                                                            0x004024a4
                                                            0x004024a4
                                                            0x004024a8
                                                            0x004024b4
                                                            0x004024b4
                                                            0x004024c5
                                                            0x004024cd
                                                            0x004024cf
                                                            0x004024cf
                                                            0x004024d2
                                                            0x004025a9
                                                            0x004025a9
                                                            0x004029bb
                                                            0x004029c7

                                                            APIs
                                                            • lstrlenA.KERNEL32(C:\Program Files\Wildix\WIService\proxyex.lnk,00000023,00000011,00000002), ref: 00402488
                                                            • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Program Files\Wildix\WIService\proxyex.lnk,00000000,00000011,00000002), ref: 004024C5
                                                            • RegCloseKey.KERNELBASE(?,?,?,C:\Program Files\Wildix\WIService\proxyex.lnk,00000000,00000011,00000002), ref: 004025A9
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: CloseValuelstrlen
                                                            • String ID: C:\Program Files\Wildix\WIService\proxyex.lnk
                                                            • API String ID: 2655323295-2075361316
                                                            • Opcode ID: f1dd4037575d159028695845c9c4be7eecc0a8903ea0084234afb2cd50fea4d1
                                                            • Instruction ID: 559559637a649bcd28a1cc64439ef7fed2494afba8ff337a7fe29a68e97d1b61
                                                            • Opcode Fuzzy Hash: f1dd4037575d159028695845c9c4be7eecc0a8903ea0084234afb2cd50fea4d1
                                                            • Instruction Fuzzy Hash: 26115E71E00218AFEB01AFA58E49EAE7AB4EB48314F21443BF504B71C1D6F95D419B68
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405A96 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 53%
                                                            			E00405A96(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00406010(0x42bc78, _a4);
				_t21 = E00405A41(0x42bc78);
				if(_t21 != 0) {
					E0040627A(_t21);
					if(( *0x42f41c & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x42bc78;
						while(1) {
							_t11 = lstrlenA(0x42bc78);
							_push(0x42bc78);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00406313();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E004059EF(0x42bc78);
								continue;
							} else {
								goto L1;
							}
						}
						E004059A8();
						_t16 = GetFileAttributesA(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                            0x00405aa2
                                                            0x00405aad
                                                            0x00405ab1
                                                            0x00405ab8
                                                            0x00405ac4
                                                            0x00405ad0
                                                            0x00405ad0
                                                            0x00405ae8
                                                            0x00405ae9
                                                            0x00405af0
                                                            0x00405af1
                                                            0x00000000
                                                            0x00000000
                                                            0x00405ad4
                                                            0x00405adb
                                                            0x00405ae3
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405adb
                                                            0x00405af3
                                                            0x00405af9
                                                            0x00000000
                                                            0x00405b07
                                                            0x00405ac6
                                                            0x00405aca
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405aca
                                                            0x00405ab3
                                                            0x00000000

                                                            APIs
                                                              • Part of subcall function 00406010: lstrcpynA.KERNEL32(?,?,00000400,0040333D,Wildix Integration Service v3.9.1 Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040601D
                                                              • Part of subcall function 00405A41: CharNextA.USER32(?,?,C:\,?,00405AAD,C:\,C:\,7476FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A4F
                                                              • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A54
                                                              • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A68
                                                            • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,7476FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405AE9
                                                            • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,7476FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,7476FA90,C:\Users\user\AppData\Local\Temp\), ref: 00405AF9
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                            • String ID: C:\$C:\Users\user\AppData\Local\Temp\
                                                            • API String ID: 3248276644-3049482934
                                                            • Opcode ID: a0e90dbc06f1550ade5f4dfcb0fddeac6c7db65a8ba4490088ce0944d0043635
                                                            • Instruction ID: 19c9bca0149f7da3aa3ccb8fe98c792d35a3de88cc2685bd8f8020a319c38c36
                                                            • Opcode Fuzzy Hash: a0e90dbc06f1550ade5f4dfcb0fddeac6c7db65a8ba4490088ce0944d0043635
                                                            • Instruction Fuzzy Hash: 94F0F425305D6116DA22323A5D85AAF2A44CED632471A073BF852B12C3DB3C89439DFE
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402C2E Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 84%
                                                            			E00402C2E(void* __eflags, void* _a4, char* _a8, signed int _a12) {
				void* _v8;
				char _v272;
				void* _t19;
				signed int _t25;
				intOrPtr* _t27;
				signed int _t32;
				signed int _t33;
				signed int _t34;

				_t33 = _a12;
				_t34 = _t33 & 0x00000300;
				_t32 = _t33 & 0x00000001;
				_t19 = E00405E96(__eflags, _a4, _a8, _t34 | 0x00000008,  &_v8); // executed
				if(_t19 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _t32;
						if(__eflags != 0) {
							RegCloseKey(_v8);
							return 0x3eb;
						}
						_t25 = E00402C2E(__eflags, _v8,  &_v272, _a12);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E004063A8(3);
					if(_t27 == 0) {
						return RegDeleteKeyA(_a4, _a8);
					}
					return  *_t27(_a4, _a8, _t34, 0);
				}
				return _t19;
			}











                                                            0x00402c39
                                                            0x00402c42
                                                            0x00402c4b
                                                            0x00402c57
                                                            0x00402c5e
                                                            0x00402c82
                                                            0x00402c68
                                                            0x00402c6a
                                                            0x00402cbd
                                                            0x00000000
                                                            0x00402cc3
                                                            0x00402c79
                                                            0x00402c7e
                                                            0x00402c80
                                                            0x00000000
                                                            0x00000000
                                                            0x00402c80
                                                            0x00402c9c
                                                            0x00402ca4
                                                            0x00402cab
                                                            0x00000000
                                                            0x00402cd0
                                                            0x00000000
                                                            0x00402cb6
                                                            0x00402cda

                                                            APIs
                                                            • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402C93
                                                            • RegCloseKey.ADVAPI32(?,?,?), ref: 00402C9C
                                                            • RegCloseKey.ADVAPI32(?,?,?), ref: 00402CBD
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Close$Enum
                                                            • String ID:
                                                            • API String ID: 464197530-0
                                                            • Opcode ID: effb832a44eae474ef75c518ed00afd6638a3a1b55d5a88c518eff5d822b0912
                                                            • Instruction ID: 2c23bb11d6ae01cf130d195ddd5538b48d854d6e1d77fd04796d14e07e1bb179
                                                            • Opcode Fuzzy Hash: effb832a44eae474ef75c518ed00afd6638a3a1b55d5a88c518eff5d822b0912
                                                            • Instruction Fuzzy Hash: 70116A32504109FBEF129F90DF09B9E7B6DEB54340F204036BD45B61E0E7B59E15ABA8
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004015BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 87%
                                                            			E004015BB(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402B2C(0xfffffff0);
				_t13 = E00405A41(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E004059D3(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E0040567A(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x2c)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x2c)) == _t26 || E00405697(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E004055FD(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x30)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406010("C:\\Program Files\\Wildix\\WIService", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                            0x004015bb
                                                            0x004015c2
                                                            0x004015c5
                                                            0x004015ca
                                                            0x004015ce
                                                            0x004015d0
                                                            0x004015d8
                                                            0x004015da
                                                            0x004015dc
                                                            0x004015e0
                                                            0x004015e3
                                                            0x004015fb
                                                            0x004015fc
                                                            0x004015e5
                                                            0x004015e5
                                                            0x004015e8
                                                            0x00000000
                                                            0x004015f3
                                                            0x004015f4
                                                            0x004015f4
                                                            0x004015e8
                                                            0x00401603
                                                            0x0040160a
                                                            0x00401617
                                                            0x00401617
                                                            0x0040160c
                                                            0x0040160d
                                                            0x00401615
                                                            0x00000000
                                                            0x00000000
                                                            0x00401615
                                                            0x0040160a
                                                            0x0040161a
                                                            0x0040161d
                                                            0x0040161f
                                                            0x00401620
                                                            0x004015d0
                                                            0x00401627
                                                            0x00401652
                                                            0x004022a4
                                                            0x00401629
                                                            0x0040162b
                                                            0x00401636
                                                            0x0040163c
                                                            0x00401644
                                                            0x0040164a
                                                            0x0040164a
                                                            0x00401644
                                                            0x004029bb
                                                            0x004029c7

                                                            APIs
                                                              • Part of subcall function 00405A41: CharNextA.USER32(?,?,C:\,?,00405AAD,C:\,C:\,7476FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A4F
                                                              • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A54
                                                              • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A68
                                                            • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                              • Part of subcall function 004055FD: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405640
                                                            • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Program Files\Wildix\WIService,00000000,00000000,000000F0), ref: 0040163C
                                                            Strings
                                                            • C:\Program Files\Wildix\WIService, xrefs: 00401631
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                            • String ID: C:\Program Files\Wildix\WIService
                                                            • API String ID: 1892508949-2436880260
                                                            • Opcode ID: 08a3087bb2a30077ba34e7e92968e352eff6a2b7baf1aa2c3a4ea80dfe544a50
                                                            • Instruction ID: 1afb8a6b6fc663fc0b529d5452f3d1f5a7876e1f873962654dbae4e79628cbca
                                                            • Opcode Fuzzy Hash: 08a3087bb2a30077ba34e7e92968e352eff6a2b7baf1aa2c3a4ea80dfe544a50
                                                            • Instruction Fuzzy Hash: 08112731508141EBCB217FB54D41A7F36B4AE96324F68093FE4D1B22E2D63D4842AA2F
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401EC3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 69%
                                                            			E00401EC3(void* __ecx, void* __eflags) {
				intOrPtr _t20;
				void* _t39;
				void* _t42;
				void* _t47;

				_t42 = __ecx;
				_t45 = E00402B2C(_t39);
				_t20 = E00402B2C(0x31);
				_t43 = E00402B2C(0x22);
				E00402B2C(0x15);
				E00401423(0xffffffec);
				 *(_t47 - 0x80) =  *(_t47 - 0x24);
				 *((intOrPtr*)(_t47 - 0x7c)) =  *((intOrPtr*)(_t47 - 8));
				 *((intOrPtr*)(_t47 - 0x68)) =  *((intOrPtr*)(_t47 - 0x28));
				asm("sbb eax, eax");
				 *((intOrPtr*)(_t47 - 0x74)) = _t20;
				 *(_t47 - 0x78) =  ~( *_t19) & _t45;
				asm("sbb eax, eax");
				 *(_t47 - 0x6c) = "C:\\Program Files\\Wildix\\WIService";
				 *(_t47 - 0x70) =  ~( *_t21) & _t43;
				if(E004056F2(_t47 - 0x84) == 0) {
					 *((intOrPtr*)(_t47 - 4)) = 1;
				} else {
					if(( *(_t47 - 0x80) & 0x00000040) != 0) {
						E0040641D(_t42,  *((intOrPtr*)(_t47 - 0x4c)));
						_push( *((intOrPtr*)(_t47 - 0x4c)));
						FindCloseChangeNotification(); // executed
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t47 - 4));
				return 0;
			}







                                                            0x00401ec3
                                                            0x00401ecb
                                                            0x00401ecd
                                                            0x00401edd
                                                            0x00401edf
                                                            0x00401ee6
                                                            0x00401eee
                                                            0x00401ef4
                                                            0x00401efa
                                                            0x00401f01
                                                            0x00401f03
                                                            0x00401f08
                                                            0x00401f0f
                                                            0x00401f11
                                                            0x00401f1a
                                                            0x00401f2b
                                                            0x00402783
                                                            0x00401f31
                                                            0x00401f35
                                                            0x00401f3e
                                                            0x00401f43
                                                            0x00401f8d
                                                            0x00401f8d
                                                            0x00401f35
                                                            0x004029bb
                                                            0x004029c7

                                                            APIs
                                                              • Part of subcall function 004056F2: ShellExecuteExA.SHELL32(?,004044E5,?), ref: 00405701
                                                              • Part of subcall function 0040641D: WaitForSingleObject.KERNEL32(?,00000064), ref: 0040642E
                                                              • Part of subcall function 0040641D: GetExitCodeProcess.KERNELBASE ref: 00406450
                                                            • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?), ref: 00401F8D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: ChangeCloseCodeExecuteExitFindNotificationObjectProcessShellSingleWait
                                                            • String ID: @$C:\Program Files\Wildix\WIService
                                                            • API String ID: 4215836453-3745962701
                                                            • Opcode ID: cf3c511861800785f352644d97d65b582d51a86a7b2ce5ffa791d17948a500f0
                                                            • Instruction ID: 577b900a760e5ca89da3760b6b8950c99b83f280e087cd582299b2594771d0cd
                                                            • Opcode Fuzzy Hash: cf3c511861800785f352644d97d65b582d51a86a7b2ce5ffa791d17948a500f0
                                                            • Instruction Fuzzy Hash: 66113D71E042049ACB11EFB98A45A8DBFF4AF08314F64057BE450F72C2D7B88805DF18
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004056AF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004056AF(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x42c078->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x42c078,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                            0x004056b8
                                                            0x004056d8
                                                            0x004056e0
                                                            0x004056e5
                                                            0x00000000
                                                            0x004056eb
                                                            0x004056ef

                                                            APIs
                                                            • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C078,Error launching installer), ref: 004056D8
                                                            • CloseHandle.KERNEL32(?), ref: 004056E5
                                                            Strings
                                                            • Error launching installer, xrefs: 004056C2
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: CloseCreateHandleProcess
                                                            • String ID: Error launching installer
                                                            • API String ID: 3712363035-66219284
                                                            • Opcode ID: a2b9ecb8406674d5a7d1aded78611502900df459338db245270d40db8d5eaf79
                                                            • Instruction ID: d682804100e664e073205113f6b11307167482a28e2818ee20dd6d85df95f7a7
                                                            • Opcode Fuzzy Hash: a2b9ecb8406674d5a7d1aded78611502900df459338db245270d40db8d5eaf79
                                                            • Instruction Fuzzy Hash: CFE046F0640209BFEB109FA0EE49F7F7AADEB00704F404521BD00F2190EA7498088A7C
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401B63 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 59%
                                                            			E00401B63(void* __ebx, void* __edx) {
				intOrPtr _t7;
				void* _t8;
				void _t11;
				void* _t13;
				void* _t21;
				void* _t24;
				void* _t30;
				void* _t33;
				void* _t34;
				char* _t36;
				void* _t37;

				_t27 = __ebx;
				_t7 =  *((intOrPtr*)(_t37 - 0x2c));
				_t30 =  *0x40b858; // 0x60d470
				if(_t7 == __ebx) {
					if(__edx == __ebx) {
						_t8 = GlobalAlloc(0x40, 0x404); // executed
						_t34 = _t8;
						_t4 = _t34 + 4; // 0x4
						E00406032(__ebx, _t30, _t34, _t4,  *((intOrPtr*)(_t37 - 0x34)));
						_t11 =  *0x40b858; // 0x60d470
						 *_t34 = _t11;
						 *0x40b858 = _t34;
					} else {
						if(_t30 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t2 = _t30 + 4; // 0x60d474
							E00406010(_t33, _t2);
							_push(_t30);
							 *0x40b858 =  *_t30;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t7 = _t7 - 1;
						if(_t30 == _t27) {
							break;
						}
						_t30 =  *_t30;
						if(_t7 != _t27) {
							continue;
						} else {
							if(_t30 == _t27) {
								break;
							} else {
								_t32 = _t30 + 4;
								_t36 = "--proxyex";
								E00406010(_t36, _t30 + 4);
								_t21 =  *0x40b858; // 0x60d470
								E00406010(_t32, _t21 + 4);
								_t24 =  *0x40b858; // 0x60d470
								_push(_t36);
								_push(_t24 + 4);
								E00406010();
								L15:
								 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t37 - 4));
								_t13 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E00406032(_t27, _t30, _t33, _t27, 0xffffffe8));
					E0040572C();
					_t13 = 0x7fffffff;
				}
				L17:
				return _t13;
			}














                                                            0x00401b63
                                                            0x00401b63
                                                            0x00401b66
                                                            0x00401b6e
                                                            0x00401bb6
                                                            0x00401be4
                                                            0x00401bed
                                                            0x00401bef
                                                            0x00401bf3
                                                            0x00401bf8
                                                            0x00401bfd
                                                            0x00401bff
                                                            0x00401bb8
                                                            0x00401bba
                                                            0x00402783
                                                            0x00401bc0
                                                            0x00401bc0
                                                            0x00401bc5
                                                            0x00401bcc
                                                            0x00401bcd
                                                            0x00401bd2
                                                            0x00401bd2
                                                            0x00401bba
                                                            0x00000000
                                                            0x00401b70
                                                            0x00401b70
                                                            0x00401b70
                                                            0x00401b73
                                                            0x00000000
                                                            0x00000000
                                                            0x00401b79
                                                            0x00401b7d
                                                            0x00000000
                                                            0x00401b7f
                                                            0x00401b81
                                                            0x00000000
                                                            0x00401b87
                                                            0x00401b87
                                                            0x00401b8a
                                                            0x00401b91
                                                            0x00401b96
                                                            0x00401ba0
                                                            0x00401ba5
                                                            0x00401baa
                                                            0x00401bae
                                                            0x004028d6
                                                            0x004029b8
                                                            0x004029bb
                                                            0x004029c1
                                                            0x004029c1
                                                            0x00401b81
                                                            0x00000000
                                                            0x00401b7d
                                                            0x0040233b
                                                            0x00402348
                                                            0x00402349
                                                            0x0040234e
                                                            0x0040234e
                                                            0x004029c3
                                                            0x004029c7

                                                            APIs
                                                            • GlobalFree.KERNEL32 ref: 00401BD2
                                                            • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401BE4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Global$AllocFree
                                                            • String ID: --proxyex
                                                            • API String ID: 3394109436-4124780512
                                                            • Opcode ID: 6d7ff2a269b29df243dac5a31b31c390212993cd2cb387205d16563d3155f2c3
                                                            • Instruction ID: d4b557a109d17d81ab43e8b3f8c0bc9708487bd5a7f62e569783b32eaae16c6e
                                                            • Opcode Fuzzy Hash: 6d7ff2a269b29df243dac5a31b31c390212993cd2cb387205d16563d3155f2c3
                                                            • Instruction Fuzzy Hash: 8D2193B2640140ABC710FFA8DA88A5E73ADEB44314B21843BF142F72D1D77899919B9D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040254C Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 86%
                                                            			E0040254C(int* __ebx, intOrPtr __edx, char* __esi) {
				void* _t9;
				int _t10;
				long _t13;
				int* _t16;
				intOrPtr _t21;
				void* _t22;
				char* _t24;
				void* _t26;
				void* _t29;

				_t24 = __esi;
				_t21 = __edx;
				_t16 = __ebx;
				_t9 = E00402B6C(_t29, 0x20019); // executed
				_t22 = _t9;
				_t10 = E00402B0A(3);
				 *((intOrPtr*)(_t26 - 0x10)) = _t21;
				 *__esi = __ebx;
				if(_t22 == __ebx) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				} else {
					 *(_t26 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t26 - 0x24)) == __ebx) {
						_t13 = RegEnumValueA(_t22, _t10, __esi, _t26 + 8, __ebx, __ebx, __ebx, __ebx); // executed
						__eflags = _t13;
						if(_t13 != 0) {
							 *((intOrPtr*)(_t26 - 4)) = 1;
						}
					} else {
						RegEnumKeyA(_t22, _t10, __esi, 0x3ff);
					}
					_t24[0x3ff] = _t16;
					_push(_t22); // executed
					RegCloseKey(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}












                                                            0x0040254c
                                                            0x0040254c
                                                            0x0040254c
                                                            0x00402551
                                                            0x00402558
                                                            0x0040255a
                                                            0x00402562
                                                            0x00402565
                                                            0x00402567
                                                            0x00402783
                                                            0x0040256d
                                                            0x00402575
                                                            0x00402578
                                                            0x00402591
                                                            0x00402597
                                                            0x00402599
                                                            0x0040259b
                                                            0x0040259b
                                                            0x0040257a
                                                            0x0040257e
                                                            0x0040257e
                                                            0x004025a2
                                                            0x004025a8
                                                            0x004025a9
                                                            0x004025a9
                                                            0x004029bb
                                                            0x004029c7

                                                            APIs
                                                            • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 0040257E
                                                            • RegEnumValueA.KERNELBASE(00000000,00000000,?,?), ref: 00402591
                                                            • RegCloseKey.KERNELBASE(?,?,?,C:\Program Files\Wildix\WIService\proxyex.lnk,00000000,00000011,00000002), ref: 004025A9
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Enum$CloseValue
                                                            • String ID:
                                                            • API String ID: 397863658-0
                                                            • Opcode ID: 37e738cec324d61a2f70768af6b191aeff6b55d76fe7f4a5df61323c4f48b18c
                                                            • Instruction ID: 759f5540e81814690deb71b34766d19dbbd7be08400e999f0e3afb18397e9514
                                                            • Opcode Fuzzy Hash: 37e738cec324d61a2f70768af6b191aeff6b55d76fe7f4a5df61323c4f48b18c
                                                            • Instruction Fuzzy Hash: 7501BCB1A01205FFE7119F699E89ABF7ABCEB40344F10003EF442B62C0D6F84E049669
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040641D Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E0040641D(void* __ecx, void* _a4) {
				long _v8;
				long _t6;

				_t6 = WaitForSingleObject(_a4, 0x64);
				while(_t6 == 0x102) {
					E004063E4(0xf);
					_t6 = WaitForSingleObject(_a4, 0x64);
				}
				GetExitCodeProcess(_a4,  &_v8); // executed
				return _v8;
			}





                                                            0x0040642e
                                                            0x00406445
                                                            0x00406439
                                                            0x00406443
                                                            0x00406443
                                                            0x00406450
                                                            0x0040645c

                                                            APIs
                                                            • WaitForSingleObject.KERNEL32(?,00000064), ref: 0040642E
                                                            • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00406443
                                                            • GetExitCodeProcess.KERNELBASE ref: 00406450
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: ObjectSingleWait$CodeExitProcess
                                                            • String ID:
                                                            • API String ID: 2567322000-0
                                                            • Opcode ID: ba1f5f7b1c079a3fea216180ff6ccd943cd28908d0f0f38788cddc90b9a261d1
                                                            • Instruction ID: 6f56b437189419413ec573bccc3706163814273e018c7f0254a54b1a0f200d97
                                                            • Opcode Fuzzy Hash: ba1f5f7b1c079a3fea216180ff6ccd943cd28908d0f0f38788cddc90b9a261d1
                                                            • Instruction Fuzzy Hash: 20E09271600118BBDB009B44CD06E9E7B6EDB44704F118037BA01B6191D7B59E21AAA8
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73DA2921 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x73da4038 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x73da404c, 4, 0x40, 0x73da403c); // executed
					 *0x73da404c = 0xc2;
					 *0x73da403c = 0;
					 *0x73da4044 = 0;
					 *0x73da4058 = 0;
					 *0x73da4048 = 0;
					 *0x73da4040 = 0;
					 *0x73da4050 = 0;
					 *0x73da404e = 0;
				}
				return 1;
			}



                                                            0x73da292a
                                                            0x73da292f
                                                            0x73da293f
                                                            0x73da2947
                                                            0x73da294e
                                                            0x73da2953
                                                            0x73da2958
                                                            0x73da295d
                                                            0x73da2962
                                                            0x73da2967
                                                            0x73da296c
                                                            0x73da296c
                                                            0x73da2974

                                                            APIs
                                                            • VirtualProtect.KERNELBASE(73DA404C,00000004,00000040,73DA403C), ref: 73DA293F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.581302546.0000000073DA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 73DA0000, based on PE: true
                                                            • Associated: 00000000.00000002.581287668.0000000073DA0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000000.00000002.581318631.0000000073DA3000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000000.00000002.581338629.0000000073DA5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_73da0000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: ProtectVirtual
                                                            • String ID: `gqt@Mqt
                                                            • API String ID: 544645111-3052285678
                                                            • Opcode ID: 35ea6aa2fcfd5962deae843b4792d69cea4f8cf698b5517a76bcd740777e97e0
                                                            • Instruction ID: cf95fc3f519b22b0c10ea43457bd715dc35a9eeb651813b12fde36047317726e
                                                            • Opcode Fuzzy Hash: 35ea6aa2fcfd5962deae843b4792d69cea4f8cf698b5517a76bcd740777e97e0
                                                            • Instruction Fuzzy Hash: 97F098B3508260DEC360EF7AC6487063EF0A314654B22452AE59CE6341E3785864BB1E
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004024DA Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 84%
                                                            			E004024DA(int* __ebx, char* __esi) {
				void* _t17;
				char* _t18;
				long _t21;
				void* _t33;
				void* _t37;
				void* _t40;

				_t35 = __esi;
				_t27 = __ebx;
				_t17 = E00402B6C(_t40, 0x20019); // executed
				_t33 = _t17;
				_t18 = E00402B2C(0x33);
				 *__esi = __ebx;
				if(_t33 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x10) = 0x400;
					_t21 = RegQueryValueExA(_t33, _t18, __ebx, _t37 + 8, __esi, _t37 - 0x10); // executed
					if(_t21 != 0) {
						L7:
						 *_t35 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x24) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x24) == __ebx;
							E00405F6E(__esi,  *__esi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x24);
								_t35[0x3ff] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t33); // executed
					RegCloseKey(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *(_t37 - 4);
				return 0;
			}









                                                            0x004024da
                                                            0x004024da
                                                            0x004024df
                                                            0x004024e6
                                                            0x004024e8
                                                            0x004024ef
                                                            0x004024f1
                                                            0x00402783
                                                            0x004024f7
                                                            0x004024fa
                                                            0x0040250a
                                                            0x00402515
                                                            0x00402545
                                                            0x00402545
                                                            0x00402547
                                                            0x00402517
                                                            0x0040251b
                                                            0x00402534
                                                            0x0040253b
                                                            0x0040253e
                                                            0x0040251d
                                                            0x00402520
                                                            0x0040252b
                                                            0x004025a2
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00402520
                                                            0x0040251b
                                                            0x004025a8
                                                            0x004025a9
                                                            0x004025a9
                                                            0x004029bb
                                                            0x004029c7

                                                            APIs
                                                            • RegQueryValueExA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040250A
                                                            • RegCloseKey.KERNELBASE(?,?,?,C:\Program Files\Wildix\WIService\proxyex.lnk,00000000,00000011,00000002), ref: 004025A9
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: CloseQueryValue
                                                            • String ID:
                                                            • API String ID: 3356406503-0
                                                            • Opcode ID: a37d31d288198b64adb47b8aa86d19c7af9168ca8919097579984168ba4b2254
                                                            • Instruction ID: 8c7c89e59df7b4709da067e0fd7ec9be99446db0afc11a297a964fac99c2b4a6
                                                            • Opcode Fuzzy Hash: a37d31d288198b64adb47b8aa86d19c7af9168ca8919097579984168ba4b2254
                                                            • Instruction Fuzzy Hash: E5116A71901205EEDB11CF64CA599AEBAB4AB19348F60447FE042B62C0D6B88A45DB6D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405EF7 Relevance: 3.0, APIs: 2, Instructions: 44registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 90%
                                                            			E00405EF7(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x400;
				_t21 = E00405E96(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExA(_a20, _a12, 0,  &_a8, _t30,  &_v8); // executed
					_t21 = RegCloseKey(_a20); // executed
					_t30[0x3ff] = _t30[0x3ff] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                            0x00405f05
                                                            0x00405f07
                                                            0x00405f1f
                                                            0x00405f24
                                                            0x00405f29
                                                            0x00405f66
                                                            0x00405f66
                                                            0x00405f2b
                                                            0x00405f3d
                                                            0x00405f48
                                                            0x00405f4e
                                                            0x00405f58
                                                            0x00000000
                                                            0x00000000
                                                            0x00405f58
                                                            0x00405f6b

                                                            APIs
                                                            • RegQueryValueExA.KERNELBASE(-000010B8,0042E3A0,00000000,?,0042E3A0,00000400,0042E3A0,?,?,-000010B8,-000010B8,00000002,-000010B8,?,0040613B,80000002), ref: 00405F3D
                                                            • RegCloseKey.KERNELBASE(-000010B8,?,0040613B,80000002,Software\Microsoft\Windows\CurrentVersion,-000010B8,0042E3A0,0042E3A0,?,Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc), ref: 00405F48
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: CloseQueryValue
                                                            • String ID:
                                                            • API String ID: 3356406503-0
                                                            • Opcode ID: 074503bd4819f587f33d8f4257f8029770edcc3592d90d126d241b317bef6944
                                                            • Instruction ID: 2ff6a7a209fcbf00177f68e0cac6a7fed3d2e9df1b1dc864ec66af95abe17f1f
                                                            • Opcode Fuzzy Hash: 074503bd4819f587f33d8f4257f8029770edcc3592d90d126d241b317bef6944
                                                            • Instruction Fuzzy Hash: 63017C7250060AABDF228F61CD09FDB3FA8EF59364F04403AF955E2190D2B8DA54CFA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 59%
                                                            			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42f450;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42ebec =  *0x42ebec + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42ebec, 0x7530,  *0x42ebd4), 0); // executed
					}
				}
				return 0;
			}











                                                            0x0040138a
                                                            0x004013fa
                                                            0x0040139b
                                                            0x004013a0
                                                            0x00000000
                                                            0x00000000
                                                            0x004013a2
                                                            0x004013a3
                                                            0x004013ad
                                                            0x00000000
                                                            0x00401404
                                                            0x004013b0
                                                            0x004013b7
                                                            0x004013bd
                                                            0x004013be
                                                            0x004013c0
                                                            0x004013c2
                                                            0x004013b9
                                                            0x004013b9
                                                            0x004013ba
                                                            0x004013ba
                                                            0x004013c9
                                                            0x004013cb
                                                            0x004013f4
                                                            0x004013f4
                                                            0x004013c9
                                                            0x00000000

                                                            APIs
                                                            • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                            • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: MessageSend
                                                            • String ID:
                                                            • API String ID: 3850602802-0
                                                            • Opcode ID: 3ffebd5fca59fb87aab51f7597ede924ce92eaed1a0ec0a619fe9c5b1ad01a7d
                                                            • Instruction ID: 5ed4d9c38c73c282456bb639181f16eab54b9a7fb1a82fe129ff52a3f74c88ba
                                                            • Opcode Fuzzy Hash: 3ffebd5fca59fb87aab51f7597ede924ce92eaed1a0ec0a619fe9c5b1ad01a7d
                                                            • Instruction Fuzzy Hash: B101F4317242109BE7199B399D04B6A3698E710719F54823FF852F61F1D678EC028B4C
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004023E8 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004023E8(void* __ebx, void* __edx) {
				long _t6;
				void* _t9;
				long _t11;
				void* _t13;
				long _t18;
				void* _t20;
				void* _t22;
				void* _t23;

				_t13 = __ebx;
				_t26 =  *(_t23 - 0x24) - __ebx;
				_t20 = __edx;
				if( *(_t23 - 0x24) != __ebx) {
					_t6 = E00402BEA(_t20, E00402B2C(0x22),  *(_t23 - 0x24) >> 1); // executed
					_t18 = _t6;
					goto L4;
				} else {
					_t9 = E00402B6C(_t26, 2); // executed
					_t22 = _t9;
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t11 = RegDeleteValueA(_t22, E00402B2C(0x33)); // executed
						_t18 = _t11; // executed
						RegCloseKey(_t22); // executed
						L4:
						if(_t18 != _t13) {
							goto L6;
						}
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}











                                                            0x004023e8
                                                            0x004023e8
                                                            0x004023eb
                                                            0x004023ed
                                                            0x00402429
                                                            0x0040242e
                                                            0x00000000
                                                            0x004023ef
                                                            0x004023f1
                                                            0x004023f6
                                                            0x004023fa
                                                            0x00402783
                                                            0x00402783
                                                            0x00402400
                                                            0x00402409
                                                            0x00402410
                                                            0x00402412
                                                            0x00402430
                                                            0x00402432
                                                            0x00000000
                                                            0x00402438
                                                            0x00402432
                                                            0x004023fa
                                                            0x004029bb
                                                            0x004029c7

                                                            APIs
                                                            • RegDeleteValueA.KERNELBASE(00000000,00000000,00000033), ref: 00402409
                                                            • RegCloseKey.KERNELBASE(00000000), ref: 00402412
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: CloseDeleteValue
                                                            • String ID:
                                                            • API String ID: 2831762973-0
                                                            • Opcode ID: e7d8a32b6411c19df594e44ef8f442ab4c5114c567b1e7e96baca4bbbe39ce49
                                                            • Instruction ID: 992cd2d97de9e3103286cc81bf95427654d5587fd7cb6228862516595ad29640
                                                            • Opcode Fuzzy Hash: e7d8a32b6411c19df594e44ef8f442ab4c5114c567b1e7e96baca4bbbe39ce49
                                                            • Instruction Fuzzy Hash: 17F0BB32A00120ABD701AFB89B4DBAE72B9DB54314F15017FF502B72C1D5F85E01876D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004063A8 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004063A8(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a240);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a240));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a244));
				}
				_t5 = E0040633A(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                            0x004063b0
                                                            0x004063b3
                                                            0x004063ba
                                                            0x004063c2
                                                            0x004063ce
                                                            0x00000000
                                                            0x004063d5
                                                            0x004063c5
                                                            0x004063cc
                                                            0x00000000
                                                            0x004063dd
                                                            0x00000000

                                                            APIs
                                                            • GetModuleHandleA.KERNEL32(?,?,?,004032DE,0000000A), ref: 004063BA
                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 004063D5
                                                              • Part of subcall function 0040633A: GetSystemDirectoryA.KERNEL32 ref: 00406351
                                                              • Part of subcall function 0040633A: wsprintfA.USER32 ref: 0040638A
                                                              • Part of subcall function 0040633A: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040639E
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                            • String ID:
                                                            • API String ID: 2547128583-0
                                                            • Opcode ID: dd9300423111a071ed2c714751f7876f95e5d132df45129638b184150075da19
                                                            • Instruction ID: 650a49b09a3c495eabc0f371936d9c907298e200c4f2363c251d84495e191d7a
                                                            • Opcode Fuzzy Hash: dd9300423111a071ed2c714751f7876f95e5d132df45129638b184150075da19
                                                            • Instruction Fuzzy Hash: B4E08C32604220ABD2106A74AE0493B72A89E94710302083EF947F2240DB389C3697AD
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405BA9 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 68%
                                                            			E00405BA9(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                            0x00405bad
                                                            0x00405bba
                                                            0x00405bcf
                                                            0x00405bd5

                                                            APIs
                                                            • GetFileAttributesA.KERNELBASE(00000003,00402E04,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405BAD
                                                            • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BCF
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: File$AttributesCreate
                                                            • String ID:
                                                            • API String ID: 415043291-0
                                                            • Opcode ID: 80243517f436f95d2d00e5b5224d95f101b34955670c918b0becce4e09b30ec3
                                                            • Instruction ID: 6905ba7dec075751c4c8bdaf1e97cd52a4ed4154a0977e2bcfee25d1bc4df630
                                                            • Opcode Fuzzy Hash: 80243517f436f95d2d00e5b5224d95f101b34955670c918b0becce4e09b30ec3
                                                            • Instruction Fuzzy Hash: F5D09E31254201EFEF098F20DE16F2EBBA2EB94B00F11952CB682944E1DA715819AB19
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405B84 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00405B84(CHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesA(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesA(_a4, _t3 & 0x000000fe); // executed
				}
				return _t7;
			}





                                                            0x00405b89
                                                            0x00405b8f
                                                            0x00405b94
                                                            0x00405b9d
                                                            0x00405b9d
                                                            0x00405ba6

                                                            APIs
                                                            • GetFileAttributesA.KERNELBASE(?,?,0040579C,?,?,00000000,0040597F,?,?,?,?), ref: 00405B89
                                                            • SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405B9D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: AttributesFile
                                                            • String ID:
                                                            • API String ID: 3188754299-0
                                                            • Opcode ID: a53a5738952024e77fe51bdf82e6835a24f68a8863f167a8e3b3ad13dd9f075c
                                                            • Instruction ID: 89bb1c08115ccb47c9876ad1094a3663263f91dea81084495bed50ebcc9a35d2
                                                            • Opcode Fuzzy Hash: a53a5738952024e77fe51bdf82e6835a24f68a8863f167a8e3b3ad13dd9f075c
                                                            • Instruction Fuzzy Hash: B7D0C972504421ABD2102728AE0889BBBA5DB542717028A36F9A5A22B1DB304C569A99
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040567A Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E0040567A(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                            0x00405680
                                                            0x00405688
                                                            0x00000000
                                                            0x0040568e
                                                            0x00000000

                                                            APIs
                                                            • CreateDirectoryA.KERNELBASE(?,00000000,0040325E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 00405680
                                                            • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 0040568E
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: CreateDirectoryErrorLast
                                                            • String ID:
                                                            • API String ID: 1375471231-0
                                                            • Opcode ID: f012ed4f2e447eb03a7c1a9074efbf4aa4d4dcf66ab1e3e2b7403bfb804529af
                                                            • Instruction ID: cb450b3a329ff4c2b820c3640ee2c86a22e1ba63869c3c930ac7c2b00640337e
                                                            • Opcode Fuzzy Hash: f012ed4f2e447eb03a7c1a9074efbf4aa4d4dcf66ab1e3e2b7403bfb804529af
                                                            • Instruction Fuzzy Hash: B3C04C302145029EDA515B319E08B1B7A59AB90781F528839654AE81B0DE768455DD2E
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73DA2A38 Relevance: 1.6, APIs: 1, Instructions: 143registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 28%
                                                            			E73DA2A38(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t28;
				void* _t29;
				long _t33;
				void* _t37;
				void* _t40;
				void* _t45;
				void* _t49;
				signed int _t56;
				void* _t61;
				void* _t70;
				intOrPtr _t72;
				signed int _t77;
				intOrPtr _t79;
				intOrPtr _t80;
				void* _t81;
				void* _t87;
				void* _t88;
				void* _t89;
				void* _t90;
				intOrPtr _t93;
				intOrPtr _t94;

				if( *0x73da4040 != 0 && E73DA297D(_a4) == 0) {
					 *0x73da4044 = _t93;
					if( *0x73da403c != 0) {
						_t93 =  *0x73da403c;
					} else {
						E73DA2F60(E73DA2977(), __ecx);
						 *0x73da403c = _t93;
					}
				}
				_t28 = E73DA29AB(_a4);
				_t94 = _t93 + 4;
				if(_t28 <= 0) {
					L9:
					_t29 = E73DA299F();
					_t72 = _a4;
					_t79 =  *0x73da4048;
					 *((intOrPtr*)(_t29 + _t72)) = _t79;
					 *0x73da4048 = _t72;
					E73DA2999();
					_t33 = RegOpenKeyExA(??, ??, ??, ??, ??); // executed
					 *0x73da401c = _t33;
					 *0x73da4020 = _t79;
					if( *0x73da4040 != 0 && E73DA297D( *0x73da4048) == 0) {
						 *0x73da403c = _t94;
						_t94 =  *0x73da4044;
					}
					_t80 =  *0x73da4048;
					_a4 = _t80;
					 *0x73da4048 =  *((intOrPtr*)(E73DA299F() + _t80));
					_t37 = E73DA298B(_t80);
					_pop(_t81);
					if(_t37 != 0) {
						_t40 = E73DA29AB(_t81);
						if(_t40 > 0) {
							_push(_t40);
							_push(E73DA29B6() + _a4 + _v8);
							_push(E73DA29C0());
							if( *0x73da4040 <= 0 || E73DA297D(_a4) != 0) {
								_pop(_t88);
								_pop(_t45);
								__eflags =  *((intOrPtr*)(_t88 + _t45)) - 2;
								if(__eflags == 0) {
								}
								asm("loop 0xfffffff5");
							} else {
								_pop(_t89);
								_pop(_t49);
								 *0x73da403c =  *0x73da403c +  *(_t89 + _t49) * 4;
								asm("loop 0xffffffeb");
							}
						}
					}
					_t107 =  *0x73da4048;
					if( *0x73da4048 == 0) {
						 *0x73da403c = 0;
					}
					E73DA29E4(_t107, _a4,  *0x73da401c,  *0x73da4020);
					return _a4;
				}
				_push(E73DA29B6() + _a4);
				_t56 = E73DA29BC();
				_v8 = _t56;
				_t77 = _t28;
				_push(_t68 + _t56 * _t77);
				_t70 = E73DA29C8();
				_t87 = E73DA29C4();
				_t90 = E73DA29C0();
				_t61 = _t77;
				if( *((intOrPtr*)(_t90 + _t61)) == 2) {
					_push( *((intOrPtr*)(_t70 + _t61)));
				}
				_push( *((intOrPtr*)(_t87 + _t61)));
				asm("loop 0xfffffff1");
				goto L9;
			}

























                                                            0x73da2a48
                                                            0x73da2a59
                                                            0x73da2a66
                                                            0x73da2a7a
                                                            0x73da2a68
                                                            0x73da2a6d
                                                            0x73da2a72
                                                            0x73da2a72
                                                            0x73da2a66
                                                            0x73da2a83
                                                            0x73da2a88
                                                            0x73da2a8e
                                                            0x73da2ad2
                                                            0x73da2ad2
                                                            0x73da2ad7
                                                            0x73da2adc
                                                            0x73da2ae2
                                                            0x73da2ae4
                                                            0x73da2aea
                                                            0x73da2af7
                                                            0x73da2af9
                                                            0x73da2afe
                                                            0x73da2b0b
                                                            0x73da2b1e
                                                            0x73da2b24
                                                            0x73da2b2a
                                                            0x73da2b2b
                                                            0x73da2b31
                                                            0x73da2b3d
                                                            0x73da2b43
                                                            0x73da2b4b
                                                            0x73da2b4c
                                                            0x73da2b4f
                                                            0x73da2b5a
                                                            0x73da2b5c
                                                            0x73da2b68
                                                            0x73da2b6e
                                                            0x73da2b76
                                                            0x73da2ba2
                                                            0x73da2ba3
                                                            0x73da2ba5
                                                            0x73da2ba9
                                                            0x73da2ba9
                                                            0x73da2bb0
                                                            0x73da2b86
                                                            0x73da2b86
                                                            0x73da2b87
                                                            0x73da2b95
                                                            0x73da2b9e
                                                            0x73da2b9e
                                                            0x73da2b76
                                                            0x73da2b5a
                                                            0x73da2bb2
                                                            0x73da2bb9
                                                            0x73da2bbb
                                                            0x73da2bbb
                                                            0x73da2bd4
                                                            0x73da2be2
                                                            0x73da2be2
                                                            0x73da2a99
                                                            0x73da2a9a
                                                            0x73da2a9f
                                                            0x73da2aa3
                                                            0x73da2aa8
                                                            0x73da2abc
                                                            0x73da2abd
                                                            0x73da2abe
                                                            0x73da2ac0
                                                            0x73da2ac5
                                                            0x73da2ac7
                                                            0x73da2ac7
                                                            0x73da2aca
                                                            0x73da2ad0
                                                            0x00000000

                                                            APIs
                                                            • RegOpenKeyExA.KERNELBASE(00000000), ref: 73DA2AF7
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.581302546.0000000073DA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 73DA0000, based on PE: true
                                                            • Associated: 00000000.00000002.581287668.0000000073DA0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000000.00000002.581318631.0000000073DA3000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000000.00000002.581338629.0000000073DA5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_73da0000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Open
                                                            • String ID:
                                                            • API String ID: 71445658-0
                                                            • Opcode ID: 8206174ea161cbff9c2b8ecfee233e148a249965bc458f667a17895fca330172
                                                            • Instruction ID: 7c6de9105255369b4e8912b230d8a854b5f70c5d77fd74e1de7ef86f44499c49
                                                            • Opcode Fuzzy Hash: 8206174ea161cbff9c2b8ecfee233e148a249965bc458f667a17895fca330172
                                                            • Instruction Fuzzy Hash: 944170B3504318DFEB21EFABDB84B5937B5EB04724F244825E409F6244E7389C90AB69
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401F48 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 78%
                                                            			E00401F48(void* __ecx) {
				void* _t8;
				void* _t12;
				void* _t14;
				void* _t16;
				void* _t17;
				void* _t20;
				void* _t22;

				_t16 = __ecx;
				_t19 = E00402B2C(_t14);
				E00405137(0xffffffeb, _t6); // executed
				_t8 = E004056AF(_t19); // executed
				_t20 = _t8;
				if(_t20 == _t14) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x2c)) != _t14) {
						_t12 = E0040641D(_t16, _t20); // executed
						if( *((intOrPtr*)(_t22 - 0x30)) < _t14) {
							if(_t12 != _t14) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E00405F6E(_t17, _t12);
						}
					}
					_push(_t20); // executed
					FindCloseChangeNotification(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}










                                                            0x00401f48
                                                            0x00401f4e
                                                            0x00401f53
                                                            0x00401f59
                                                            0x00401f5e
                                                            0x00401f62
                                                            0x00402783
                                                            0x00401f68
                                                            0x00401f6b
                                                            0x00401f6e
                                                            0x00401f76
                                                            0x00401f83
                                                            0x00401f85
                                                            0x00401f85
                                                            0x00401f78
                                                            0x00401f7a
                                                            0x00401f7a
                                                            0x00401f76
                                                            0x00401f8c
                                                            0x00401f8d
                                                            0x00401f8d
                                                            0x004029bb
                                                            0x004029c7

                                                            APIs
                                                              • Part of subcall function 00405137: lstrlenA.KERNEL32(Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,00000000,00421E7B,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                              • Part of subcall function 00405137: lstrlenA.KERNEL32(00403156,Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,00000000,00421E7B,7476EA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                              • Part of subcall function 00405137: lstrcatA.KERNEL32(Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,00403156,00403156,Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,00000000,00421E7B,7476EA30), ref: 00405193
                                                              • Part of subcall function 00405137: SetWindowTextA.USER32(Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc,Execute: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc), ref: 004051A5
                                                              • Part of subcall function 00405137: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004051CB
                                                              • Part of subcall function 00405137: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004051E5
                                                              • Part of subcall function 00405137: SendMessageA.USER32(?,00001013,?,00000000), ref: 004051F3
                                                              • Part of subcall function 004056AF: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C078,Error launching installer), ref: 004056D8
                                                              • Part of subcall function 004056AF: CloseHandle.KERNEL32(?), ref: 004056E5
                                                            • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?), ref: 00401F8D
                                                              • Part of subcall function 0040641D: WaitForSingleObject.KERNEL32(?,00000064), ref: 0040642E
                                                              • Part of subcall function 0040641D: GetExitCodeProcess.KERNELBASE ref: 00406450
                                                              • Part of subcall function 00405F6E: wsprintfA.USER32 ref: 00405F7B
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$CloseProcesslstrlen$ChangeCodeCreateExitFindHandleNotificationObjectSingleTextWaitWindowlstrcatwsprintf
                                                            • String ID:
                                                            • API String ID: 1543427666-0
                                                            • Opcode ID: f8363799d4078e813ba25254c12b07cb01106bdfe0a7eb29a0760d46d4749358
                                                            • Instruction ID: 496c5526ea8919913ac139df2c9003272b56504e991eb5cf70cacdc6c7c0cc95
                                                            • Opcode Fuzzy Hash: f8363799d4078e813ba25254c12b07cb01106bdfe0a7eb29a0760d46d4749358
                                                            • Instruction Fuzzy Hash: B2F09072A04121ABCB21BBA59A849EF72A8DF41314F51017BE901B72D1C37C0A428ABE
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004026EF Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 40%
                                                            			E004026EF(intOrPtr __edx, void* __eflags) {
				long _t7;
				long _t9;
				LONG* _t11;
				void* _t13;
				intOrPtr _t14;
				void* _t17;
				void* _t19;

				_t14 = __edx;
				_push(ds);
				if(__eflags != 0) {
					_t7 = E00402B0A(2);
					_pop(_t13);
					 *((intOrPtr*)(_t19 - 0x10)) = _t14;
					_t9 = SetFilePointer(E00405F87(_t13, _t17), _t7, _t11,  *(_t19 - 0x28)); // executed
					if( *((intOrPtr*)(_t19 - 0x30)) >= _t11) {
						_push(_t9);
						E00405F6E();
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}










                                                            0x004026ef
                                                            0x004026ef
                                                            0x004026f0
                                                            0x004026f8
                                                            0x004026fd
                                                            0x004026fe
                                                            0x0040270d
                                                            0x00402716
                                                            0x0040295e
                                                            0x00402960
                                                            0x00402960
                                                            0x00402716
                                                            0x004029bb
                                                            0x004029c7

                                                            APIs
                                                            • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 0040270D
                                                              • Part of subcall function 00405F6E: wsprintfA.USER32 ref: 00405F7B
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: FilePointerwsprintf
                                                            • String ID:
                                                            • API String ID: 327478801-0
                                                            • Opcode ID: e2356404ccad4a8935ddbf8fc280853e41599541898f6f199fb76157ee16f907
                                                            • Instruction ID: 342abdd748c97434aad0a636f6a3342ea7e6d44647dfd0d52b4034c74de68662
                                                            • Opcode Fuzzy Hash: e2356404ccad4a8935ddbf8fc280853e41599541898f6f199fb76157ee16f907
                                                            • Instruction Fuzzy Hash: 32E06DB2700215ABD702ABA4AE89DBF776CEB44314F10043BF200F10C0C6B948428A69
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040273B Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 41%
                                                            			E0040273B(char __ebx, void* __ecx, char* __esi, void* __eflags) {
				void* _t5;
				int _t8;
				char _t11;
				void* _t15;
				void* _t19;

				_t17 = __esi;
				_t11 = __ebx;
				_t5 = E00405F87(__ecx, _t15);
				if(_t5 == __ebx) {
					L2:
					 *((intOrPtr*)(_t19 - 4)) = 1;
					 *_t17 = _t11;
				} else {
					_t8 = FindNextFileA(_t5, _t19 - 0x1c8); // executed
					if(_t8 != 0) {
						_push(_t19 - 0x19c);
						_push(__esi);
						E00406010();
					} else {
						goto L2;
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}








                                                            0x0040273b
                                                            0x0040273b
                                                            0x0040273c
                                                            0x00402743
                                                            0x00402757
                                                            0x00402757
                                                            0x0040275e
                                                            0x00402745
                                                            0x0040274d
                                                            0x00402755
                                                            0x0040279c
                                                            0x0040279d
                                                            0x004028d6
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00402755
                                                            0x004029bb
                                                            0x004029c7

                                                            APIs
                                                            • FindNextFileA.KERNELBASE(00000000,?), ref: 0040274D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: FileFindNext
                                                            • String ID:
                                                            • API String ID: 2029273394-0
                                                            • Opcode ID: 6c16fb3265d5434a67bbc3a754364c03fa3765a95b5e2a99f6dd1015abf345d3
                                                            • Instruction ID: d4e75fc674a14897d4eb9114d760336efd11fbe9bbc54defada1aced3dc9a7b2
                                                            • Opcode Fuzzy Hash: 6c16fb3265d5434a67bbc3a754364c03fa3765a95b5e2a99f6dd1015abf345d3
                                                            • Instruction Fuzzy Hash: E7E06D726001159BD711EBA49A88AAEB3ACEB15314F60447BD142F31C0E6B999869B29
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405EC4 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00405EC4(void* __eflags, intOrPtr _a4, char* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00405E1B(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExA(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                            0x00405ece
                                                            0x00405ed7
                                                            0x00405eed
                                                            0x00000000
                                                            0x00405eed
                                                            0x00405edb
                                                            0x00000000

                                                            APIs
                                                            • RegCreateKeyExA.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402BDD,00000000,?,?), ref: 00405EED
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Create
                                                            • String ID:
                                                            • API String ID: 2289755597-0
                                                            • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                            • Instruction ID: 1d4fb08659ff36ace7b23f5759770be8a1f2413d8495cc917bdfefdc51ec9cff
                                                            • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                            • Instruction Fuzzy Hash: 64E0E67201050DBEDF195F50DD0AD7B371DE704304F10492EFA45D5150E6B5AA716B78
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405C50 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00405C50(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                            0x00405c54
                                                            0x00405c64
                                                            0x00405c6c
                                                            0x00000000
                                                            0x00405c73
                                                            0x00000000
                                                            0x00405c75

                                                            APIs
                                                            • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004031D6,00000000,0041D428,000000FF,0041D428,000000FF,000000FF,00000004,00000000), ref: 00405C64
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: FileWrite
                                                            • String ID:
                                                            • API String ID: 3934441357-0
                                                            • Opcode ID: d47d29d2c4ad98e9097244963089aa7711ad8f9da7a01510603535aa68a2578c
                                                            • Instruction ID: df976955bb7b77361248817f919be03bb6bd2f6f3b4dc1c0c3d16748aaf5f5c5
                                                            • Opcode Fuzzy Hash: d47d29d2c4ad98e9097244963089aa7711ad8f9da7a01510603535aa68a2578c
                                                            • Instruction Fuzzy Hash: 65E0EC3221476EABEF509F559D04EEB7B6CEB06360F004436FE25E2550D631E9219BA8
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405C21 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00405C21(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                            0x00405c25
                                                            0x00405c35
                                                            0x00405c3d
                                                            0x00000000
                                                            0x00405c44
                                                            0x00000000
                                                            0x00405c46

                                                            APIs
                                                            • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403220,00000000,00000000,0040304A,000000FF,00000004,00000000,00000000,00000000), ref: 00405C35
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: FileRead
                                                            • String ID:
                                                            • API String ID: 2738559852-0
                                                            • Opcode ID: c828ac78080eafadef002e80ceae40fa9d69551b6ff84e56452d6cc727993955
                                                            • Instruction ID: 6d14d449f293f6f00ca5a49b865ea561f53b7d8d8b79739f6419f9b8fb6d3ad5
                                                            • Opcode Fuzzy Hash: c828ac78080eafadef002e80ceae40fa9d69551b6ff84e56452d6cc727993955
                                                            • Instruction Fuzzy Hash: 9EE0EC3221476AABEF109E559C00EEB7B6CEB05361F008836F915E3150D631E8219FA8
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405E96 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00405E96(void* __eflags, intOrPtr _a4, char* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00405E1B(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExA(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                            0x00405ea0
                                                            0x00405ea7
                                                            0x00405eba
                                                            0x00000000
                                                            0x00405eba
                                                            0x00405eab
                                                            0x00000000

                                                            APIs
                                                            • RegOpenKeyExA.KERNELBASE(00000000,?,00000000,0042E3A0,0042E3A0,?,0042E3A0,?,00405F24,?,?,-000010B8,-000010B8,00000002,-000010B8), ref: 00405EBA
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Open
                                                            • String ID:
                                                            • API String ID: 71445658-0
                                                            • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                            • Instruction ID: 4562f56e26d1b405a4b2aa3aa7a0366252bc09d65f2ff82b9814b1ce5e7315b9
                                                            • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                            • Instruction Fuzzy Hash: 19D0EC3200020DBADF115F90DD05FAB3B2EEB04310F004426FA45A50A0D775D630AA58
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040409E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E0040409E(intOrPtr _a12) {
				intOrPtr _v0;
				struct HWND__* _v4;
				int _t7;
				void* _t8;
				void* _t9;
				void* _t10;

				_t7 = SetDlgItemTextA(_v4, _v0 + 0x3e8, E00406032(_t8, _t9, _t10, 0, _a12)); // executed
				return _t7;
			}









                                                            0x004040b8
                                                            0x004040bd

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: ItemText
                                                            • String ID:
                                                            • API String ID: 3367045223-0
                                                            • Opcode ID: 3342009c4bcc52ea6558533371d894f69e84579cd7c87dcd0a7fc8e4b7aae4f8
                                                            • Instruction ID: 6a473d6abd2afb14868c07d698b52ed5b96812309ea8467a529f180f5ae5c3ae
                                                            • Opcode Fuzzy Hash: 3342009c4bcc52ea6558533371d894f69e84579cd7c87dcd0a7fc8e4b7aae4f8
                                                            • Instruction Fuzzy Hash: 7BC04C75188300FFD641E769CC42F1FB7DDEFA4716F40C52EB15CA11D1C63589209A26
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004040EA Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004040EA(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x42ebd8; // 0x103a6
				if(_t2 != 0) {
					_t3 = SendMessageA(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                            0x004040ea
                                                            0x004040f1
                                                            0x004040fc
                                                            0x00000000
                                                            0x004040fc
                                                            0x00404102

                                                            APIs
                                                            • SendMessageA.USER32(000103A6,00000000,00000000,00000000), ref: 004040FC
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: MessageSend
                                                            • String ID:
                                                            • API String ID: 3850602802-0
                                                            • Opcode ID: 72d0fdd0e21cb56c477cf419d385c95605940825065c69d2cee1e8d6d2b2924a
                                                            • Instruction ID: 7943fe6562f209d381c89a283f4c80e3b99f892abcbfa0530db3e7c971cb473d
                                                            • Opcode Fuzzy Hash: 72d0fdd0e21cb56c477cf419d385c95605940825065c69d2cee1e8d6d2b2924a
                                                            • Instruction Fuzzy Hash: D1C04C717406006AEA20CB519D4DF0677556750B01F5484797351E50D0C674E850DA1C
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00403223 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00403223(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                            0x00403231
                                                            0x00403237

                                                            APIs
                                                            • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402F89,?), ref: 00403231
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: FilePointer
                                                            • String ID:
                                                            • API String ID: 973152223-0
                                                            • Opcode ID: af556f1437a27586b8d302be8c6d190c2fb2fb51029204f11d8d070fc2108142
                                                            • Instruction ID: 81fdcbbc46e9ac73494c3809a02cbb86869920566b24394b282a4516d046c7b0
                                                            • Opcode Fuzzy Hash: af556f1437a27586b8d302be8c6d190c2fb2fb51029204f11d8d070fc2108142
                                                            • Instruction Fuzzy Hash: 32B01231140300BFDA214F00DF09F057B21AB90700F10C034B384780F086711075EB0D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004040D3 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004040D3(int _a4) {
				long _t2;

				_t2 = SendMessageA( *0x42f408, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                            0x004040e1
                                                            0x004040e7

                                                            APIs
                                                            • SendMessageA.USER32(00000028,?,00000001,00403F03), ref: 004040E1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: MessageSend
                                                            • String ID:
                                                            • API String ID: 3850602802-0
                                                            • Opcode ID: 2bf10b83fa6dd9bc40a18547b02fbce2a65827e50004d0a7ab2884d4d9fdcea2
                                                            • Instruction ID: 0adc9c0e194aa77c868d6ef978719a9753de7db756a7c543b14a3307e76eee0a
                                                            • Opcode Fuzzy Hash: 2bf10b83fa6dd9bc40a18547b02fbce2a65827e50004d0a7ab2884d4d9fdcea2
                                                            • Instruction Fuzzy Hash: B2B09235280A00AAEA215B00DE09F467A62A764701F408038B240250B1CAB200A6DB18
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004040C0 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004040C0(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x42a86c, _a4); // executed
				return _t2;
			}




                                                            0x004040ca
                                                            0x004040d0

                                                            APIs
                                                            • KiUserCallbackDispatcher.NTDLL(?,00403E9C), ref: 004040CA
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: CallbackDispatcherUser
                                                            • String ID:
                                                            • API String ID: 2492992576-0
                                                            • Opcode ID: a5e593389213340eb0093cabe197c3c64578a6f34cb7028dbabfa569c0510a2c
                                                            • Instruction ID: d750239a91494785f156a03a2b8d5ac9aaa4eec5ddabb582aaccf4f48b9497e5
                                                            • Opcode Fuzzy Hash: a5e593389213340eb0093cabe197c3c64578a6f34cb7028dbabfa569c0510a2c
                                                            • Instruction Fuzzy Hash: C9A012710000009BCB015B00EF04C057F61AB507007018434A2404003186310432FF1D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004014D6(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402B0A(_t7);
				 *((intOrPtr*)(_t13 - 0x10)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}







                                                            0x004014d6
                                                            0x004014d7
                                                            0x004014e0
                                                            0x004014e3
                                                            0x004014e7
                                                            0x004014e7
                                                            0x004014e9
                                                            0x004029bb
                                                            0x004029c7

                                                            APIs
                                                            • Sleep.KERNELBASE(00000000), ref: 004014E9
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Sleep
                                                            • String ID:
                                                            • API String ID: 3472027048-0
                                                            • Opcode ID: 304e40c09ca84ea39dbdbc89486c3f13133389b82dc946018d0dbde829e4e3d0
                                                            • Instruction ID: bd841e02301729f6c733b5dcab67e03884b535d4bcf0bc385101bf129f75e5b0
                                                            • Opcode Fuzzy Hash: 304e40c09ca84ea39dbdbc89486c3f13133389b82dc946018d0dbde829e4e3d0
                                                            • Instruction Fuzzy Hash: A6D05E73B10201CBD710EBB8AE8485F73B8E7503257604837D542F2191E6B8C9428668
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004059D3 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004059D3(CHAR* _a4, intOrPtr _a8) {
				CHAR* _t3;
				char _t4;

				_t3 = _a4;
				while(1) {
					_t4 =  *_t3;
					if(_t4 == 0) {
						break;
					}
					if(_t4 != _a8) {
						_t3 = CharNextA(_t3); // executed
						continue;
					}
					break;
				}
				return _t3;
			}





                                                            0x004059d3
                                                            0x004059e6
                                                            0x004059e6
                                                            0x004059ea
                                                            0x00000000
                                                            0x00000000
                                                            0x004059dd
                                                            0x004059e0
                                                            0x00000000
                                                            0x004059e0
                                                            0x00000000
                                                            0x004059dd
                                                            0x004059ec

                                                            APIs
                                                            • CharNextA.USER32(?,00403378,"C:\Users\user\Desktop\SetupWIService.exe" ,00000020,"C:\Users\user\Desktop\SetupWIService.exe" ,00000000,?,00000006,00000008,0000000A), ref: 004059E0
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: CharNext
                                                            • String ID:
                                                            • API String ID: 3213498283-0
                                                            • Opcode ID: b3d75e14ea0bc4fa348e11ce3f4095a46dc29e6244dbf990e81a5bdbde5f45a4
                                                            • Instruction ID: fb46cbef96bab5e8de83f3e70455494bb3dc5217d55310dbd9e97dfd5a00caf8
                                                            • Opcode Fuzzy Hash: b3d75e14ea0bc4fa348e11ce3f4095a46dc29e6244dbf990e81a5bdbde5f45a4
                                                            • Instruction Fuzzy Hash: 17C0807040C540E7C5105720912556B7FE49B52310F6484DBF4C173251C1345C008F25
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73DA1215 Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E73DA1215() {
				void* _t1;

				_t1 = GlobalAlloc(0x40,  *0x73da405c); // executed
				return _t1;
			}




                                                            0x73da121d
                                                            0x73da1223

                                                            APIs
                                                            • GlobalAlloc.KERNELBASE(00000040,73DA1233,?,73DA12CF,-73DA404B,73DA11AB,-000000A0), ref: 73DA121D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.581302546.0000000073DA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 73DA0000, based on PE: true
                                                            • Associated: 00000000.00000002.581287668.0000000073DA0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000000.00000002.581318631.0000000073DA3000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000000.00000002.581338629.0000000073DA5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_73da0000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: AllocGlobal
                                                            • String ID:
                                                            • API String ID: 3761449716-0
                                                            • Opcode ID: 9f75f622c7bec0b343c4f881ad79548267f5d9eae9d3fdebfb69a44badfcb548
                                                            • Instruction ID: 1f25f4f8fcabb2125799573bd3340c6d76506b35d2db214c489f3b103d954571
                                                            • Opcode Fuzzy Hash: 9f75f622c7bec0b343c4f881ad79548267f5d9eae9d3fdebfb69a44badfcb548
                                                            • Instruction Fuzzy Hash: E1A00173944110DADE41AAE28A0AB143A22A748702F228040E35954294CBA64820BB2E
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Non-executed Functions

                                                            Function 00404530 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 78%
                                                            			E00404530(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed char _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed char* _t160;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;
				void* _t205;

				_t156 = __edx;
				_t82 =  *0x42a048; // 0x5c8834
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + "0x00004688";
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405710(0x3fb, _t146);
					E0040627A(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405710(0x3fb, _t146);
							if(E00405A96(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00406010(0x429840, _t146);
							_t87 = E004063A8(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406010(0x429840, _t146);
								_t89 = E00405A41(0x429840);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x429840,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x429840) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x429840,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E004059EF(0x429840);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160 - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x429840) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E004049C4(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x42ebdc; // 0x5d4598
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E004049AC(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x429830);
									} else {
										E004048E7(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42f4c4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E004040C0(0 | _v8 == _t158);
								if(_v8 == _t158) {
									_t205 =  *0x42a860 - _t158; // 0x0
									if(_t205 == 0) {
										E00404489();
									}
								}
								 *0x42a860 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x42a870;
							_v60 = E00404881;
							_v56 = _t146;
							_v68 = E00406032(_t146, 0x42a870, _t166, 0x429c48, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E004059A8(_t146);
								_t125 =  *((intOrPtr*)( *0x42f414 + 0x11c));
								if( *((intOrPtr*)( *0x42f414 + 0x11c)) != 0 && _t146 == "C:\\Program Files\\Wildix\\WIService") {
									E00406032(_t146, 0x42a870, _t166, 0, _t125);
									if(lstrcmpiA(0x42e3a0, 0x42a870) != 0) {
										lstrcatA(_t146, 0x42e3a0);
									}
								}
								 *0x42a860 =  *0x42a860 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					} else {
						_a8 = 0x40f;
						goto L12;
					}
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405A15(_t146) != 0 && E00405A41(_t146) == 0) {
						E004059A8(_t146);
					}
					 *0x42ebd8 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E0040409E(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E0040409E(_t166);
					E004040D3(_t165);
					_t138 = E004063A8(7);
					if(_t138 == 0) {
						L53:
						return E00404105(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}















































                                                            0x00404530
                                                            0x00404536
                                                            0x0040453c
                                                            0x00404549
                                                            0x00404557
                                                            0x0040455a
                                                            0x00404562
                                                            0x00404568
                                                            0x00404568
                                                            0x00404574
                                                            0x00404577
                                                            0x004045e5
                                                            0x004045ec
                                                            0x004046c3
                                                            0x004046ca
                                                            0x004046d9
                                                            0x004046d9
                                                            0x004046dd
                                                            0x004046e7
                                                            0x004046f4
                                                            0x004046f6
                                                            0x004046f6
                                                            0x00404704
                                                            0x0040470b
                                                            0x00404712
                                                            0x00404715
                                                            0x0040474c
                                                            0x0040474e
                                                            0x00404754
                                                            0x00404759
                                                            0x0040475d
                                                            0x0040475f
                                                            0x0040475f
                                                            0x0040477b
                                                            0x00000000
                                                            0x0040477d
                                                            0x00404780
                                                            0x0040478e
                                                            0x00404794
                                                            0x00404795
                                                            0x00404798
                                                            0x0040479b
                                                            0x00000000
                                                            0x0040479b
                                                            0x00404717
                                                            0x00404719
                                                            0x0040471d
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040471f
                                                            0x0040471f
                                                            0x0040472c
                                                            0x00404731
                                                            0x00000000
                                                            0x00000000
                                                            0x00404735
                                                            0x00404737
                                                            0x00404737
                                                            0x0040473f
                                                            0x00404741
                                                            0x00404744
                                                            0x00404747
                                                            0x0040474a
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040474a
                                                            0x004047a7
                                                            0x004047b1
                                                            0x004047b4
                                                            0x004047b7
                                                            0x004047be
                                                            0x004047be
                                                            0x004047c0
                                                            0x004047c0
                                                            0x004047c5
                                                            0x004047c7
                                                            0x004047cf
                                                            0x004047d6
                                                            0x004047d8
                                                            0x004047e3
                                                            0x004047e3
                                                            0x004047d8
                                                            0x004047ea
                                                            0x004047f3
                                                            0x004047fd
                                                            0x00404805
                                                            0x00404820
                                                            0x00404807
                                                            0x00404810
                                                            0x00404810
                                                            0x00404805
                                                            0x00404825
                                                            0x0040482a
                                                            0x0040482f
                                                            0x00404838
                                                            0x00404838
                                                            0x00404841
                                                            0x00404843
                                                            0x00404843
                                                            0x0040484f
                                                            0x00404857
                                                            0x00404859
                                                            0x0040485f
                                                            0x00404861
                                                            0x00404861
                                                            0x0040485f
                                                            0x00404866
                                                            0x00000000
                                                            0x00404866
                                                            0x00404715
                                                            0x004046cc
                                                            0x004046d3
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004046d3
                                                            0x004045f2
                                                            0x004045fb
                                                            0x00404615
                                                            0x0040461a
                                                            0x00404624
                                                            0x0040462b
                                                            0x00404637
                                                            0x0040463a
                                                            0x0040463d
                                                            0x00404644
                                                            0x0040464c
                                                            0x0040464f
                                                            0x00404653
                                                            0x0040465a
                                                            0x00404662
                                                            0x004046bc
                                                            0x00404664
                                                            0x00404665
                                                            0x0040466c
                                                            0x00404676
                                                            0x0040467e
                                                            0x0040468b
                                                            0x0040469f
                                                            0x004046a3
                                                            0x004046a3
                                                            0x0040469f
                                                            0x004046a8
                                                            0x004046b5
                                                            0x004046b5
                                                            0x00404662
                                                            0x00000000
                                                            0x0040461a
                                                            0x00404608
                                                            0x00000000
                                                            0x0040460e
                                                            0x0040460e
                                                            0x00000000
                                                            0x0040460e
                                                            0x00404579
                                                            0x00404586
                                                            0x0040458f
                                                            0x0040459c
                                                            0x0040459c
                                                            0x004045a3
                                                            0x004045a9
                                                            0x004045b2
                                                            0x004045b5
                                                            0x004045b8
                                                            0x004045c0
                                                            0x004045c3
                                                            0x004045c6
                                                            0x004045cc
                                                            0x004045d3
                                                            0x004045da
                                                            0x0040486c
                                                            0x0040487e
                                                            0x004045e0
                                                            0x004045e3
                                                            0x00000000
                                                            0x004045e3
                                                            0x004045da

                                                            APIs
                                                            • GetDlgItem.USER32 ref: 0040457F
                                                            • SetWindowTextA.USER32(00000000,?), ref: 004045A9
                                                            • SHBrowseForFolderA.SHELL32(?,00429C48,?), ref: 0040465A
                                                            • CoTaskMemFree.OLE32(00000000), ref: 00404665
                                                            • lstrcmpiA.KERNEL32(0042E3A0,Wildix Integration Service v3.9.1 Setup ,00000000,?,?), ref: 00404697
                                                            • lstrcatA.KERNEL32(?,0042E3A0), ref: 004046A3
                                                            • SetDlgItemTextA.USER32 ref: 004046B5
                                                              • Part of subcall function 00405710: GetDlgItemTextA.USER32 ref: 00405723
                                                              • Part of subcall function 0040627A: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SetupWIService.exe" ,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062D2
                                                              • Part of subcall function 0040627A: CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004062DF
                                                              • Part of subcall function 0040627A: CharNextA.USER32(?,"C:\Users\user\Desktop\SetupWIService.exe" ,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062E4
                                                              • Part of subcall function 0040627A: CharPrevA.USER32(?,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062F4
                                                            • GetDiskFreeSpaceA.KERNEL32(00429840,?,?,0000040F,?,00429840,00429840,?,00000001,00429840,?,?,000003FB,?), ref: 00404773
                                                            • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040478E
                                                              • Part of subcall function 004048E7: lstrlenA.KERNEL32(Wildix Integration Service v3.9.1 Setup ,Wildix Integration Service v3.9.1 Setup ,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404802,000000DF,00000000,00000400,?), ref: 00404985
                                                              • Part of subcall function 004048E7: wsprintfA.USER32 ref: 0040498D
                                                              • Part of subcall function 004048E7: SetDlgItemTextA.USER32 ref: 004049A0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                            • String ID: 0x00004688$A$C:\Program Files\Wildix\WIService$Wildix Integration Service v3.9.1 Setup
                                                            • API String ID: 2624150263-4005765301
                                                            • Opcode ID: f8c5b323b79a30612e5f20638997160abd30a80c2805ffb51c5d0b55a3138d2a
                                                            • Instruction ID: 05eea3de79cf24fe9bb33e9012793c4f482d3b98f46f23a5f19240ee3c7d349e
                                                            • Opcode Fuzzy Hash: f8c5b323b79a30612e5f20638997160abd30a80c2805ffb51c5d0b55a3138d2a
                                                            • Instruction Fuzzy Hash: 78A160B1900218ABDB11AFA6CD45AAF77B8AF85314F14843BF601B62D1D77C8A418B6D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004067ED Relevance: .3, Instructions: 334COMMONCrypto
                                                            Download Yara Rule
                                                            C-Code - Quality: 79%
                                                            			E004067ED(signed int __ebx, signed int* __esi) {
				signed int _t396;
				signed int _t425;
				signed int _t442;
				signed int _t443;
				signed int* _t446;
				void* _t448;

				L0:
				while(1) {
					L0:
					_t446 = __esi;
					_t425 = __ebx;
					if( *(_t448 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t443 = _t442 | 0xffffffff;
							 *_t446 = 0x11;
							L10:
							_t446[0x147] =  *(_t448 - 0x40);
							_t446[0x146] = _t425;
							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
							L11:
							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
							_t446[0x26ea] =  *(_t448 - 0x30);
							E00406F5C( *(_t448 + 8));
							return _t443;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L182;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x408400; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x408400; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E00406FC4( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L180:
									_t396 =  *_t446;
									if(_t396 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t396 * 4 +  &M00406F1C))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x40a3e8 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L180;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L180;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L180;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x40a3e8 + __eax * 2) & 0x0000ffff =  *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x40a3e8 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L180;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L180;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x40a3e8 + __eax * 2) & 0x0000ffff =  *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											__eax = __eax - __esi;
											__ecx = __eax - __esi - 0x1ba0;
											__eflags = __eax - __esi - 0x1ba0 - __edx;
											if(__eax - __esi - 0x1ba0 >= __edx) {
												__ecx = __eax;
												__ecx = __eax - __edx;
												__eflags = __ecx;
											} else {
												__esi[0x26e8] = __esi[0x26e8] - __edx;
												__ecx = __esi[0x26e8] - __edx - __esi;
												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
											}
											__eflags = __esi[1];
											 *(__ebp - 0x20) = __ecx;
											if(__esi[1] != 0) {
												L135:
												__edi =  *(__ebp - 0x2c);
												do {
													L136:
													__eflags = __edi;
													if(__edi != 0) {
														goto L152;
													}
													L137:
													__edi = __esi[0x26e8];
													__eflags = __eax - __edi;
													if(__eax != __edi) {
														L143:
														__esi[0x26ea] = __eax;
														__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
														__eax = __esi[0x26ea];
														__ecx = __esi[0x26e9];
														__eflags = __eax - __ecx;
														 *(__ebp - 0x30) = __eax;
														if(__eax >= __ecx) {
															__edi = __esi[0x26e8];
															__edi = __esi[0x26e8] - __eax;
															__eflags = __edi;
														} else {
															__ecx = __ecx - __eax;
															__edi = __ecx - __eax - 1;
														}
														__edx = __esi[0x26e8];
														__eflags = __eax - __edx;
														 *(__ebp - 8) = __edx;
														if(__eax == __edx) {
															__edx =  &(__esi[0x6e8]);
															__eflags = __ecx - __edx;
															if(__ecx != __edx) {
																__eax = __edx;
																__eflags = __eax - __ecx;
																 *(__ebp - 0x30) = __eax;
																if(__eax >= __ecx) {
																	__edi =  *(__ebp - 8);
																	__edi =  *(__ebp - 8) - __eax;
																	__eflags = __edi;
																} else {
																	__ecx = __ecx - __eax;
																	__edi = __ecx;
																}
															}
														}
														__eflags = __edi;
														if(__edi == 0) {
															goto L183;
														} else {
															goto L152;
														}
													}
													L138:
													__ecx = __esi[0x26e9];
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx == __edx) {
														goto L143;
													}
													L139:
													__eax = __edx;
													__eflags = __eax - __ecx;
													if(__eax >= __ecx) {
														__edi = __edi - __eax;
														__eflags = __edi;
													} else {
														__ecx = __ecx - __eax;
														__edi = __ecx;
													}
													__eflags = __edi;
													if(__edi == 0) {
														goto L143;
													}
													L152:
													__ecx =  *(__ebp - 0x20);
													 *__eax =  *__ecx;
													__eax = __eax + 1;
													__ecx = __ecx + 1;
													__edi = __edi - 1;
													__eflags = __ecx - __esi[0x26e8];
													 *(__ebp - 0x30) = __eax;
													 *(__ebp - 0x20) = __ecx;
													 *(__ebp - 0x2c) = __edi;
													if(__ecx == __esi[0x26e8]) {
														__ecx =  &(__esi[0x6e8]);
														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
													}
													_t357 =  &(__esi[1]);
													 *_t357 = __esi[1] - 1;
													__eflags =  *_t357;
												} while ( *_t357 != 0);
											}
											goto L23;
										case 6:
											L156:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L172:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L157:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L163:
												__esi[0x26ea] = __edi;
												__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L172;
												}
											}
											L158:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if(__eax == __edx) {
												goto L163;
											}
											L159:
											__edi = __edx;
											__eflags = __edi - __eax;
											if(__edi >= __eax) {
												__ecx = __ecx - __edi;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edi;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L172;
											} else {
												goto L163;
											}
										case 7:
											L173:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t380 = __ebp - 0x38;
												 *_t380 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t380;
											}
											goto L175;
										case 8:
											L4:
											while(_t425 < 3) {
												if( *(_t448 - 0x34) == 0) {
													goto L182;
												} else {
													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
													_t425 = _t425 + 8;
													continue;
												}
											}
											_t425 = _t425 - 3;
											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
											_t406 =  *(_t448 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t408 = _t406 >> 1;
											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
											if(_t408 == 0) {
												L24:
												 *_t446 = 9;
												_t436 = _t425 & 0x00000007;
												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
												_t425 = _t425 - _t436;
												goto L180;
											}
											L6:
											_t411 = _t408 - 1;
											if(_t411 == 0) {
												L13:
												__eflags =  *0x42e388;
												if( *0x42e388 != 0) {
													L22:
													_t412 =  *0x40a40c; // 0x9
													_t446[4] = _t412;
													_t413 =  *0x40a410; // 0x5
													_t446[4] = _t413;
													_t414 =  *0x42d204; // 0x42db08
													_t446[5] = _t414;
													_t415 =  *0x42d200; // 0x42e308
													_t446[6] = _t415;
													L23:
													 *_t446 =  *_t446 & 0x00000000;
													goto L180;
												} else {
													_t26 = _t448 - 8;
													 *_t26 =  *(_t448 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t416 = 0x42d208;
													goto L15;
													L20:
													 *_t416 = _t438;
													_t416 = _t416 + 4;
													__eflags = _t416 - 0x42d688;
													if(_t416 < 0x42d688) {
														L15:
														__eflags = _t416 - 0x42d444;
														_t438 = 8;
														if(_t416 > 0x42d444) {
															__eflags = _t416 - 0x42d608;
															if(_t416 >= 0x42d608) {
																__eflags = _t416 - 0x42d668;
																if(_t416 < 0x42d668) {
																	_t438 = 7;
																}
															} else {
																_t438 = 9;
															}
														}
														goto L20;
													} else {
														E00406FC4(0x42d208, 0x120, 0x101, 0x408414, 0x408454, 0x42d204, 0x40a40c, 0x42db08, _t448 - 8);
														_push(0x1e);
														_pop(_t440);
														_push(5);
														_pop(_t419);
														memset(0x42d208, _t419, _t440 << 2);
														_t450 = _t450 + 0xc;
														_t442 = 0x42d208 + _t440;
														E00406FC4(0x42d208, 0x1e, 0, 0x408494, 0x4084d0, 0x42d200, 0x40a410, 0x42db08, _t448 - 8);
														 *0x42e388 =  *0x42e388 + 1;
														__eflags =  *0x42e388;
														goto L22;
													}
												}
											}
											L7:
											_t423 = _t411 - 1;
											if(_t423 == 0) {
												 *_t446 = 0xb;
												goto L180;
											}
											L8:
											if(_t423 != 1) {
												goto L180;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x20;
												if(__ebx >= 0x20) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L182;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E00405B64( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L180;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L182;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x40a3e8 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L182;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x40a3e8 + __eax * 2) & 0x0000ffff =  *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E00406FC4( &(__esi[3]), __edi, 0x101, 0x408414, 0x408454, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E00406FC4(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x408494, 0x4084d0, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L175:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L183:
												__edi = 0;
												goto L10;
											} else {
												L179:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L184:
													0 = 1;
													goto L10;
												}
												goto L180;
											}
									}
								}
								L181:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L182:
				_t443 = 0;
				_t446[0x147] =  *(_t448 - 0x40);
				_t446[0x146] = _t425;
				( *(_t448 + 8))[1] = 0;
				goto L11;
			}









                                                            0x004067ed
                                                            0x004067ed
                                                            0x004067ed
                                                            0x004067ed
                                                            0x004067ed
                                                            0x004067f1
                                                            0x00000000
                                                            0x00000000
                                                            0x004067f7
                                                            0x004067f7
                                                            0x004067fa
                                                            0x004067fd
                                                            0x00406802
                                                            0x00406804
                                                            0x00406807
                                                            0x0040680a
                                                            0x0040680d
                                                            0x0040680d
                                                            0x00406810
                                                            0x00000000
                                                            0x00000000
                                                            0x00406812
                                                            0x00406812
                                                            0x00406815
                                                            0x0040681a
                                                            0x0040681c
                                                            0x0040681f
                                                            0x00406825
                                                            0x00406584
                                                            0x00406584
                                                            0x00406587
                                                            0x0040658d
                                                            0x00406593
                                                            0x0040659c
                                                            0x004065a2
                                                            0x004065a5
                                                            0x004065ac
                                                            0x004065b1
                                                            0x004065b7
                                                            0x004065c2
                                                            0x004065c2
                                                            0x0040682b
                                                            0x0040682b
                                                            0x00406835
                                                            0x00000000
                                                            0x00000000
                                                            0x0040683b
                                                            0x0040683b
                                                            0x0040683f
                                                            0x00406842
                                                            0x00406842
                                                            0x00406846
                                                            0x0040684c
                                                            0x0040684c
                                                            0x0040684f
                                                            0x00406852
                                                            0x00406858
                                                            0x00000000
                                                            0x00000000
                                                            0x0040685a
                                                            0x0040687c
                                                            0x0040687c
                                                            0x0040687f
                                                            0x00000000
                                                            0x00000000
                                                            0x0040685c
                                                            0x00406860
                                                            0x00000000
                                                            0x00000000
                                                            0x00406866
                                                            0x00406866
                                                            0x00406869
                                                            0x0040686c
                                                            0x00406871
                                                            0x00406873
                                                            0x00406876
                                                            0x00406879
                                                            0x00406879
                                                            0x00406881
                                                            0x00406881
                                                            0x00406887
                                                            0x0040688a
                                                            0x0040688d
                                                            0x0040688d
                                                            0x00406894
                                                            0x00406898
                                                            0x0040689c
                                                            0x0040689f
                                                            0x004068a2
                                                            0x004068a8
                                                            0x004068ad
                                                            0x00000000
                                                            0x00000000
                                                            0x004068af
                                                            0x004068c3
                                                            0x004068c3
                                                            0x004068c7
                                                            0x00000000
                                                            0x00000000
                                                            0x004068b1
                                                            0x004068b4
                                                            0x004068b4
                                                            0x004068bb
                                                            0x004068c0
                                                            0x004068c0
                                                            0x004068c0
                                                            0x004068c9
                                                            0x004068c9
                                                            0x004068cc
                                                            0x004068da
                                                            0x004068e0
                                                            0x004068e5
                                                            0x004068eb
                                                            0x004068f1
                                                            0x004068f7
                                                            0x004068fe
                                                            0x00406912
                                                            0x00406912
                                                            0x00406ee1
                                                            0x00406ee1
                                                            0x00406ee1
                                                            0x00406ee6
                                                            0x00000000
                                                            0x00000000
                                                            0x0040651e
                                                            0x0040651e
                                                            0x00000000
                                                            0x00406b19
                                                            0x00406b19
                                                            0x00406b1d
                                                            0x00406b20
                                                            0x00406b23
                                                            0x00406b26
                                                            0x00000000
                                                            0x00000000
                                                            0x00406b2c
                                                            0x00406b2c
                                                            0x00406b51
                                                            0x00406b51
                                                            0x00406b51
                                                            0x00406b53
                                                            0x00000000
                                                            0x00000000
                                                            0x00406b31
                                                            0x00406b31
                                                            0x00406b35
                                                            0x00000000
                                                            0x00000000
                                                            0x00406b3b
                                                            0x00406b3b
                                                            0x00406b3e
                                                            0x00406b41
                                                            0x00406b44
                                                            0x00406b46
                                                            0x00406b48
                                                            0x00406b4b
                                                            0x00406b4e
                                                            0x00406b4e
                                                            0x00406b4e
                                                            0x00406b55
                                                            0x00406b55
                                                            0x00406b5d
                                                            0x00406b60
                                                            0x00406b63
                                                            0x00406b66
                                                            0x00406b6a
                                                            0x00406b6d
                                                            0x00406b6f
                                                            0x00406b72
                                                            0x00406b74
                                                            0x00406b88
                                                            0x00406b88
                                                            0x00406b8b
                                                            0x00406ba5
                                                            0x00406ba5
                                                            0x00406ba8
                                                            0x00000000
                                                            0x00000000
                                                            0x00406bae
                                                            0x00406bae
                                                            0x00406bb1
                                                            0x00000000
                                                            0x00000000
                                                            0x00406bb7
                                                            0x00406bb7
                                                            0x00000000
                                                            0x00406bb7
                                                            0x00406b8d
                                                            0x00406b90
                                                            0x00406b97
                                                            0x00406b9a
                                                            0x00000000
                                                            0x00406b9a
                                                            0x00406b76
                                                            0x00406b7a
                                                            0x00406b7d
                                                            0x00000000
                                                            0x00000000
                                                            0x00406bc2
                                                            0x00406bc2
                                                            0x00406be7
                                                            0x00406be7
                                                            0x00406be7
                                                            0x00406be9
                                                            0x00000000
                                                            0x00000000
                                                            0x00406bc7
                                                            0x00406bc7
                                                            0x00406bcb
                                                            0x00000000
                                                            0x00000000
                                                            0x00406bd1
                                                            0x00406bd1
                                                            0x00406bd4
                                                            0x00406bd7
                                                            0x00406bda
                                                            0x00406bdc
                                                            0x00406bde
                                                            0x00406be1
                                                            0x00406be4
                                                            0x00406be4
                                                            0x00406be4
                                                            0x00406beb
                                                            0x00406bf3
                                                            0x00406bf6
                                                            0x00406bf9
                                                            0x00406bfb
                                                            0x00406bfe
                                                            0x00406bfe
                                                            0x00406c00
                                                            0x00406c04
                                                            0x00406c07
                                                            0x00406c0a
                                                            0x00406c0d
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c13
                                                            0x00406c13
                                                            0x00406c38
                                                            0x00406c38
                                                            0x00406c38
                                                            0x00406c3a
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c18
                                                            0x00406c18
                                                            0x00406c1c
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c22
                                                            0x00406c22
                                                            0x00406c25
                                                            0x00406c28
                                                            0x00406c2b
                                                            0x00406c2d
                                                            0x00406c2f
                                                            0x00406c32
                                                            0x00406c35
                                                            0x00406c35
                                                            0x00406c35
                                                            0x00406c3c
                                                            0x00406c3c
                                                            0x00406c44
                                                            0x00406c47
                                                            0x00406c4a
                                                            0x00406c4d
                                                            0x00406c51
                                                            0x00406c54
                                                            0x00406c56
                                                            0x00406c59
                                                            0x00406c5c
                                                            0x00406c76
                                                            0x00406c76
                                                            0x00406c79
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c7f
                                                            0x00406c7f
                                                            0x00406c82
                                                            0x00406c89
                                                            0x00000000
                                                            0x00406c89
                                                            0x00406c5e
                                                            0x00406c61
                                                            0x00406c68
                                                            0x00406c6b
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c91
                                                            0x00406c91
                                                            0x00406cb6
                                                            0x00406cb6
                                                            0x00406cb6
                                                            0x00406cb8
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c96
                                                            0x00406c96
                                                            0x00406c9a
                                                            0x00000000
                                                            0x00000000
                                                            0x00406ca0
                                                            0x00406ca0
                                                            0x00406ca3
                                                            0x00406ca6
                                                            0x00406ca9
                                                            0x00406cab
                                                            0x00406cad
                                                            0x00406cb0
                                                            0x00406cb3
                                                            0x00406cb3
                                                            0x00406cb3
                                                            0x00406cba
                                                            0x00406cc2
                                                            0x00406cc5
                                                            0x00406cc8
                                                            0x00406cca
                                                            0x00406ccd
                                                            0x00406ccd
                                                            0x00406ccf
                                                            0x00000000
                                                            0x00000000
                                                            0x00406cd5
                                                            0x00406cd5
                                                            0x00406cd8
                                                            0x00406cdd
                                                            0x00406cdf
                                                            0x00406ce5
                                                            0x00406ce7
                                                            0x00406cfc
                                                            0x00406cfe
                                                            0x00406cfe
                                                            0x00406ce9
                                                            0x00406cef
                                                            0x00406cf1
                                                            0x00406cf3
                                                            0x00406cf3
                                                            0x00406d00
                                                            0x00406d04
                                                            0x00406d07
                                                            0x00406d0d
                                                            0x00406d0d
                                                            0x00406d10
                                                            0x00406d10
                                                            0x00406d10
                                                            0x00406d12
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d18
                                                            0x00406d18
                                                            0x00406d1e
                                                            0x00406d20
                                                            0x00406d45
                                                            0x00406d48
                                                            0x00406d4e
                                                            0x00406d53
                                                            0x00406d59
                                                            0x00406d5f
                                                            0x00406d61
                                                            0x00406d64
                                                            0x00406d6d
                                                            0x00406d73
                                                            0x00406d73
                                                            0x00406d66
                                                            0x00406d68
                                                            0x00406d6a
                                                            0x00406d6a
                                                            0x00406d75
                                                            0x00406d7b
                                                            0x00406d7d
                                                            0x00406d80
                                                            0x00406d82
                                                            0x00406d88
                                                            0x00406d8a
                                                            0x00406d8c
                                                            0x00406d8e
                                                            0x00406d90
                                                            0x00406d93
                                                            0x00406d9c
                                                            0x00406d9f
                                                            0x00406d9f
                                                            0x00406d95
                                                            0x00406d95
                                                            0x00406d98
                                                            0x00406d98
                                                            0x00406d93
                                                            0x00406d8a
                                                            0x00406da1
                                                            0x00406da3
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406da3
                                                            0x00406d22
                                                            0x00406d22
                                                            0x00406d28
                                                            0x00406d2e
                                                            0x00406d30
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d32
                                                            0x00406d32
                                                            0x00406d34
                                                            0x00406d36
                                                            0x00406d3f
                                                            0x00406d3f
                                                            0x00406d38
                                                            0x00406d38
                                                            0x00406d3b
                                                            0x00406d3b
                                                            0x00406d41
                                                            0x00406d43
                                                            0x00000000
                                                            0x00000000
                                                            0x00406da9
                                                            0x00406da9
                                                            0x00406dae
                                                            0x00406db0
                                                            0x00406db1
                                                            0x00406db2
                                                            0x00406db3
                                                            0x00406db9
                                                            0x00406dbc
                                                            0x00406dbf
                                                            0x00406dc2
                                                            0x00406dc4
                                                            0x00406dca
                                                            0x00406dca
                                                            0x00406dcd
                                                            0x00406dcd
                                                            0x00406dcd
                                                            0x00406dcd
                                                            0x00406dd6
                                                            0x00000000
                                                            0x00000000
                                                            0x00406ddb
                                                            0x00406ddb
                                                            0x00406dde
                                                            0x00406de1
                                                            0x00406de3
                                                            0x00406e7a
                                                            0x00406e7a
                                                            0x00406e7d
                                                            0x00406e7f
                                                            0x00406e80
                                                            0x00406e81
                                                            0x00406e84
                                                            0x00000000
                                                            0x00406e84
                                                            0x00406de9
                                                            0x00406de9
                                                            0x00406def
                                                            0x00406df1
                                                            0x00406e16
                                                            0x00406e19
                                                            0x00406e1f
                                                            0x00406e24
                                                            0x00406e2a
                                                            0x00406e30
                                                            0x00406e32
                                                            0x00406e35
                                                            0x00406e3e
                                                            0x00406e44
                                                            0x00406e44
                                                            0x00406e37
                                                            0x00406e39
                                                            0x00406e3b
                                                            0x00406e3b
                                                            0x00406e46
                                                            0x00406e4c
                                                            0x00406e4e
                                                            0x00406e51
                                                            0x00406e53
                                                            0x00406e59
                                                            0x00406e5b
                                                            0x00406e5d
                                                            0x00406e5f
                                                            0x00406e61
                                                            0x00406e64
                                                            0x00406e6d
                                                            0x00406e70
                                                            0x00406e70
                                                            0x00406e66
                                                            0x00406e66
                                                            0x00406e69
                                                            0x00406e69
                                                            0x00406e64
                                                            0x00406e5b
                                                            0x00406e72
                                                            0x00406e74
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406e74
                                                            0x00406df3
                                                            0x00406df3
                                                            0x00406df9
                                                            0x00406dff
                                                            0x00406e01
                                                            0x00000000
                                                            0x00000000
                                                            0x00406e03
                                                            0x00406e03
                                                            0x00406e05
                                                            0x00406e07
                                                            0x00406e0e
                                                            0x00406e0e
                                                            0x00406e10
                                                            0x00406e09
                                                            0x00406e09
                                                            0x00406e0b
                                                            0x00406e0b
                                                            0x00406e12
                                                            0x00406e14
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406e8c
                                                            0x00406e8c
                                                            0x00406e8f
                                                            0x00406e91
                                                            0x00406e94
                                                            0x00406e97
                                                            0x00406e97
                                                            0x00406e97
                                                            0x00406e97
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406545
                                                            0x00406529
                                                            0x00000000
                                                            0x0040652f
                                                            0x00406532
                                                            0x0040653c
                                                            0x0040653f
                                                            0x00406542
                                                            0x00000000
                                                            0x00406542
                                                            0x00406529
                                                            0x0040654d
                                                            0x00406550
                                                            0x00406554
                                                            0x0040655e
                                                            0x00406568
                                                            0x0040656b
                                                            0x00406571
                                                            0x004066a5
                                                            0x004066a7
                                                            0x004066ad
                                                            0x004066b0
                                                            0x004066b3
                                                            0x00000000
                                                            0x004066b3
                                                            0x00406577
                                                            0x00406577
                                                            0x00406578
                                                            0x004065d0
                                                            0x004065d0
                                                            0x004065d7
                                                            0x0040667d
                                                            0x0040667d
                                                            0x00406682
                                                            0x00406685
                                                            0x0040668a
                                                            0x0040668d
                                                            0x00406692
                                                            0x00406695
                                                            0x0040669a
                                                            0x0040669d
                                                            0x0040669d
                                                            0x00000000
                                                            0x004065dd
                                                            0x004065dd
                                                            0x004065dd
                                                            0x004065dd
                                                            0x004065e1
                                                            0x004065e1
                                                            0x00406603
                                                            0x00406606
                                                            0x00406608
                                                            0x0040660b
                                                            0x00406610
                                                            0x004065e6
                                                            0x004065e6
                                                            0x004065eb
                                                            0x004065ed
                                                            0x004065ef
                                                            0x004065f4
                                                            0x004065fa
                                                            0x004065ff
                                                            0x00406601
                                                            0x00406601
                                                            0x004065f6
                                                            0x004065f6
                                                            0x004065f6
                                                            0x004065f4
                                                            0x00000000
                                                            0x00406612
                                                            0x0040663f
                                                            0x00406644
                                                            0x00406646
                                                            0x00406647
                                                            0x00406649
                                                            0x0040664a
                                                            0x0040664a
                                                            0x0040664a
                                                            0x00406672
                                                            0x00406677
                                                            0x00406677
                                                            0x00000000
                                                            0x00406677
                                                            0x00406610
                                                            0x004065d7
                                                            0x0040657a
                                                            0x0040657a
                                                            0x0040657b
                                                            0x004065c5
                                                            0x00000000
                                                            0x004065c5
                                                            0x0040657d
                                                            0x0040657e
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004066da
                                                            0x004066da
                                                            0x004066da
                                                            0x004066dd
                                                            0x00000000
                                                            0x00000000
                                                            0x004066ba
                                                            0x004066ba
                                                            0x004066be
                                                            0x00000000
                                                            0x00000000
                                                            0x004066c4
                                                            0x004066c4
                                                            0x004066c7
                                                            0x004066ca
                                                            0x004066cf
                                                            0x004066d1
                                                            0x004066d4
                                                            0x004066d7
                                                            0x004066d7
                                                            0x004066d7
                                                            0x004066df
                                                            0x004066df
                                                            0x004066e2
                                                            0x004066e4
                                                            0x004066e9
                                                            0x004066ec
                                                            0x004066ee
                                                            0x004066f1
                                                            0x00000000
                                                            0x00000000
                                                            0x004066f7
                                                            0x004066f7
                                                            0x004066f9
                                                            0x00000000
                                                            0x00000000
                                                            0x004066ff
                                                            0x004066ff
                                                            0x00406703
                                                            0x00000000
                                                            0x00000000
                                                            0x00406709
                                                            0x00406709
                                                            0x0040670c
                                                            0x0040670e
                                                            0x004067ac
                                                            0x004067ac
                                                            0x004067af
                                                            0x004067b1
                                                            0x004067b1
                                                            0x004067b4
                                                            0x004067b7
                                                            0x004067b9
                                                            0x004067bb
                                                            0x004067bd
                                                            0x004067bd
                                                            0x004067c6
                                                            0x004067cb
                                                            0x004067ce
                                                            0x004067d1
                                                            0x004067d4
                                                            0x004067d7
                                                            0x004067d7
                                                            0x004067d7
                                                            0x004067da
                                                            0x004067e0
                                                            0x004067e0
                                                            0x004067e6
                                                            0x004067e6
                                                            0x004067e6
                                                            0x00000000
                                                            0x004067da
                                                            0x00406714
                                                            0x00406714
                                                            0x0040671a
                                                            0x0040671d
                                                            0x0040671f
                                                            0x0040674a
                                                            0x0040674d
                                                            0x00406753
                                                            0x00406758
                                                            0x0040675e
                                                            0x00406764
                                                            0x00406766
                                                            0x00406769
                                                            0x00406772
                                                            0x00406778
                                                            0x00406778
                                                            0x0040676b
                                                            0x0040676d
                                                            0x0040676f
                                                            0x0040676f
                                                            0x0040677a
                                                            0x00406780
                                                            0x00406783
                                                            0x00406785
                                                            0x00406787
                                                            0x0040678d
                                                            0x0040678f
                                                            0x00406791
                                                            0x00406794
                                                            0x0040679d
                                                            0x0040679d
                                                            0x0040679f
                                                            0x00406796
                                                            0x00406796
                                                            0x00406799
                                                            0x00406799
                                                            0x004067a1
                                                            0x004067a1
                                                            0x0040678f
                                                            0x004067a4
                                                            0x004067a6
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004067a6
                                                            0x00406721
                                                            0x00406721
                                                            0x00406727
                                                            0x0040672d
                                                            0x0040672f
                                                            0x00000000
                                                            0x00000000
                                                            0x00406731
                                                            0x00406731
                                                            0x00406733
                                                            0x00406735
                                                            0x00406738
                                                            0x0040673f
                                                            0x0040673f
                                                            0x00406741
                                                            0x0040673a
                                                            0x0040673a
                                                            0x0040673c
                                                            0x0040673c
                                                            0x00406743
                                                            0x00406745
                                                            0x00406748
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040684c
                                                            0x0040684f
                                                            0x00406852
                                                            0x00406858
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406a2f
                                                            0x00406a2f
                                                            0x00406a2f
                                                            0x00406a32
                                                            0x00406a35
                                                            0x00406a37
                                                            0x00406a3a
                                                            0x00406a40
                                                            0x00406a47
                                                            0x00406a49
                                                            0x00000000
                                                            0x00000000
                                                            0x0040691d
                                                            0x0040691d
                                                            0x00406945
                                                            0x00406945
                                                            0x00406945
                                                            0x00406947
                                                            0x00000000
                                                            0x00000000
                                                            0x00406925
                                                            0x00406925
                                                            0x00406929
                                                            0x00000000
                                                            0x00000000
                                                            0x0040692f
                                                            0x0040692f
                                                            0x00406932
                                                            0x00406935
                                                            0x00406938
                                                            0x0040693a
                                                            0x0040693c
                                                            0x0040693f
                                                            0x00406942
                                                            0x00406942
                                                            0x00406942
                                                            0x00406949
                                                            0x00406949
                                                            0x00406951
                                                            0x00406954
                                                            0x0040695a
                                                            0x0040695d
                                                            0x00406961
                                                            0x00406965
                                                            0x00406968
                                                            0x0040696b
                                                            0x00406983
                                                            0x00406983
                                                            0x00406986
                                                            0x00406994
                                                            0x00406997
                                                            0x00406988
                                                            0x00406988
                                                            0x0040698a
                                                            0x00406991
                                                            0x00406991
                                                            0x004069c0
                                                            0x004069c0
                                                            0x004069c0
                                                            0x004069c3
                                                            0x004069c5
                                                            0x00000000
                                                            0x00000000
                                                            0x004069a0
                                                            0x004069a0
                                                            0x004069a4
                                                            0x00000000
                                                            0x00000000
                                                            0x004069aa
                                                            0x004069aa
                                                            0x004069ad
                                                            0x004069b0
                                                            0x004069b3
                                                            0x004069b5
                                                            0x004069b7
                                                            0x004069ba
                                                            0x004069bd
                                                            0x004069bd
                                                            0x004069bd
                                                            0x004069c7
                                                            0x004069c7
                                                            0x004069c9
                                                            0x004069cb
                                                            0x004069d6
                                                            0x004069d9
                                                            0x004069dc
                                                            0x004069de
                                                            0x004069e0
                                                            0x004069e2
                                                            0x004069e5
                                                            0x004069e8
                                                            0x004069ed
                                                            0x004069f0
                                                            0x004069f3
                                                            0x004069f6
                                                            0x004069fd
                                                            0x00406a00
                                                            0x00406a02
                                                            0x00000000
                                                            0x00000000
                                                            0x00406a08
                                                            0x00406a08
                                                            0x00406a0c
                                                            0x00406a1d
                                                            0x00406a1d
                                                            0x00406a1d
                                                            0x00406a1f
                                                            0x00406a1f
                                                            0x00406a23
                                                            0x00406a23
                                                            0x00406a23
                                                            0x00406a25
                                                            0x00406a26
                                                            0x00406a29
                                                            0x00406a29
                                                            0x00406a29
                                                            0x00406a2c
                                                            0x00000000
                                                            0x00406a2c
                                                            0x00406a0e
                                                            0x00406a0e
                                                            0x00406a11
                                                            0x00000000
                                                            0x00000000
                                                            0x00406a17
                                                            0x00406a17
                                                            0x00000000
                                                            0x00406a17
                                                            0x0040696d
                                                            0x0040696d
                                                            0x0040696f
                                                            0x00406971
                                                            0x00406974
                                                            0x00406977
                                                            0x0040697b
                                                            0x0040697b
                                                            0x00406a4f
                                                            0x00406a4f
                                                            0x00406a52
                                                            0x00406a59
                                                            0x00406a5d
                                                            0x00406a5f
                                                            0x00406a62
                                                            0x00406a65
                                                            0x00406a6a
                                                            0x00406a6d
                                                            0x00406a6f
                                                            0x00406a70
                                                            0x00406a73
                                                            0x00406a7e
                                                            0x00406a81
                                                            0x00406a98
                                                            0x00406a9d
                                                            0x00406aa4
                                                            0x00406aa9
                                                            0x00406aad
                                                            0x00406aaf
                                                            0x00406aaf
                                                            0x00406aaf
                                                            0x00406ab2
                                                            0x00406ab4
                                                            0x00000000
                                                            0x00406aba
                                                            0x00406aba
                                                            0x00406abe
                                                            0x00406ac9
                                                            0x00406adc
                                                            0x00406ae1
                                                            0x00406ae6
                                                            0x00406ae8
                                                            0x00000000
                                                            0x00000000
                                                            0x00406aee
                                                            0x00406aee
                                                            0x00406af1
                                                            0x00406af3
                                                            0x00406b01
                                                            0x00406b01
                                                            0x00406b04
                                                            0x00406b04
                                                            0x00406b07
                                                            0x00406b0a
                                                            0x00406b0d
                                                            0x00406b10
                                                            0x00406b13
                                                            0x00406b16
                                                            0x00000000
                                                            0x00406b16
                                                            0x00406af5
                                                            0x00406af5
                                                            0x00406afb
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406afb
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406e9a
                                                            0x00406e9a
                                                            0x00406ea0
                                                            0x00406ea6
                                                            0x00406eab
                                                            0x00406eb1
                                                            0x00406eb7
                                                            0x00406eb9
                                                            0x00406ebc
                                                            0x00406ec5
                                                            0x00406ecb
                                                            0x00406ecb
                                                            0x00406ebe
                                                            0x00406ec0
                                                            0x00406ec2
                                                            0x00406ec2
                                                            0x00406ecd
                                                            0x00406ecf
                                                            0x00406ed2
                                                            0x00406f0d
                                                            0x00406f0d
                                                            0x00000000
                                                            0x00406ed4
                                                            0x00406ed4
                                                            0x00406ed4
                                                            0x00406eda
                                                            0x00406edd
                                                            0x00406edf
                                                            0x00406f14
                                                            0x00406f16
                                                            0x00000000
                                                            0x00406f16
                                                            0x00000000
                                                            0x00406edf
                                                            0x00000000
                                                            0x0040651e
                                                            0x00406eec
                                                            0x00000000
                                                            0x00406eec
                                                            0x00406900
                                                            0x00406902
                                                            0x00000000
                                                            0x00000000
                                                            0x00406904
                                                            0x00406904
                                                            0x00406907
                                                            0x00000000
                                                            0x00406907
                                                            0x0040684c
                                                            0x0040680d
                                                            0x00406ef1
                                                            0x00406ef4
                                                            0x00406ef6
                                                            0x00406eff
                                                            0x00406f05
                                                            0x00000000

                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 82a44bc8fd526afdff965e1cd5e7f2d0a246497ca5c27b0c944ad4ba04d420dd
                                                            • Instruction ID: dc39b55080118b2a9f2c57fc2b953182458e36931565741e2945480d6a34e330
                                                            • Opcode Fuzzy Hash: 82a44bc8fd526afdff965e1cd5e7f2d0a246497ca5c27b0c944ad4ba04d420dd
                                                            • Instruction Fuzzy Hash: D2E19A7190070ADFDB24CF58D890BAAB7F1EB44305F15842EE897A76C1D738AA95CF44
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00406FC4 Relevance: .3, Instructions: 300COMMONCrypto
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00406FC4(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x42d688 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x42d688;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t283 = _t282 - 1;
								_t200 = _a28 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									if(_t296 > _a28) {
										_t296 = _a28;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_a5 = _a28;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t225 = _t224 + _a28;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t284 = _v36;
								_a5 = _v8 - _t186;
								if(_t284 < 0x42d688 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t283 = _t282 - 1;
										_t200 = _a28 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}











































































                                                            0x00406fcf
                                                            0x00406fd7
                                                            0x00406fdb
                                                            0x00406fdd
                                                            0x00406fe0
                                                            0x00406fe2
                                                            0x00406fe2
                                                            0x00406fe4
                                                            0x00406feb
                                                            0x00406fed
                                                            0x00406fed
                                                            0x00406ff3
                                                            0x00407008
                                                            0x00407010
                                                            0x00407012
                                                            0x00407014
                                                            0x00407017
                                                            0x00407018
                                                            0x00407018
                                                            0x0040701e
                                                            0x00000000
                                                            0x00000000
                                                            0x00407020
                                                            0x00407023
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00407023
                                                            0x00407027
                                                            0x0040702a
                                                            0x0040702c
                                                            0x0040702c
                                                            0x0040702f
                                                            0x00407035
                                                            0x00407036
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00407036
                                                            0x0040703b
                                                            0x0040703e
                                                            0x00407040
                                                            0x00407040
                                                            0x00407046
                                                            0x00407048
                                                            0x00407059
                                                            0x0040704c
                                                            0x00407050
                                                            0x004072f5
                                                            0x00000000
                                                            0x004072f5
                                                            0x00407056
                                                            0x00407057
                                                            0x00407057
                                                            0x0040705f
                                                            0x00407062
                                                            0x00407066
                                                            0x00407068
                                                            0x0040706a
                                                            0x0040706d
                                                            0x00000000
                                                            0x00000000
                                                            0x00407075
                                                            0x0040707b
                                                            0x0040707d
                                                            0x0040707f
                                                            0x00407080
                                                            0x00407095
                                                            0x00407095
                                                            0x00407098
                                                            0x0040709a
                                                            0x0040709a
                                                            0x0040709c
                                                            0x004070a1
                                                            0x004070a3
                                                            0x004070aa
                                                            0x004070ac
                                                            0x004070b4
                                                            0x004070b4
                                                            0x004070b6
                                                            0x004070b7
                                                            0x004070c6
                                                            0x004070ca
                                                            0x004070ce
                                                            0x004070d1
                                                            0x004070d4
                                                            0x004070d9
                                                            0x004070dc
                                                            0x004070e2
                                                            0x004070e9
                                                            0x004070ef
                                                            0x004072e8
                                                            0x004072e8
                                                            0x004072ed
                                                            0x004072fc
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004072ed
                                                            0x004070fc
                                                            0x004070ff
                                                            0x00407102
                                                            0x00407105
                                                            0x00407109
                                                            0x00000000
                                                            0x00000000
                                                            0x00407114
                                                            0x00407117
                                                            0x00407118
                                                            0x0040711a
                                                            0x00407120
                                                            0x00407123
                                                            0x00000000
                                                            0x00000000
                                                            0x00407129
                                                            0x0040712a
                                                            0x0040712d
                                                            0x00407130
                                                            0x00407133
                                                            0x00407139
                                                            0x0040713b
                                                            0x0040713b
                                                            0x00407143
                                                            0x00407147
                                                            0x0040714c
                                                            0x00407171
                                                            0x00407177
                                                            0x00407179
                                                            0x0040717b
                                                            0x0040717e
                                                            0x00407187
                                                            0x00000000
                                                            0x00000000
                                                            0x0040714e
                                                            0x0040714e
                                                            0x00407157
                                                            0x0040715b
                                                            0x00000000
                                                            0x00000000
                                                            0x0040716c
                                                            0x0040716c
                                                            0x0040716f
                                                            0x00000000
                                                            0x00000000
                                                            0x0040715f
                                                            0x00407162
                                                            0x00407164
                                                            0x00407168
                                                            0x00000000
                                                            0x00000000
                                                            0x0040716a
                                                            0x0040716a
                                                            0x00000000
                                                            0x0040716c
                                                            0x00407190
                                                            0x00407196
                                                            0x004071a0
                                                            0x004071a2
                                                            0x004071a7
                                                            0x004071a9
                                                            0x004071df
                                                            0x004071ab
                                                            0x004071ab
                                                            0x004071ae
                                                            0x004071b1
                                                            0x004071bb
                                                            0x004071be
                                                            0x004071c5
                                                            0x004071d0
                                                            0x004071d7
                                                            0x004071d7
                                                            0x004071e1
                                                            0x004071e4
                                                            0x004071e6
                                                            0x004071ec
                                                            0x004071ec
                                                            0x004071f5
                                                            0x004071f8
                                                            0x004071fd
                                                            0x0040720c
                                                            0x00407214
                                                            0x00407219
                                                            0x0040723d
                                                            0x00407245
                                                            0x00407249
                                                            0x0040724f
                                                            0x0040721b
                                                            0x00407229
                                                            0x0040722c
                                                            0x00407232
                                                            0x00407232
                                                            0x00407253
                                                            0x0040720e
                                                            0x0040720e
                                                            0x0040720e
                                                            0x00407264
                                                            0x00407268
                                                            0x00407274
                                                            0x0040726f
                                                            0x00407272
                                                            0x00407272
                                                            0x0040727c
                                                            0x00407281
                                                            0x00407289
                                                            0x00407285
                                                            0x00407287
                                                            0x00407287
                                                            0x0040728f
                                                            0x00407291
                                                            0x00407298
                                                            0x004072a2
                                                            0x004072ac
                                                            0x004072c8
                                                            0x004072cc
                                                            0x00407111
                                                            0x00407117
                                                            0x00407118
                                                            0x0040711a
                                                            0x00407120
                                                            0x00407123
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00407123
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004072ae
                                                            0x004072ae
                                                            0x004072ae
                                                            0x004072b3
                                                            0x004072bc
                                                            0x004072c5
                                                            0x00000000
                                                            0x004072c5
                                                            0x004072d2
                                                            0x004072d2
                                                            0x004072d5
                                                            0x004072dc
                                                            0x004072df
                                                            0x00000000
                                                            0x00407102
                                                            0x00407082
                                                            0x00407084
                                                            0x00407084
                                                            0x00407088
                                                            0x0040708b
                                                            0x0040708c
                                                            0x0040708c
                                                            0x00000000
                                                            0x00407084
                                                            0x00406ff8
                                                            0x00406ffe
                                                            0x00000000

                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fca4b55698b2abcc8e5cbf272b741b12ffb4e3b740e9774b5bdfc5da95159218
                                                            • Instruction ID: 2f0950e66cb79552dca6b2fc49cb98149526550dbc918883d7c1b9af38c738a1
                                                            • Opcode Fuzzy Hash: fca4b55698b2abcc8e5cbf272b741b12ffb4e3b740e9774b5bdfc5da95159218
                                                            • Instruction Fuzzy Hash: 42C13831E042598BCF18CF68D4905EEB7B2BF99314F25827ED8567B380D734A942CB95
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00404AA3 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 96%
                                                            			E00404AA3(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t203;
				void* _t205;
				intOrPtr _t206;
				intOrPtr _t208;
				long _t212;
				signed int _t216;
				signed int _t227;
				void* _t230;
				void* _t231;
				int _t237;
				long _t242;
				long _t243;
				signed int _t244;
				signed int _t250;
				signed int _t252;
				signed char _t253;
				signed char _t259;
				void* _t264;
				void* _t266;
				signed char* _t284;
				signed char _t285;
				long _t287;
				long _t290;
				void* _t291;
				signed int _t300;
				signed int _t308;
				void* _t309;
				void* _t310;
				signed char* _t316;
				int _t320;
				int _t321;
				signed int* _t322;
				int _t323;
				long _t324;
				signed int _t325;
				long _t327;
				int _t328;
				signed int _t329;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_v8 = GetDlgItem(_a4, 0x408);
				_t331 = SendMessageA;
				_v24 =  *0x42f448;
				_v28 =  *0x42f414 + 0x94;
				_t320 = 0x10;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t298 = _a16;
					} else {
						_a12 = 0;
						_t298 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t298;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t298 + 4)) == 0x408) {
							if(( *0x42f41d & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t242 = _v16;
									if( *((intOrPtr*)(_t242 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, 0,  *(_t242 + 0x5c));
									}
									_t243 = _v16;
									if( *((intOrPtr*)(_t243 + 8)) == 0xfffffe6a) {
										_t298 = _v24;
										_t244 =  *(_t243 + 0x5c);
										if( *((intOrPtr*)(_t243 + 0xc)) != 2) {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) & 0xffffffdf;
										} else {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t298 = 0 | _a8 != 0x00000413;
								_t250 = E004049F1(_v8, _a8 != 0x413);
								_t325 = _t250;
								if(_t325 >= 0) {
									_t99 = _v24 + 8; // 0x8
									_t298 = _t250 * 0x418 + _t99;
									_t252 =  *_t298;
									if((_t252 & 0x00000010) == 0) {
										if((_t252 & 0x00000040) == 0) {
											_t253 = _t252 ^ 0x00000001;
										} else {
											_t259 = _t252 ^ 0x00000080;
											if(_t259 >= 0) {
												_t253 = _t259 & 0x000000fe;
											} else {
												_t253 = _t259 | 0x00000001;
											}
										}
										 *_t298 = _t253;
										E0040117D(_t325);
										_a12 = _t325 + 1;
										_a16 =  !( *0x42f41c) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t298 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t230 =  *0x42a854; // 0x0
								if(_t230 != 0) {
									ImageList_Destroy(_t230);
								}
								_t231 =  *0x42a868; // 0x0
								if(_t231 != 0) {
									GlobalFree(_t231);
								}
								 *0x42a854 = 0;
								 *0x42a868 = 0;
								 *0x42f480 = 0;
							}
							if(_a8 != 0x40f) {
								L88:
								if(_a8 == 0x420 && ( *0x42f41d & 0x00000001) != 0) {
									_t321 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t321);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t321);
								}
								goto L91;
							} else {
								E004011EF(_t298, 0, 0);
								_t203 = _a12;
								if(_t203 != 0) {
									if(_t203 != 0xffffffff) {
										_t203 = _t203 - 1;
									}
									_push(_t203);
									_push(8);
									E00404A71();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t298, 0, 0);
									_t205 =  *0x42a868; // 0x0
									_v36 = _t205;
									_t206 =  *0x42f448;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42f44c <= 0) {
										L86:
										InvalidateRect(_v8, 0, 1);
										_t208 =  *0x42ebdc; // 0x5d4598
										if( *((intOrPtr*)(_t208 + 0x10)) != 0) {
											E004049AC(0x3ff, 0xfffffffb, E004049C4(5));
										}
										goto L88;
									}
									_t322 = _t206 + 8;
									do {
										_t212 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t212 != 0) {
											_t300 =  *_t322;
											_v72 = _t212;
											_v76 = 8;
											if((_t300 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t322[4]);
												_t322[0] = _t322[0] & 0x000000fe;
											}
											if((_t300 & 0x00000040) == 0) {
												_t216 = (_t300 & 0x00000001) + 1;
												if((_t300 & 0x00000010) != 0) {
													_t216 = _t216 + 3;
												}
											} else {
												_t216 = 3;
											}
											_v68 = (_t216 << 0x0000000b | _t300 & 0x00000008) + (_t216 << 0x0000000b | _t300 & 0x00000008) | _t300 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t300 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageA(_v8, 0x110d, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t322 =  &(_t322[0x106]);
									} while (_v24 <  *0x42f44c);
									goto L86;
								} else {
									_t323 = E004012E2( *0x42a868);
									E00401299(_t323);
									_t227 = 0;
									_t298 = 0;
									if(_t323 <= 0) {
										L74:
										SendMessageA(_v12, 0x14e, _t298, 0);
										_a16 = _t323;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t227 * 4)) != 0) {
											_t298 = _t298 + 1;
										}
										_t227 = _t227 + 1;
									} while (_t227 < _t323);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L91;
						} else {
							_t237 = SendMessageA(_v12, 0x147, 0, 0);
							if(_t237 == 0xffffffff) {
								goto L91;
							}
							_t324 = SendMessageA(_v12, 0x150, _t237, 0);
							if(_t324 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t324 * 4)) == 0) {
								_t324 = 0x20;
							}
							E00401299(_t324);
							SendMessageA(_a4, 0x420, 0, _t324);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					 *0x42f480 = _a4;
					_v20 = 2;
					 *0x42a868 = GlobalAlloc(0x40,  *0x42f44c << 2);
					_t264 = LoadImageA( *0x42f400, 0x6e, 0, 0, 0, 0);
					 *0x42a85c =  *0x42a85c | 0xffffffff;
					_v16 = _t264;
					 *0x42a864 = SetWindowLongA(_v8, 0xfffffffc, E004050AB);
					_t266 = ImageList_Create(_t320, _t320, 0x21, 6, 0);
					 *0x42a854 = _t266;
					ImageList_AddMasked(_t266, _v16, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x42a854);
					if(SendMessageA(_v8, 0x111c, 0, 0) < _t320) {
						SendMessageA(_v8, 0x111b, _t320, 0);
					}
					DeleteObject(_v16);
					_t327 = 0;
					do {
						_t272 =  *((intOrPtr*)(_v28 + _t327 * 4));
						if( *((intOrPtr*)(_v28 + _t327 * 4)) != 0) {
							if(_t327 != 0x20) {
								_v20 = 0;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, 0, E00406032(0, _t327, _t331, 0, _t272)), _t327);
						}
						_t327 = _t327 + 1;
					} while (_t327 < 0x21);
					_t328 = _a16;
					_push( *((intOrPtr*)(_t328 + 0x30 + _v20 * 4)));
					_push(0x15);
					E0040409E(_a4);
					_push( *((intOrPtr*)(_t328 + 0x34 + _v20 * 4)));
					_push(0x16);
					E0040409E(_a4);
					_t329 = 0;
					_v16 = 0;
					if( *0x42f44c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t316 = _v24 + 8;
						_v32 = _t316;
						do {
							_t284 =  &(_t316[0x10]);
							if( *_t284 != 0) {
								_v64 = _t284;
								_t285 =  *_t316;
								_v88 = _v16;
								_t308 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t308;
								_v44 = _t329;
								_v72 = _t285 & _t308;
								if((_t285 & 0x00000002) == 0) {
									if((_t285 & 0x00000004) == 0) {
										_t287 = SendMessageA(_v8, 0x1100, 0,  &_v88);
										_t309 =  *0x42a868; // 0x0
										 *(_t309 + _t329 * 4) = _t287;
									} else {
										_v16 = SendMessageA(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t290 = SendMessageA(_v8, 0x1100, 0,  &_v88);
									_t310 =  *0x42a868; // 0x0
									_v36 = 1;
									 *(_t310 + _t329 * 4) = _t290;
									_t291 =  *0x42a868; // 0x0
									_v16 =  *(_t291 + _t329 * 4);
								}
							}
							_t329 = _t329 + 1;
							_t316 =  &(_v32[0x418]);
							_v32 = _t316;
						} while (_t329 <  *0x42f44c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004040D3(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004040D3(_v12);
								L91:
								return E00404105(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}































































                                                            0x00404ac1
                                                            0x00404ac9
                                                            0x00404ad1
                                                            0x00404ad7
                                                            0x00404aef
                                                            0x00404af2
                                                            0x00404af3
                                                            0x00404d20
                                                            0x00404d27
                                                            0x00404d3b
                                                            0x00404d29
                                                            0x00404d2b
                                                            0x00404d2e
                                                            0x00404d2f
                                                            0x00404d36
                                                            0x00404d36
                                                            0x00404d47
                                                            0x00404d55
                                                            0x00404d58
                                                            0x00404d6e
                                                            0x00404de3
                                                            0x00404de6
                                                            0x00404de8
                                                            0x00404df2
                                                            0x00404e00
                                                            0x00404e00
                                                            0x00404e02
                                                            0x00404e0c
                                                            0x00404e12
                                                            0x00404e15
                                                            0x00404e18
                                                            0x00404e33
                                                            0x00404e1a
                                                            0x00404e24
                                                            0x00404e24
                                                            0x00404e18
                                                            0x00404e0c
                                                            0x00000000
                                                            0x00404de6
                                                            0x00404d73
                                                            0x00404d7e
                                                            0x00404d83
                                                            0x00404d8a
                                                            0x00404d8f
                                                            0x00404d93
                                                            0x00404d9e
                                                            0x00404d9e
                                                            0x00404da2
                                                            0x00404da6
                                                            0x00404daa
                                                            0x00404dbd
                                                            0x00404dac
                                                            0x00404dac
                                                            0x00404db3
                                                            0x00404db9
                                                            0x00404db5
                                                            0x00404db5
                                                            0x00404db5
                                                            0x00404db3
                                                            0x00404dc1
                                                            0x00404dc3
                                                            0x00404dd6
                                                            0x00404dd9
                                                            0x00404ddc
                                                            0x00404ddc
                                                            0x00404da6
                                                            0x00000000
                                                            0x00404d93
                                                            0x00404d75
                                                            0x00404d7c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00404e36
                                                            0x00404e36
                                                            0x00404e3d
                                                            0x00404eae
                                                            0x00404eb6
                                                            0x00404ebe
                                                            0x00404ebe
                                                            0x00404ec7
                                                            0x00404ec9
                                                            0x00404ed0
                                                            0x00404ed3
                                                            0x00404ed3
                                                            0x00404ed9
                                                            0x00404ee0
                                                            0x00404ee3
                                                            0x00404ee3
                                                            0x00404ee9
                                                            0x00404eef
                                                            0x00404ef5
                                                            0x00404ef5
                                                            0x00404f02
                                                            0x00405058
                                                            0x0040505f
                                                            0x0040507c
                                                            0x00405082
                                                            0x00405094
                                                            0x00405094
                                                            0x00000000
                                                            0x00404f08
                                                            0x00404f0a
                                                            0x00404f0f
                                                            0x00404f14
                                                            0x00404f19
                                                            0x00404f1b
                                                            0x00404f1b
                                                            0x00404f1c
                                                            0x00404f1d
                                                            0x00404f1f
                                                            0x00404f1f
                                                            0x00404f27
                                                            0x00404f68
                                                            0x00404f6a
                                                            0x00404f6f
                                                            0x00404f7a
                                                            0x00404f7d
                                                            0x00404f82
                                                            0x00404f89
                                                            0x00404f8c
                                                            0x0040502e
                                                            0x00405034
                                                            0x0040503a
                                                            0x00405042
                                                            0x00405053
                                                            0x00405053
                                                            0x00000000
                                                            0x00405042
                                                            0x00404f92
                                                            0x00404f95
                                                            0x00404f9b
                                                            0x00404fa0
                                                            0x00404fa2
                                                            0x00404fa4
                                                            0x00404faa
                                                            0x00404fb1
                                                            0x00404fb6
                                                            0x00404fbd
                                                            0x00404fc0
                                                            0x00404fc0
                                                            0x00404fc7
                                                            0x00404fd3
                                                            0x00404fd7
                                                            0x00404fd9
                                                            0x00404fd9
                                                            0x00404fc9
                                                            0x00404fcb
                                                            0x00404fcb
                                                            0x00404ff9
                                                            0x00405005
                                                            0x00405014
                                                            0x00405014
                                                            0x00405016
                                                            0x00405019
                                                            0x00405022
                                                            0x00000000
                                                            0x00404f29
                                                            0x00404f34
                                                            0x00404f37
                                                            0x00404f3c
                                                            0x00404f3e
                                                            0x00404f42
                                                            0x00404f52
                                                            0x00404f5c
                                                            0x00404f5e
                                                            0x00404f61
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00404f44
                                                            0x00404f44
                                                            0x00404f4a
                                                            0x00404f4c
                                                            0x00404f4c
                                                            0x00404f4d
                                                            0x00404f4e
                                                            0x00000000
                                                            0x00404f44
                                                            0x00404f27
                                                            0x00404f02
                                                            0x00404e45
                                                            0x00000000
                                                            0x00404e5b
                                                            0x00404e65
                                                            0x00404e6a
                                                            0x00000000
                                                            0x00000000
                                                            0x00404e7c
                                                            0x00404e81
                                                            0x00404e8d
                                                            0x00404e8d
                                                            0x00404e8f
                                                            0x00404e9e
                                                            0x00404ea0
                                                            0x00404ea4
                                                            0x00404ea7
                                                            0x00000000
                                                            0x00404ea7
                                                            0x00404e45
                                                            0x00404af9
                                                            0x00404afc
                                                            0x00404aff
                                                            0x00404b0f
                                                            0x00404b22
                                                            0x00404b2d
                                                            0x00404b33
                                                            0x00404b41
                                                            0x00404b54
                                                            0x00404b59
                                                            0x00404b64
                                                            0x00404b6d
                                                            0x00404b83
                                                            0x00404b93
                                                            0x00404b9f
                                                            0x00404b9f
                                                            0x00404ba4
                                                            0x00404baa
                                                            0x00404bac
                                                            0x00404baf
                                                            0x00404bb4
                                                            0x00404bb9
                                                            0x00404bbb
                                                            0x00404bbb
                                                            0x00404bdb
                                                            0x00404bdb
                                                            0x00404bdd
                                                            0x00404bde
                                                            0x00404be3
                                                            0x00404be9
                                                            0x00404bed
                                                            0x00404bf2
                                                            0x00404bfa
                                                            0x00404bfe
                                                            0x00404c03
                                                            0x00404c08
                                                            0x00404c10
                                                            0x00404c13
                                                            0x00404ce2
                                                            0x00404cf5
                                                            0x00000000
                                                            0x00404c19
                                                            0x00404c1c
                                                            0x00404c1f
                                                            0x00404c22
                                                            0x00404c22
                                                            0x00404c27
                                                            0x00404c30
                                                            0x00404c33
                                                            0x00404c37
                                                            0x00404c3a
                                                            0x00404c3d
                                                            0x00404c46
                                                            0x00404c4f
                                                            0x00404c52
                                                            0x00404c55
                                                            0x00404c58
                                                            0x00404c96
                                                            0x00404cb9
                                                            0x00404cbb
                                                            0x00404cc1
                                                            0x00404c98
                                                            0x00404ca7
                                                            0x00404ca7
                                                            0x00404c5a
                                                            0x00404c5d
                                                            0x00404c6b
                                                            0x00404c75
                                                            0x00404c77
                                                            0x00404c7d
                                                            0x00404c84
                                                            0x00404c87
                                                            0x00404c8f
                                                            0x00404c8f
                                                            0x00404c58
                                                            0x00404cc7
                                                            0x00404cc8
                                                            0x00404cd4
                                                            0x00404cd4
                                                            0x00404ce0
                                                            0x00404cfb
                                                            0x00404cfe
                                                            0x00404d1b
                                                            0x00000000
                                                            0x00404d00
                                                            0x00404d05
                                                            0x00404d0e
                                                            0x00405096
                                                            0x004050a8
                                                            0x004050a8
                                                            0x00404cfe
                                                            0x00000000
                                                            0x00404ce0
                                                            0x00404c13

                                                            APIs
                                                            • GetDlgItem.USER32 ref: 00404ABA
                                                            • GetDlgItem.USER32 ref: 00404AC7
                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 00404B16
                                                            • LoadImageA.USER32 ref: 00404B2D
                                                            • SetWindowLongA.USER32 ref: 00404B47
                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404B59
                                                            • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404B6D
                                                            • SendMessageA.USER32(?,00001109,00000002), ref: 00404B83
                                                            • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404B8F
                                                            • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404B9F
                                                            • DeleteObject.GDI32(00000110), ref: 00404BA4
                                                            • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404BCF
                                                            • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404BDB
                                                            • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404C75
                                                            • SendMessageA.USER32(?,0000110A,00000003,00000110), ref: 00404CA5
                                                              • Part of subcall function 004040D3: SendMessageA.USER32(00000028,?,00000001,00403F03), ref: 004040E1
                                                            • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404CB9
                                                            • GetWindowLongA.USER32 ref: 00404CE7
                                                            • SetWindowLongA.USER32 ref: 00404CF5
                                                            • ShowWindow.USER32(?,00000005), ref: 00404D05
                                                            • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404E00
                                                            • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404E65
                                                            • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404E7A
                                                            • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404E9E
                                                            • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404EBE
                                                            • ImageList_Destroy.COMCTL32(00000000), ref: 00404ED3
                                                            • GlobalFree.KERNEL32 ref: 00404EE3
                                                            • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404F5C
                                                            • SendMessageA.USER32(?,00001102,?,?), ref: 00405005
                                                            • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00405014
                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00405034
                                                            • ShowWindow.USER32(?,00000000), ref: 00405082
                                                            • GetDlgItem.USER32 ref: 0040508D
                                                            • ShowWindow.USER32(00000000), ref: 00405094
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                            • String ID: $M$N
                                                            • API String ID: 2564846305-813528018
                                                            • Opcode ID: 7979eb89c2ba789210c478efbd40ca5770d0cf58fb7a2a7deeb4f629e08dd5c3
                                                            • Instruction ID: b93138f0eedc2449d1e9bfda9be5258a8e47cdb0f0c7c2118b7039f3366b9e37
                                                            • Opcode Fuzzy Hash: 7979eb89c2ba789210c478efbd40ca5770d0cf58fb7a2a7deeb4f629e08dd5c3
                                                            • Instruction Fuzzy Hash: AA026EB0900209AFEB20DFA5DD45AAE7BB5FB44314F14813AF614B62E0C7799D52CF58
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00404209 Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 202windowstringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 93%
                                                            			E00404209(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				intOrPtr _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t103;
				signed int _t106;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L11:
						__eflags = _a8 - 0x4e;
						if(_a8 != 0x4e) {
							__eflags = _a8 - 0x40b;
							if(_a8 == 0x40b) {
								 *0x42983c =  *0x42983c + 1;
								__eflags =  *0x42983c;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00404105(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x70b;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b) {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x201;
							if( *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
								_t100 =  *((intOrPtr*)(_t110 + 0x1c));
								_t109 =  *((intOrPtr*)(_t110 + 0x18));
								_v12 = _t100;
								__eflags = _t100 - _t109 - 0x800;
								_v16 = _t109;
								_v8 = 0x42e3a0;
								if(_t100 - _t109 < 0x800) {
									SendMessageA(_t52, 0x44b, 0,  &_v16);
									SetCursor(LoadCursorA(0, 0x7f02));
									_push(1);
									E004044AD(_a4, _v8);
									SetCursor(LoadCursorA(0, 0x7f00));
									_t110 = _a16;
								}
							}
						}
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x700;
						if( *((intOrPtr*)(_t110 + 8)) != 0x700) {
							goto L26;
						} else {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x100;
							if( *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
								goto L26;
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0xd;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x42f408, 0x111, 1, 0);
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0x1b;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x42f408, 0x10, 0, 0);
							}
							return 1;
						}
					}
					__eflags = _a12 >> 0x10;
					if(_a12 >> 0x10 != 0) {
						goto L25;
					}
					__eflags =  *0x42983c; // 0x0
					if(__eflags != 0) {
						goto L25;
					}
					_t103 =  *0x42a048; // 0x5c8834
					_t25 = _t103 + 0x14; // 0x5c8848
					_t112 = _t25;
					__eflags =  *_t112 & 0x00000020;
					if(( *_t112 & 0x00000020) == 0) {
						goto L25;
					}
					_t106 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
					__eflags = _t106;
					 *_t112 = _t106;
					E004040C0(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
					E00404489();
					goto L11;
				} else {
					_t98 = _a16;
					_t113 =  *(_t98 + 0x30);
					if(_t113 < 0) {
						_t107 =  *0x42ebdc; // 0x5d4598
						_t113 =  *(_t107 - 4 + _t113 * 4);
					}
					_push( *((intOrPtr*)(_t98 + 0x34)));
					_t114 = _t113 +  *0x42f458;
					_push(0x22);
					_a16 =  *_t114;
					_v12 = _v12 & 0x00000000;
					_t115 = _t114 + 1;
					_v16 = _t115;
					_v8 = E004041D4;
					E0040409E(_a4);
					_push( *((intOrPtr*)(_t98 + 0x38)));
					_push(0x23);
					E0040409E(_a4);
					CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
					E004040C0( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
					_t99 = GetDlgItem(_a4, 0x3e8);
					E004040D3(_t99);
					SendMessageA(_t99, 0x45b, 1, 0);
					_t86 =  *( *0x42f414 + 0x68);
					if(_t86 < 0) {
						_t86 = GetSysColor( ~_t86);
					}
					SendMessageA(_t99, 0x443, 0, _t86);
					SendMessageA(_t99, 0x445, 0, 0x4010000);
					SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
					 *0x42983c = 0;
					SendMessageA(_t99, 0x449, _a16,  &_v16);
					 *0x42983c = 0;
					return 0;
				}
			}




















                                                            0x00404219
                                                            0x0040432b
                                                            0x0040433e
                                                            0x0040439a
                                                            0x0040439a
                                                            0x0040439e
                                                            0x00404464
                                                            0x0040446b
                                                            0x0040446d
                                                            0x0040446d
                                                            0x0040446d
                                                            0x00404473
                                                            0x00404473
                                                            0x00404476
                                                            0x00000000
                                                            0x0040447d
                                                            0x004043ac
                                                            0x004043ae
                                                            0x004043b1
                                                            0x004043b8
                                                            0x004043ba
                                                            0x004043c1
                                                            0x004043c3
                                                            0x004043c6
                                                            0x004043c9
                                                            0x004043ce
                                                            0x004043d4
                                                            0x004043d7
                                                            0x004043de
                                                            0x004043ec
                                                            0x00404404
                                                            0x00404406
                                                            0x0040440e
                                                            0x0040441d
                                                            0x0040441f
                                                            0x0040441f
                                                            0x004043de
                                                            0x004043c1
                                                            0x00404422
                                                            0x00404429
                                                            0x00000000
                                                            0x0040442b
                                                            0x0040442b
                                                            0x00404432
                                                            0x00000000
                                                            0x00000000
                                                            0x00404434
                                                            0x00404438
                                                            0x00404449
                                                            0x00404449
                                                            0x0040444b
                                                            0x0040444f
                                                            0x0040445d
                                                            0x0040445d
                                                            0x00000000
                                                            0x00404461
                                                            0x00404429
                                                            0x00404346
                                                            0x00404349
                                                            0x00000000
                                                            0x00000000
                                                            0x00404351
                                                            0x00404357
                                                            0x00000000
                                                            0x00000000
                                                            0x0040435d
                                                            0x00404363
                                                            0x00404363
                                                            0x00404366
                                                            0x00404369
                                                            0x00000000
                                                            0x00000000
                                                            0x0040438c
                                                            0x0040438c
                                                            0x0040438e
                                                            0x00404390
                                                            0x00404395
                                                            0x00000000
                                                            0x0040421f
                                                            0x0040421f
                                                            0x00404222
                                                            0x00404227
                                                            0x00404229
                                                            0x00404238
                                                            0x00404238
                                                            0x0040423f
                                                            0x00404242
                                                            0x00404244
                                                            0x00404249
                                                            0x00404252
                                                            0x00404258
                                                            0x00404264
                                                            0x00404267
                                                            0x00404270
                                                            0x00404275
                                                            0x00404278
                                                            0x0040427d
                                                            0x00404294
                                                            0x0040429b
                                                            0x004042ae
                                                            0x004042b1
                                                            0x004042c6
                                                            0x004042cd
                                                            0x004042d2
                                                            0x004042d7
                                                            0x004042d7
                                                            0x004042e6
                                                            0x004042f5
                                                            0x00404307
                                                            0x0040430c
                                                            0x0040431c
                                                            0x0040431e
                                                            0x00000000
                                                            0x00404324

                                                            APIs
                                                            • CheckDlgButton.USER32 ref: 00404294
                                                            • GetDlgItem.USER32 ref: 004042A8
                                                            • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004042C6
                                                            • GetSysColor.USER32(?), ref: 004042D7
                                                            • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004042E6
                                                            • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004042F5
                                                            • lstrlenA.KERNEL32(?), ref: 004042F8
                                                            • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404307
                                                            • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 0040431C
                                                            • GetDlgItem.USER32 ref: 0040437E
                                                            • SendMessageA.USER32(00000000), ref: 00404381
                                                            • GetDlgItem.USER32 ref: 004043AC
                                                            • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004043EC
                                                            • LoadCursorA.USER32 ref: 004043FB
                                                            • SetCursor.USER32(00000000), ref: 00404404
                                                            • LoadCursorA.USER32 ref: 0040441A
                                                            • SetCursor.USER32(00000000), ref: 0040441D
                                                            • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404449
                                                            • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040445D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                            • String ID: N
                                                            • API String ID: 3103080414-1130791706
                                                            • Opcode ID: 448c26d367fa4ce24fea73f86f3c1ebcb169a2680b3cc918c82a0762cc84cb42
                                                            • Instruction ID: e1855738532d9be41fcebd9a9c4146cd0e241e622fdf0fb061f71f1fb699f553
                                                            • Opcode Fuzzy Hash: 448c26d367fa4ce24fea73f86f3c1ebcb169a2680b3cc918c82a0762cc84cb42
                                                            • Instruction Fuzzy Hash: 2661A4B1A40208BFDB109F61DD45F6A7B69FB84314F00803AFB057A1D1C7B8A952CF98
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 90%
                                                            			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42f414;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "Wildix Integration Service v3.9.1 Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42f408;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                            0x0040100a
                                                            0x00401039
                                                            0x00401047
                                                            0x0040104d
                                                            0x00401051
                                                            0x0040105b
                                                            0x00401061
                                                            0x00401064
                                                            0x004010f3
                                                            0x00401089
                                                            0x0040108c
                                                            0x004010a6
                                                            0x004010bd
                                                            0x004010cc
                                                            0x004010cf
                                                            0x004010d5
                                                            0x004010d9
                                                            0x004010e4
                                                            0x004010ed
                                                            0x004010ef
                                                            0x004010ef
                                                            0x00401100
                                                            0x00401105
                                                            0x0040110d
                                                            0x00401110
                                                            0x00401112
                                                            0x00401118
                                                            0x0040111f
                                                            0x00401126
                                                            0x00401130
                                                            0x00401142
                                                            0x00401156
                                                            0x00401160
                                                            0x00401165
                                                            0x00401165
                                                            0x00401110
                                                            0x0040116e
                                                            0x00000000
                                                            0x00401178
                                                            0x00401010
                                                            0x00401013
                                                            0x00401015
                                                            0x0040101f
                                                            0x0040101f
                                                            0x00000000

                                                            APIs
                                                            • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                            • BeginPaint.USER32(?,?), ref: 00401047
                                                            • GetClientRect.USER32 ref: 0040105B
                                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                            • FillRect.USER32 ref: 004010E4
                                                            • DeleteObject.GDI32(?), ref: 004010ED
                                                            • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                            • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                            • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                            • SelectObject.GDI32(00000000,?), ref: 00401140
                                                            • DrawTextA.USER32(00000000,Wildix Integration Service v3.9.1 Setup,000000FF,00000010,00000820), ref: 00401156
                                                            • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                            • DeleteObject.GDI32(?), ref: 00401165
                                                            • EndPaint.USER32(?,?), ref: 0040116E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                            • String ID: F$Wildix Integration Service v3.9.1 Setup
                                                            • API String ID: 941294808-1273018411
                                                            • Opcode ID: 7b2e9886d4a0a86190cfd2eb73994447d751dd60ad8b28ccd238e082d53d4ecc
                                                            • Instruction ID: a83fe4be3842045fa55e49ef5e4516223b86fcdf0b70f1128ddfc4a40beffe79
                                                            • Opcode Fuzzy Hash: 7b2e9886d4a0a86190cfd2eb73994447d751dd60ad8b28ccd238e082d53d4ecc
                                                            • Instruction Fuzzy Hash: 48418C71400209AFCB058FA5DE459BF7BB9FF45314F00842EF9A1AA1A0C7749955DFA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405C7F Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00405C7F(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				CHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x42c600 = 0x4c554e;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameA( *(_t52 + 0x1c), 0x42ca00, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x42c200, "%s=%s\r\n", 0x42c600, 0x42ca00);
						_t53 = _t52 + 0x10;
						E00406032(_t37, 0x400, 0x42ca00, 0x42ca00,  *((intOrPtr*)( *0x42f414 + 0x128)));
						_t12 = E00405BA9(0x42ca00, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405C21(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405B0E(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405B0E(_t38, _t21 + 0xa, 0x40a3b8);
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405B64(_t24 + _t46, 0x42c200, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405C50(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405BA9(_t44, 0, 1));
					_t12 = GetShortPathNameA(_t44, 0x42c600, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                            0x00405c7f
                                                            0x00405c88
                                                            0x00405c8f
                                                            0x00405ca3
                                                            0x00405ccb
                                                            0x00405cd6
                                                            0x00405cda
                                                            0x00405cfa
                                                            0x00405d01
                                                            0x00405d0b
                                                            0x00405d18
                                                            0x00405d1d
                                                            0x00405d22
                                                            0x00405d26
                                                            0x00405d35
                                                            0x00405d37
                                                            0x00405d44
                                                            0x00405d48
                                                            0x00405de3
                                                            0x00000000
                                                            0x00405d5e
                                                            0x00405d6b
                                                            0x00405d8f
                                                            0x00405d93
                                                            0x00405db2
                                                            0x00405db6
                                                            0x00405db6
                                                            0x00405db8
                                                            0x00405dc1
                                                            0x00405dcc
                                                            0x00405dd7
                                                            0x00405ddd
                                                            0x00000000
                                                            0x00405ddd
                                                            0x00405d95
                                                            0x00405d98
                                                            0x00405da3
                                                            0x00405d9f
                                                            0x00405da1
                                                            0x00405da2
                                                            0x00405da2
                                                            0x00405daa
                                                            0x00405dac
                                                            0x00000000
                                                            0x00405dac
                                                            0x00405d76
                                                            0x00405d7c
                                                            0x00000000
                                                            0x00405d7c
                                                            0x00405d48
                                                            0x00405d26
                                                            0x00405ca5
                                                            0x00405cb0
                                                            0x00405cb9
                                                            0x00405cbd
                                                            0x00000000
                                                            0x00000000
                                                            0x00405cbd
                                                            0x00405dee

                                                            APIs
                                                            • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00405E10,?,?), ref: 00405CB0
                                                            • GetShortPathNameA.KERNEL32 ref: 00405CB9
                                                              • Part of subcall function 00405B0E: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B1E
                                                              • Part of subcall function 00405B0E: lstrlenA.KERNEL32(00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B50
                                                            • GetShortPathNameA.KERNEL32 ref: 00405CD6
                                                            • wsprintfA.USER32 ref: 00405CF4
                                                            • GetFileSize.KERNEL32(00000000,00000000,0042CA00,C0000000,00000004,0042CA00,?,?,?,?,?), ref: 00405D2F
                                                            • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405D3E
                                                            • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D76
                                                            • SetFilePointer.KERNEL32(0040A3B8,00000000,00000000,00000000,00000000,0042C200,00000000,-0000000A,0040A3B8,00000000,[Rename],00000000,00000000,00000000), ref: 00405DCC
                                                            • GlobalFree.KERNEL32 ref: 00405DDD
                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405DE4
                                                              • Part of subcall function 00405BA9: GetFileAttributesA.KERNELBASE(00000003,00402E04,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405BAD
                                                              • Part of subcall function 00405BA9: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BCF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                            • String ID: %s=%s$[Rename]
                                                            • API String ID: 2171350718-1727408572
                                                            • Opcode ID: f77fbfde1968c6cc6d109ac9641d83ed14e9d60a65f6ef3fc352fd67b9dcf635
                                                            • Instruction ID: 5f10e72b046bb4c3808544f3b96a1b07f09bbbda3d3e46611c613b54f85f09c3
                                                            • Opcode Fuzzy Hash: f77fbfde1968c6cc6d109ac9641d83ed14e9d60a65f6ef3fc352fd67b9dcf635
                                                            • Instruction Fuzzy Hash: F631F231600B15ABD2207BA59D4DFAB3A6CDF42754F14443BFA01F62D2DA7CE8058ABD
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040627A Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E0040627A(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405A15(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004059D3("*?|<>/\":", _t5))) == 0) {
							E00405B64(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                            0x0040627c
                                                            0x00406284
                                                            0x00406298
                                                            0x00406298
                                                            0x0040629e
                                                            0x004062ab
                                                            0x004062ab
                                                            0x004062ac
                                                            0x004062ae
                                                            0x004062b2
                                                            0x004062b4
                                                            0x004062bd
                                                            0x004062bf
                                                            0x004062d9
                                                            0x004062e1
                                                            0x004062e1
                                                            0x004062e6
                                                            0x004062e8
                                                            0x004062ea
                                                            0x004062ee
                                                            0x004062ef
                                                            0x004062f2
                                                            0x004062fa
                                                            0x004062fc
                                                            0x00406300
                                                            0x00000000
                                                            0x00000000
                                                            0x00406306
                                                            0x0040630b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040630b
                                                            0x00406310

                                                            APIs
                                                            • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SetupWIService.exe" ,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062D2
                                                            • CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004062DF
                                                            • CharNextA.USER32(?,"C:\Users\user\Desktop\SetupWIService.exe" ,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062E4
                                                            • CharPrevA.USER32(?,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062F4
                                                            Strings
                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 0040627B
                                                            • *?|<>/":, xrefs: 004062C2
                                                            • "C:\Users\user\Desktop\SetupWIService.exe" , xrefs: 004062B6
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Char$Next$Prev
                                                            • String ID: "C:\Users\user\Desktop\SetupWIService.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                            • API String ID: 589700163-208492727
                                                            • Opcode ID: a4ab23b94a56fbb4e4ab915d6a0181bd243ee2e30b5e95404a857257d08c8b81
                                                            • Instruction ID: 6247d5b4c7038ff51e561e9c2f84ae45375c8bcee8d01d3c6d5c321a6abb2e6d
                                                            • Opcode Fuzzy Hash: a4ab23b94a56fbb4e4ab915d6a0181bd243ee2e30b5e95404a857257d08c8b81
                                                            • Instruction Fuzzy Hash: 2211E95180479029EB3226246C40BBB7F884F97751F1A00BFE8C2722C1C67C5C52867D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00404105 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00404105(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                            0x00404117
                                                            0x004041cd
                                                            0x00000000
                                                            0x004041cd
                                                            0x00404128
                                                            0x0040412c
                                                            0x00000000
                                                            0x00404146
                                                            0x00404146
                                                            0x0040414f
                                                            0x00000000
                                                            0x00000000
                                                            0x00404151
                                                            0x0040415d
                                                            0x00404160
                                                            0x00404160
                                                            0x00404166
                                                            0x0040416c
                                                            0x0040416c
                                                            0x00404178
                                                            0x0040417e
                                                            0x00404185
                                                            0x00404188
                                                            0x0040418b
                                                            0x0040418d
                                                            0x0040418d
                                                            0x00404195
                                                            0x0040419b
                                                            0x0040419b
                                                            0x004041a5
                                                            0x004041aa
                                                            0x004041ad
                                                            0x004041b2
                                                            0x004041b5
                                                            0x004041b5
                                                            0x004041c5
                                                            0x004041c5
                                                            0x00000000
                                                            0x004041c8

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                            • String ID:
                                                            • API String ID: 2320649405-0
                                                            • Opcode ID: 2fd397ab70c88e7053abfa2b1889d7e6adf273714bf8f91ffd366fbe1d5efa4b
                                                            • Instruction ID: 549509973aaa983cd2a57f184cdff44cbcc336d3318ba047a0b32752f088f93e
                                                            • Opcode Fuzzy Hash: 2fd397ab70c88e7053abfa2b1889d7e6adf273714bf8f91ffd366fbe1d5efa4b
                                                            • Instruction Fuzzy Hash: 7D2162715007049BCB219F68DD4CB5BBBF8AF91714B048A3EEA96A66E0C734E984CB54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73DA24D8 Relevance: 10.6, APIs: 7, Instructions: 124COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 77%
                                                            			E73DA24D8(intOrPtr* _a4) {
				char _v80;
				int _v84;
				intOrPtr _v88;
				short _v92;
				intOrPtr* _t28;
				void* _t30;
				intOrPtr _t31;
				signed int _t43;
				void* _t44;
				intOrPtr _t45;
				void* _t48;

				_t44 = E73DA1215();
				_t28 = _a4;
				_t45 =  *((intOrPtr*)(_t28 + 0x814));
				_v88 = _t45;
				_t48 = (_t45 + 0x41 << 5) + _t28;
				do {
					if( *((intOrPtr*)(_t48 - 4)) >= 0) {
					}
					_t43 =  *(_t48 - 8) & 0x000000ff;
					if(_t43 <= 7) {
						switch( *((intOrPtr*)(_t43 * 4 +  &M73DA2626))) {
							case 0:
								 *_t44 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									_v84 = __ecx;
									__ecx =  *(0x73da307c + __edx * 4);
									__edx = _v84;
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x73da309c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E73DA1429(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__eax = lstrcpynA(__edi,  *__eax,  *0x73da405c);
								goto L17;
							case 4:
								__ecx =  *0x73da405c;
								__edx = __ecx - 1;
								__eax = WideCharToMultiByte(__ebx, __ebx,  *__eax, __ecx, __edi, __edx, __ebx, __ebx);
								__eax =  *0x73da405c;
								 *((char*)(__eax + __edi - 1)) = __bl;
								goto L17;
							case 5:
								__ecx =  &_v80;
								_push(0x27);
								_push(__ecx);
								_push( *__eax);
								__imp__StringFromGUID2();
								__eax =  &_v92;
								__eax = WideCharToMultiByte(__ebx, __ebx,  &_v92,  &_v92, __edi,  *0x73da405c, __ebx, __ebx);
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfA(__edi, 0x73da4000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t30 =  *(_t48 + 0x14);
					if(_t30 != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t48 - 4)) > 0)) {
						GlobalFree(_t30);
					}
					_t31 =  *((intOrPtr*)(_t48 + 0xc));
					if(_t31 != 0) {
						if(_t31 != 0xffffffff) {
							if(_t31 > 0) {
								E73DA12D1(_t31 - 1, _t44);
								goto L26;
							}
						} else {
							E73DA1266(_t44);
							L26:
						}
					}
					_v88 = _v88 - 1;
					_t48 = _t48 - 0x20;
				} while (_v88 >= 0);
				return GlobalFree(_t44);
			}














                                                            0x73da24e4
                                                            0x73da24e6
                                                            0x73da24f0
                                                            0x73da24f6
                                                            0x73da2500
                                                            0x73da2504
                                                            0x73da2509
                                                            0x73da2509
                                                            0x73da2511
                                                            0x73da2518
                                                            0x73da251e
                                                            0x00000000
                                                            0x73da2525
                                                            0x00000000
                                                            0x00000000
                                                            0x73da252c
                                                            0x73da2530
                                                            0x73da2533
                                                            0x73da2537
                                                            0x73da253e
                                                            0x73da2542
                                                            0x73da2548
                                                            0x73da254a
                                                            0x73da254c
                                                            0x73da254c
                                                            0x73da2553
                                                            0x00000000
                                                            0x00000000
                                                            0x73da255c
                                                            0x00000000
                                                            0x00000000
                                                            0x73da256c
                                                            0x00000000
                                                            0x00000000
                                                            0x73da2598
                                                            0x73da25a0
                                                            0x73da25aa
                                                            0x73da25ac
                                                            0x73da25b1
                                                            0x00000000
                                                            0x00000000
                                                            0x73da2574
                                                            0x73da2578
                                                            0x73da257a
                                                            0x73da257b
                                                            0x73da257d
                                                            0x73da258d
                                                            0x73da2594
                                                            0x00000000
                                                            0x00000000
                                                            0x73da25b7
                                                            0x73da25b9
                                                            0x73da25bf
                                                            0x73da25c5
                                                            0x73da25c5
                                                            0x00000000
                                                            0x00000000
                                                            0x73da251e
                                                            0x73da25c8
                                                            0x73da25c8
                                                            0x73da25cd
                                                            0x73da25de
                                                            0x73da25de
                                                            0x73da25e4
                                                            0x73da25e9
                                                            0x73da25ee
                                                            0x73da25fa
                                                            0x73da25ff
                                                            0x00000000
                                                            0x73da2604
                                                            0x73da25f0
                                                            0x73da25f1
                                                            0x73da2605
                                                            0x73da2605
                                                            0x73da25ee
                                                            0x73da2606
                                                            0x73da260a
                                                            0x73da260d
                                                            0x73da2625

                                                            APIs
                                                              • Part of subcall function 73DA1215: GlobalAlloc.KERNELBASE(00000040,73DA1233,?,73DA12CF,-73DA404B,73DA11AB,-000000A0), ref: 73DA121D
                                                            • GlobalFree.KERNEL32 ref: 73DA25DE
                                                            • GlobalFree.KERNEL32 ref: 73DA2618
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.581302546.0000000073DA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 73DA0000, based on PE: true
                                                            • Associated: 00000000.00000002.581287668.0000000073DA0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000000.00000002.581318631.0000000073DA3000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000000.00000002.581338629.0000000073DA5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_73da0000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Global$Free$Alloc
                                                            • String ID:
                                                            • API String ID: 1780285237-0
                                                            • Opcode ID: 0b04973ba28cd4a5db4df2dba4b34438e3974fae5bbcdd91e9710b3df82fdde5
                                                            • Instruction ID: 0af964fa7c0f5f612686748dac872df6537d8f16ec8c79f54805db4f8e3dd2c2
                                                            • Opcode Fuzzy Hash: 0b04973ba28cd4a5db4df2dba4b34438e3974fae5bbcdd91e9710b3df82fdde5
                                                            • Instruction Fuzzy Hash: 9D41D273108204EFD306DF5ACE98F2A77BAFB85610B144529F585B3240EB359D14EB66
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004049F1 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004049F1(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                            0x004049ff
                                                            0x00404a0c
                                                            0x00404a12
                                                            0x00404a50
                                                            0x00404a50
                                                            0x00404a5f
                                                            0x00404a66
                                                            0x00000000
                                                            0x00404a68
                                                            0x00404a14
                                                            0x00404a23
                                                            0x00404a2b
                                                            0x00404a2e
                                                            0x00404a40
                                                            0x00404a46
                                                            0x00404a4d
                                                            0x00000000
                                                            0x00404a4d
                                                            0x00000000

                                                            APIs
                                                            • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404A0C
                                                            • GetMessagePos.USER32 ref: 00404A14
                                                            • ScreenToClient.USER32 ref: 00404A2E
                                                            • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404A40
                                                            • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404A66
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Message$Send$ClientScreen
                                                            • String ID: f
                                                            • API String ID: 41195575-1993550816
                                                            • Opcode ID: b233b2991907e98a40282691d164461162982266b543cde43f51771bab81e11a
                                                            • Instruction ID: dd2724b276b0829887a11dc4f26b79c7971af77995a7330ace4ae867cc8e4813
                                                            • Opcode Fuzzy Hash: b233b2991907e98a40282691d164461162982266b543cde43f51771bab81e11a
                                                            • Instruction Fuzzy Hash: 4B018071940218BADB00DB94DD81BFEBBB8AF95711F10412BBA11B61C0C7B455018FA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401DFF Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 73%
                                                            			E00401DFF(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402B0A(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40b818->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40b828 = E00402B0A(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x24));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40b82f = 1;
				 *0x40b82c = _t15 & 0x00000001;
				 *0x40b82d = _t15 & 0x00000002;
				 *0x40b82e = _t15 & 0x00000004;
				E00406032(_t9, _t31, _t33, "MS Shell Dlg",  *((intOrPtr*)(_t35 - 0x30)));
				_t18 = CreateFontIndirectA(0x40b818);
				_push(_t18);
				_push(_t33);
				E00405F6E();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                            0x00401dff
                                                            0x00401e0a
                                                            0x00401e0c
                                                            0x00401e19
                                                            0x00401e30
                                                            0x00401e35
                                                            0x00401e42
                                                            0x00401e47
                                                            0x00401e4b
                                                            0x00401e56
                                                            0x00401e5d
                                                            0x00401e6f
                                                            0x00401e75
                                                            0x00401e7a
                                                            0x00401e84
                                                            0x004025e4
                                                            0x00401569
                                                            0x00402960
                                                            0x004029bb
                                                            0x004029c7

                                                            APIs
                                                            • GetDC.USER32(?), ref: 00401E02
                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E1C
                                                            • MulDiv.KERNEL32(00000000,00000000), ref: 00401E24
                                                            • ReleaseDC.USER32 ref: 00401E35
                                                            • CreateFontIndirectA.GDI32(0040B818), ref: 00401E84
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: CapsCreateDeviceFontIndirectRelease
                                                            • String ID: MS Shell Dlg
                                                            • API String ID: 3808545654-76309092
                                                            • Opcode ID: 4e2ac4968fbcfc45df335883300c5f964cad547b4711af948e6fa709055a9030
                                                            • Instruction ID: a7e809a5f5c9b27870585acda152ffb90eb46fec6a88876af75f69e410eeec04
                                                            • Opcode Fuzzy Hash: 4e2ac4968fbcfc45df335883300c5f964cad547b4711af948e6fa709055a9030
                                                            • Instruction Fuzzy Hash: A6015672544240AFD7016B74AE4ABA93FB8EB59305F108839F141B61F2C7750505CB9C
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402CDD Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00402CDD(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x41d420; // 0xb46984
					_t11 =  *0x42942c; // 0xb492b8
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                            0x00402cea
                                                            0x00402cf8
                                                            0x00402cfe
                                                            0x00402cfe
                                                            0x00402d0c
                                                            0x00402d0e
                                                            0x00402d14
                                                            0x00402d1b
                                                            0x00402d1d
                                                            0x00402d1d
                                                            0x00402d33
                                                            0x00402d43
                                                            0x00402d55
                                                            0x00402d55
                                                            0x00402d5d

                                                            APIs
                                                            • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402CF8
                                                            • MulDiv.KERNEL32(00B46984,00000064,00B492B8), ref: 00402D23
                                                            • wsprintfA.USER32 ref: 00402D33
                                                            • SetWindowTextA.USER32(?,?), ref: 00402D43
                                                            • SetDlgItemTextA.USER32 ref: 00402D55
                                                            Strings
                                                            • verifying installer: %d%%, xrefs: 00402D2D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Text$ItemTimerWindowwsprintf
                                                            • String ID: verifying installer: %d%%
                                                            • API String ID: 1451636040-82062127
                                                            • Opcode ID: f8f7fb574b01a37347c2b5a7030e5195f98b1542352a9ab3f35e70a1f9b9ac5a
                                                            • Instruction ID: 025fba79a5afffe449226ec8edfc98a8674e121caf39d96b1da50a976b993c92
                                                            • Opcode Fuzzy Hash: f8f7fb574b01a37347c2b5a7030e5195f98b1542352a9ab3f35e70a1f9b9ac5a
                                                            • Instruction Fuzzy Hash: AA01FF71640209FBEF249F60DE49FAE37A9FB04345F008039FA06B61D0DBB599568F59
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73DA22F1 Relevance: 9.1, APIs: 6, Instructions: 140memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 86%
                                                            			E73DA22F1(void* __edx, intOrPtr _a4) {
				signed int _v4;
				signed int _v8;
				void* _t38;
				signed int _t39;
				void* _t40;
				void* _t43;
				void* _t48;
				signed int* _t50;
				signed char* _t51;

				_v8 = 0 |  *((intOrPtr*)(_a4 + 0x814)) > 0x00000000;
				while(1) {
					_t9 = _a4 + 0x818; // 0x818
					_t51 = (_v8 << 5) + _t9;
					_t38 = _t51[0x18];
					if(_t38 == 0) {
						goto L9;
					}
					_t48 = 0x1a;
					if(_t38 == _t48) {
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						if(_t38 <= 0 || _t38 > 0x19) {
							_t51[0x18] = _t48;
						} else {
							_t38 = E73DA12AD(_t38 - 1);
							L10:
						}
						goto L11;
					} else {
						_t38 = E73DA123B();
						L11:
						_t43 = _t38;
						_t13 =  &(_t51[8]); // 0x820
						_t50 = _t13;
						if(_t51[4] >= 0) {
						}
						_t39 =  *_t51 & 0x000000ff;
						_t51[0x1c] = _t51[0x1c] & 0x00000000;
						_v4 = _t39;
						if(_t39 > 7) {
							L27:
							_t40 = GlobalFree(_t43);
							if(_v8 == 0) {
								return _t40;
							}
							if(_v8 !=  *((intOrPtr*)(_a4 + 0x814))) {
								_v8 = _v8 + 1;
							} else {
								_v8 = _v8 & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t39 * 4 +  &M73DA247E))) {
								case 0:
									 *_t50 =  *_t50 & 0x00000000;
									goto L27;
								case 1:
									__eax = E73DA12FE(__ebx);
									goto L20;
								case 2:
									 *__ebp = E73DA12FE(__ebx);
									_a4 = __edx;
									goto L27;
								case 3:
									__eax = E73DA1224(__ebx);
									 *(__esi + 0x1c) = __eax;
									L20:
									 *__ebp = __eax;
									goto L27;
								case 4:
									 *0x73da405c =  *0x73da405c +  *0x73da405c;
									__edi = GlobalAlloc(0x40,  *0x73da405c +  *0x73da405c);
									 *0x73da405c = MultiByteToWideChar(0, 0, __ebx,  *0x73da405c, __edi,  *0x73da405c);
									if(_v4 != 5) {
										 *(__esi + 0x1c) = __edi;
										 *__ebp = __edi;
									} else {
										__eax = GlobalAlloc(0x40, 0x10);
										_push(__eax);
										 *(__esi + 0x1c) = __eax;
										_push(__edi);
										 *__ebp = __eax;
										__imp__CLSIDFromString();
										__eax = GlobalFree(__edi);
									}
									goto L27;
								case 5:
									if( *__ebx != 0) {
										__eax = E73DA12FE(__ebx);
										 *__edi = __eax;
									}
									goto L27;
								case 6:
									__esi =  *(__esi + 0x18);
									__esi = __esi - 1;
									__esi = __esi *  *0x73da405c;
									__esi = __esi +  *0x73da4064;
									__eax = __esi + 0xc;
									 *__edi = __esi + 0xc;
									asm("cdq");
									__eax = E73DA1429(__edx, __esi + 0xc, __edx, __esi);
									goto L27;
							}
						}
					}
					L9:
					_t38 = E73DA1224(0x73da4034);
					goto L10;
				}
			}












                                                            0x73da2306
                                                            0x73da230a
                                                            0x73da2315
                                                            0x73da2315
                                                            0x73da231c
                                                            0x73da2321
                                                            0x00000000
                                                            0x00000000
                                                            0x73da2325
                                                            0x73da2328
                                                            0x00000000
                                                            0x00000000
                                                            0x73da232d
                                                            0x73da2338
                                                            0x73da2348
                                                            0x73da233f
                                                            0x73da2341
                                                            0x73da2357
                                                            0x73da2357
                                                            0x00000000
                                                            0x73da232f
                                                            0x73da232f
                                                            0x73da2358
                                                            0x73da235c
                                                            0x73da235e
                                                            0x73da235e
                                                            0x73da2361
                                                            0x73da2361
                                                            0x73da2369
                                                            0x73da236c
                                                            0x73da2373
                                                            0x73da2377
                                                            0x73da2446
                                                            0x73da2447
                                                            0x73da2452
                                                            0x73da247d
                                                            0x73da247d
                                                            0x73da2462
                                                            0x73da246e
                                                            0x73da2464
                                                            0x73da2464
                                                            0x73da2464
                                                            0x00000000
                                                            0x73da237d
                                                            0x73da237d
                                                            0x00000000
                                                            0x73da2384
                                                            0x00000000
                                                            0x00000000
                                                            0x73da238d
                                                            0x00000000
                                                            0x00000000
                                                            0x73da239b
                                                            0x73da239e
                                                            0x00000000
                                                            0x00000000
                                                            0x73da23a7
                                                            0x73da23ac
                                                            0x73da23af
                                                            0x73da23b0
                                                            0x00000000
                                                            0x00000000
                                                            0x73da23bd
                                                            0x73da23c8
                                                            0x73da23d7
                                                            0x73da23e2
                                                            0x73da2405
                                                            0x73da2408
                                                            0x73da23e4
                                                            0x73da23e8
                                                            0x73da23ee
                                                            0x73da23ef
                                                            0x73da23f2
                                                            0x73da23f3
                                                            0x73da23f6
                                                            0x73da23fd
                                                            0x73da23fd
                                                            0x00000000
                                                            0x00000000
                                                            0x73da2410
                                                            0x73da2413
                                                            0x73da241f
                                                            0x73da2421
                                                            0x00000000
                                                            0x00000000
                                                            0x73da2424
                                                            0x73da2427
                                                            0x73da2428
                                                            0x73da242f
                                                            0x73da2436
                                                            0x73da2439
                                                            0x73da243b
                                                            0x73da243e
                                                            0x00000000
                                                            0x00000000
                                                            0x73da237d
                                                            0x73da2377
                                                            0x73da234d
                                                            0x73da2352
                                                            0x00000000
                                                            0x73da2352

                                                            APIs
                                                            • GlobalFree.KERNEL32 ref: 73DA2447
                                                              • Part of subcall function 73DA1224: lstrcpynA.KERNEL32(00000000,?,73DA12CF,-73DA404B,73DA11AB,-000000A0), ref: 73DA1234
                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 73DA23C2
                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 73DA23D7
                                                            • GlobalAlloc.KERNEL32(00000040,00000010), ref: 73DA23E8
                                                            • CLSIDFromString.OLE32(00000000,00000000), ref: 73DA23F6
                                                            • GlobalFree.KERNEL32 ref: 73DA23FD
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.581302546.0000000073DA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 73DA0000, based on PE: true
                                                            • Associated: 00000000.00000002.581287668.0000000073DA0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000000.00000002.581318631.0000000073DA3000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000000.00000002.581338629.0000000073DA5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_73da0000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                            • String ID:
                                                            • API String ID: 3730416702-0
                                                            • Opcode ID: ddd1c05c11bc4dbdb26796b04229c59234f9bb880285ef5c26a3d7b0f2aa3526
                                                            • Instruction ID: 9257864e590648181040bd46dd80de05fcff06fadce108b42f7130de20b526e3
                                                            • Opcode Fuzzy Hash: ddd1c05c11bc4dbdb26796b04229c59234f9bb880285ef5c26a3d7b0f2aa3526
                                                            • Instruction Fuzzy Hash: 2B41AF72908308DFE3119F6A8A44B2AB7F9FB41711F10481EE58AF6190EBB4DD54CB66
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004027A3 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 37%
                                                            			E004027A3(void* __ebx, void* __eflags) {
				void* _t26;
				long _t31;
				void* _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0xc)) = 0xfffffd66;
				_t50 = E00402B2C(0xfffffff0);
				 *(_t56 - 0x4c) = _t23;
				if(E00405A15(_t50) == 0) {
					E00402B2C(0xffffffed);
				}
				E00405B84(_t50);
				_t26 = E00405BA9(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x42f418;
					 *(_t56 - 0x1c) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E00403223(_t45);
						E0040320D(_t49,  *(_t56 - 0x1c));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x2c));
						 *(_t56 - 0x10) = _t54;
						if(_t54 != _t45) {
							_push( *(_t56 - 0x2c));
							_push(_t54);
							_push(_t45);
							_push( *((intOrPtr*)(_t56 - 0x30)));
							E00402FFB();
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x48) =  *_t54;
								E00405B64( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x48);
							}
							GlobalFree( *(_t56 - 0x10));
						}
						E00405C50( *(_t56 + 8), _t49,  *(_t56 - 0x1c));
						GlobalFree(_t49);
						_push(_t45);
						_push(_t45);
						_push( *(_t56 + 8));
						_push(0xffffffff);
						 *((intOrPtr*)(_t56 - 0xc)) = E00402FFB();
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0xc)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileA( *(_t56 - 0x4c));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











                                                            0x004027a3
                                                            0x004027a5
                                                            0x004027b1
                                                            0x004027b4
                                                            0x004027be
                                                            0x004027c2
                                                            0x004027c2
                                                            0x004027c8
                                                            0x004027d5
                                                            0x004027dd
                                                            0x004027e0
                                                            0x004027e6
                                                            0x004027f4
                                                            0x004027f9
                                                            0x004027fd
                                                            0x00402800
                                                            0x00402809
                                                            0x00402815
                                                            0x00402819
                                                            0x0040281c
                                                            0x0040281e
                                                            0x00402821
                                                            0x00402822
                                                            0x00402823
                                                            0x00402826
                                                            0x00402845
                                                            0x0040282d
                                                            0x00402832
                                                            0x0040283a
                                                            0x0040283d
                                                            0x00402842
                                                            0x00402842
                                                            0x0040284c
                                                            0x0040284c
                                                            0x00402859
                                                            0x0040285f
                                                            0x00402865
                                                            0x00402866
                                                            0x00402867
                                                            0x0040286a
                                                            0x00402871
                                                            0x00402871
                                                            0x00402877
                                                            0x00402877
                                                            0x00402882
                                                            0x00402883
                                                            0x00402887
                                                            0x0040288b
                                                            0x00402891
                                                            0x00402891
                                                            0x00402898
                                                            0x004022a4
                                                            0x004029bb
                                                            0x004029c7

                                                            APIs
                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004027F7
                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402813
                                                            • GlobalFree.KERNEL32 ref: 0040284C
                                                            • GlobalFree.KERNEL32 ref: 0040285F
                                                            • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402877
                                                            • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040288B
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                            • String ID:
                                                            • API String ID: 2667972263-0
                                                            • Opcode ID: a2aa54484539e5cf0e08f909926563fd1753a777fa44bb9cc822b41f9e16e333
                                                            • Instruction ID: 78559feecc0fcc9b474bd36237e9e6194516f5e07b3510cecd676cf0fe7807ca
                                                            • Opcode Fuzzy Hash: a2aa54484539e5cf0e08f909926563fd1753a777fa44bb9cc822b41f9e16e333
                                                            • Instruction Fuzzy Hash: A4217C72C00224ABCF217FA5CD49DAE7F79EF09364B10823AF520762E1CA7959419F98
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004048E7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 77%
                                                            			E004048E7(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00406032(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00406032(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00406032(_t41, _t47, 0x42a870, 0x42a870, _a8);
				wsprintfA(_t32 + lstrlenA(0x42a870), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x42ebd8, _a4, 0x42a870);
			}



















                                                            0x004048ed
                                                            0x004048f2
                                                            0x004048fa
                                                            0x004048fb
                                                            0x00404908
                                                            0x00404910
                                                            0x00404911
                                                            0x00404913
                                                            0x00404915
                                                            0x00404917
                                                            0x0040491a
                                                            0x0040491a
                                                            0x00404921
                                                            0x00404927
                                                            0x00404927
                                                            0x0040492e
                                                            0x00404935
                                                            0x00404938
                                                            0x0040493b
                                                            0x0040493b
                                                            0x0040493f
                                                            0x0040494f
                                                            0x00404951
                                                            0x00404954
                                                            0x004048fd
                                                            0x004048fd
                                                            0x00404904
                                                            0x00404904
                                                            0x0040495c
                                                            0x00404967
                                                            0x0040497d
                                                            0x0040498d
                                                            0x004049a9

                                                            APIs
                                                            • lstrlenA.KERNEL32(Wildix Integration Service v3.9.1 Setup ,Wildix Integration Service v3.9.1 Setup ,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404802,000000DF,00000000,00000400,?), ref: 00404985
                                                            • wsprintfA.USER32 ref: 0040498D
                                                            • SetDlgItemTextA.USER32 ref: 004049A0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: ItemTextlstrlenwsprintf
                                                            • String ID: %u.%u%s%s$Wildix Integration Service v3.9.1 Setup
                                                            • API String ID: 3540041739-2834737453
                                                            • Opcode ID: 8f52a3d2b7158611b8ddfee5cd82df9920a420a3de20037d500134a76e905cd2
                                                            • Instruction ID: e3696489e73bdb8ba2be03c53b0d6a47c9a41464d55e6eab91935fd2637341d8
                                                            • Opcode Fuzzy Hash: 8f52a3d2b7158611b8ddfee5cd82df9920a420a3de20037d500134a76e905cd2
                                                            • Instruction Fuzzy Hash: 0E11E473A441286BDB10A57D9C41EAF329CDB85374F254237FA26F31D1E978CC2282A9
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73DA1837 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 97%
                                                            			E73DA1837(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				void* _v8;
				signed int _v12;
				signed int _v20;
				signed int _v24;
				char _v52;
				void _t45;
				void _t46;
				signed int _t47;
				signed int _t48;
				signed int _t57;
				signed int _t58;
				signed int _t59;
				signed int _t60;
				signed int _t61;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				signed int _t77;
				void* _t81;
				signed int _t83;
				signed int _t85;
				signed int _t87;
				signed int _t90;
				void* _t101;

				_t85 = __edx;
				 *0x73da405c = _a8;
				_t77 = 0;
				 *0x73da4060 = _a16;
				_v12 = 0;
				_v8 = E73DA123B();
				_t90 = E73DA12FE(_t42);
				_t87 = _t85;
				_t81 = E73DA123B();
				_a8 = _t81;
				_t45 =  *_t81;
				if(_t45 != 0x7e && _t45 != 0x21) {
					_a16 = E73DA123B();
					_t77 = E73DA12FE(_t74);
					_v12 = _t85;
					GlobalFree(_a16);
					_t81 = _a8;
				}
				_t46 =  *_t81;
				_t101 = _t46 - 0x2f;
				if(_t101 > 0) {
					_t47 = _t46 - 0x3c;
					__eflags = _t47;
					if(_t47 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3c;
						if( *((char*)(_t81 + 1)) != 0x3c) {
							__eflags = _t87 - _v12;
							if(__eflags > 0) {
								L56:
								_t48 = 0;
								__eflags = 0;
								L57:
								asm("cdq");
								L58:
								_t90 = _t48;
								_t87 = _t85;
								L59:
								E73DA1429(_t85, _t90, _t87,  &_v52);
								E73DA1266( &_v52);
								GlobalFree(_v8);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L49:
								__eflags = 0;
								L50:
								_t48 = 1;
								goto L57;
							}
							__eflags = _t90 - _t77;
							if(_t90 < _t77) {
								goto L49;
							}
							goto L56;
						}
						_t85 = _t87;
						_t48 = E73DA2EF0(_t90, _t77, _t85);
						goto L58;
					}
					_t57 = _t47 - 1;
					__eflags = _t57;
					if(_t57 == 0) {
						__eflags = _t90 - _t77;
						if(_t90 != _t77) {
							goto L56;
						}
						__eflags = _t87 - _v12;
						if(_t87 != _v12) {
							goto L56;
						}
						goto L49;
					}
					_t58 = _t57 - 1;
					__eflags = _t58;
					if(_t58 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3e;
						if( *((char*)(_t81 + 1)) != 0x3e) {
							__eflags = _t87 - _v12;
							if(__eflags < 0) {
								goto L56;
							}
							if(__eflags > 0) {
								goto L49;
							}
							__eflags = _t90 - _t77;
							if(_t90 <= _t77) {
								goto L56;
							}
							goto L49;
						}
						__eflags =  *((char*)(_t81 + 2)) - 0x3e;
						_t85 = _t87;
						_t59 = _t90;
						_t83 = _t77;
						if( *((char*)(_t81 + 2)) != 0x3e) {
							_t48 = E73DA2F10(_t59, _t83, _t85);
						} else {
							_t48 = E73DA2F40(_t59, _t83, _t85);
						}
						goto L58;
					}
					_t60 = _t58 - 0x20;
					__eflags = _t60;
					if(_t60 == 0) {
						_t90 = _t90 ^ _t77;
						_t87 = _t87 ^ _v12;
						goto L59;
					}
					_t61 = _t60 - 0x1e;
					__eflags = _t61;
					if(_t61 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x7c;
						if( *((char*)(_t81 + 1)) != 0x7c) {
							_t90 = _t90 | _t77;
							_t87 = _t87 | _v12;
							goto L59;
						}
						__eflags = _t90 | _t87;
						if((_t90 | _t87) != 0) {
							goto L49;
						}
						__eflags = _t77 | _v12;
						if((_t77 | _v12) != 0) {
							goto L49;
						}
						goto L56;
					}
					__eflags = _t61 == 0;
					if(_t61 == 0) {
						_t90 =  !_t90;
						_t87 =  !_t87;
					}
					goto L59;
				}
				if(_t101 == 0) {
					L21:
					__eflags = _t77 | _v12;
					if((_t77 | _v12) != 0) {
						_v24 = E73DA2D80(_t90, _t87, _t77, _v12);
						_v20 = _t85;
						_t48 = E73DA2E30(_t90, _t87, _t77, _v12);
						_t81 = _a8;
					} else {
						_v24 = _v24 & 0x00000000;
						_v20 = _v20 & 0x00000000;
						_t48 = _t90;
						_t85 = _t87;
					}
					__eflags =  *_t81 - 0x2f;
					if( *_t81 != 0x2f) {
						goto L58;
					} else {
						_t90 = _v24;
						_t87 = _v20;
						goto L59;
					}
				}
				_t67 = _t46 - 0x21;
				if(_t67 == 0) {
					_t48 = 0;
					__eflags = _t90 | _t87;
					if((_t90 | _t87) != 0) {
						goto L57;
					}
					goto L50;
				}
				_t68 = _t67 - 4;
				if(_t68 == 0) {
					goto L21;
				}
				_t69 = _t68 - 1;
				if(_t69 == 0) {
					__eflags =  *((char*)(_t81 + 1)) - 0x26;
					if( *((char*)(_t81 + 1)) != 0x26) {
						_t90 = _t90 & _t77;
						_t87 = _t87 & _v12;
						goto L59;
					}
					__eflags = _t90 | _t87;
					if((_t90 | _t87) == 0) {
						goto L56;
					}
					__eflags = _t77 | _v12;
					if((_t77 | _v12) == 0) {
						goto L56;
					}
					goto L49;
				}
				_t70 = _t69 - 4;
				if(_t70 == 0) {
					_t48 = E73DA2D40(_t90, _t87, _t77, _v12);
					goto L58;
				} else {
					_t71 = _t70 - 1;
					if(_t71 == 0) {
						_t90 = _t90 + _t77;
						asm("adc edi, [ebp-0x8]");
					} else {
						if(_t71 == 0) {
							_t90 = _t90 - _t77;
							asm("sbb edi, [ebp-0x8]");
						}
					}
					goto L59;
				}
			}





























                                                            0x73da1837
                                                            0x73da1841
                                                            0x73da184a
                                                            0x73da184d
                                                            0x73da1852
                                                            0x73da185b
                                                            0x73da1864
                                                            0x73da1866
                                                            0x73da186d
                                                            0x73da186f
                                                            0x73da1872
                                                            0x73da1876
                                                            0x73da1882
                                                            0x73da188b
                                                            0x73da1890
                                                            0x73da1893
                                                            0x73da1899
                                                            0x73da1899
                                                            0x73da189c
                                                            0x73da189f
                                                            0x73da18a2
                                                            0x73da1968
                                                            0x73da1968
                                                            0x73da196b
                                                            0x73da19e5
                                                            0x73da19e9
                                                            0x73da19f8
                                                            0x73da19fb
                                                            0x73da1a03
                                                            0x73da1a03
                                                            0x73da1a03
                                                            0x73da1a05
                                                            0x73da1a05
                                                            0x73da1a06
                                                            0x73da1a06
                                                            0x73da1a08
                                                            0x73da1a0a
                                                            0x73da1a10
                                                            0x73da1a19
                                                            0x73da1a2a
                                                            0x73da1a35
                                                            0x73da1a35
                                                            0x73da19fd
                                                            0x73da19e0
                                                            0x73da19e0
                                                            0x73da19e2
                                                            0x73da19e2
                                                            0x00000000
                                                            0x73da19e2
                                                            0x73da19ff
                                                            0x73da1a01
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1a01
                                                            0x73da19ed
                                                            0x73da19f1
                                                            0x00000000
                                                            0x73da19f1
                                                            0x73da196d
                                                            0x73da196d
                                                            0x73da196e
                                                            0x73da19d7
                                                            0x73da19d9
                                                            0x00000000
                                                            0x00000000
                                                            0x73da19db
                                                            0x73da19de
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73da19de
                                                            0x73da1970
                                                            0x73da1970
                                                            0x73da1971
                                                            0x73da19aa
                                                            0x73da19ae
                                                            0x73da19ca
                                                            0x73da19cd
                                                            0x00000000
                                                            0x00000000
                                                            0x73da19cf
                                                            0x00000000
                                                            0x00000000
                                                            0x73da19d1
                                                            0x73da19d3
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73da19d5
                                                            0x73da19b0
                                                            0x73da19b4
                                                            0x73da19b6
                                                            0x73da19b8
                                                            0x73da19ba
                                                            0x73da19c3
                                                            0x73da19bc
                                                            0x73da19bc
                                                            0x73da19bc
                                                            0x00000000
                                                            0x73da19ba
                                                            0x73da1973
                                                            0x73da1973
                                                            0x73da1976
                                                            0x73da19a3
                                                            0x73da19a5
                                                            0x00000000
                                                            0x73da19a5
                                                            0x73da1978
                                                            0x73da1978
                                                            0x73da197b
                                                            0x73da198b
                                                            0x73da198f
                                                            0x73da199c
                                                            0x73da199e
                                                            0x00000000
                                                            0x73da199e
                                                            0x73da1991
                                                            0x73da1993
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1995
                                                            0x73da1998
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73da199a
                                                            0x73da197e
                                                            0x73da197f
                                                            0x73da1985
                                                            0x73da1987
                                                            0x73da1987
                                                            0x00000000
                                                            0x73da197f
                                                            0x73da18a8
                                                            0x73da1920
                                                            0x73da1922
                                                            0x73da1925
                                                            0x73da1943
                                                            0x73da1946
                                                            0x73da194c
                                                            0x73da1951
                                                            0x73da1927
                                                            0x73da1927
                                                            0x73da192b
                                                            0x73da192f
                                                            0x73da1931
                                                            0x73da1931
                                                            0x73da1954
                                                            0x73da1957
                                                            0x00000000
                                                            0x73da195d
                                                            0x73da195d
                                                            0x73da1960
                                                            0x00000000
                                                            0x73da1960
                                                            0x73da1957
                                                            0x73da18aa
                                                            0x73da18ad
                                                            0x73da1911
                                                            0x73da1913
                                                            0x73da1915
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73da191b
                                                            0x73da18af
                                                            0x73da18b2
                                                            0x00000000
                                                            0x00000000
                                                            0x73da18b4
                                                            0x73da18b5
                                                            0x73da18eb
                                                            0x73da18ef
                                                            0x73da1907
                                                            0x73da1909
                                                            0x00000000
                                                            0x73da1909
                                                            0x73da18f1
                                                            0x73da18f3
                                                            0x00000000
                                                            0x00000000
                                                            0x73da18f9
                                                            0x73da18fc
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1902
                                                            0x73da18b7
                                                            0x73da18ba
                                                            0x73da18e1
                                                            0x00000000
                                                            0x73da18bc
                                                            0x73da18bc
                                                            0x73da18bd
                                                            0x73da18d1
                                                            0x73da18d3
                                                            0x73da18bf
                                                            0x73da18c1
                                                            0x73da18c7
                                                            0x73da18c9
                                                            0x73da18c9
                                                            0x73da18c1
                                                            0x00000000
                                                            0x73da18bd

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.581302546.0000000073DA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 73DA0000, based on PE: true
                                                            • Associated: 00000000.00000002.581287668.0000000073DA0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000000.00000002.581318631.0000000073DA3000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000000.00000002.581338629.0000000073DA5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_73da0000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: FreeGlobal
                                                            • String ID:
                                                            • API String ID: 2979337801-0
                                                            • Opcode ID: c5befaff17e65242d55a0a47d9e13b70a757ca911e9ce3e65085a9617e662ee6
                                                            • Instruction ID: cfbc9a910db6873248b54fb31367e886e236c5e92081abdb912a96e0eebe8546
                                                            • Opcode Fuzzy Hash: c5befaff17e65242d55a0a47d9e13b70a757ca911e9ce3e65085a9617e662ee6
                                                            • Instruction Fuzzy Hash: C65108B2D0825AAFEB028FBCC7447ADBBBABB44665F0C005AD457B3184C7359E42C761
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004059A8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004059A8(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x40a014);
				}
				return _t7;
			}




                                                            0x004059a9
                                                            0x004059c0
                                                            0x004059c8
                                                            0x004059c8
                                                            0x004059d0

                                                            APIs
                                                            • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403258,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004059AE
                                                            • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403258,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004059B7
                                                            • lstrcatA.KERNEL32(?,0040A014,?,00000006,00000008,0000000A), ref: 004059C8
                                                            Strings
                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 004059A8
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: CharPrevlstrcatlstrlen
                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                            • API String ID: 2659869361-3081826266
                                                            • Opcode ID: dfed55a16eab86d89f3af7970decdd3a6c9dbbcd65d2cf450bad9cf681275afb
                                                            • Instruction ID: 62df29c05e3eff7e61c48a1ee3c1863d20e1198667f6a1bd608fcc747cda2104
                                                            • Opcode Fuzzy Hash: dfed55a16eab86d89f3af7970decdd3a6c9dbbcd65d2cf450bad9cf681275afb
                                                            • Instruction Fuzzy Hash: 90D0A9B2211A30BAE20266259E09ECF2E088F06310B060037F200B21A1CA3D0D1287FE
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405A41 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00405A41(CHAR* _a4) {
				CHAR* _t5;
				char* _t7;
				CHAR* _t9;
				char _t10;
				CHAR* _t11;
				void* _t13;

				_t11 = _a4;
				_t9 = CharNextA(_t11);
				_t5 = CharNextA(_t9);
				_t10 =  *_t11;
				if(_t10 == 0 ||  *_t9 != 0x3a || _t9[1] != 0x5c) {
					if(_t10 != 0x5c || _t11[1] != _t10) {
						L10:
						return 0;
					} else {
						_t13 = 2;
						while(1) {
							_t13 = _t13 - 1;
							_t7 = E004059D3(_t5, 0x5c);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 1;
							if(_t13 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextA(_t5);
				}
			}









                                                            0x00405a4a
                                                            0x00405a51
                                                            0x00405a54
                                                            0x00405a56
                                                            0x00405a5a
                                                            0x00405a6f
                                                            0x00405a8e
                                                            0x00000000
                                                            0x00405a76
                                                            0x00405a78
                                                            0x00405a79
                                                            0x00405a7c
                                                            0x00405a7d
                                                            0x00405a85
                                                            0x00000000
                                                            0x00000000
                                                            0x00405a87
                                                            0x00405a8a
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405a8a
                                                            0x00000000
                                                            0x00405a79
                                                            0x00405a67
                                                            0x00000000
                                                            0x00405a68

                                                            APIs
                                                            • CharNextA.USER32(?,?,C:\,?,00405AAD,C:\,C:\,7476FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,7476FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A4F
                                                            • CharNextA.USER32(00000000), ref: 00405A54
                                                            • CharNextA.USER32(00000000), ref: 00405A68
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: CharNext
                                                            • String ID: C:\
                                                            • API String ID: 3213498283-3404278061
                                                            • Opcode ID: b0e8f5e89ebadb76a027bec09a8a2b8523dc58ec169e45d2c78276560c1d622b
                                                            • Instruction ID: 984e8433726efb403dd44e64a223cc5f2fc3fa985c42d0e1b55ccc4b068145f6
                                                            • Opcode Fuzzy Hash: b0e8f5e89ebadb76a027bec09a8a2b8523dc58ec169e45d2c78276560c1d622b
                                                            • Instruction Fuzzy Hash: F9F06251B04F656AFB2292744C94B7B5B8CCB55361F184667D980662C282784C418FAA
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402D60 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00402D60(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x429428; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x42f410;
						if(_t2 >  *0x42f410) {
							_t3 = CreateDialogParamA( *0x42f400, 0x6f, 0, E00402CDD, 0);
							 *0x429428 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E004063E4(0);
					}
				} else {
					_t6 =  *0x429428; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x429428 = 0;
					return _t6;
				}
			}






                                                            0x00402d67
                                                            0x00402d81
                                                            0x00402d87
                                                            0x00402d91
                                                            0x00402d97
                                                            0x00402d9d
                                                            0x00402dae
                                                            0x00402db7
                                                            0x00000000
                                                            0x00402dbc
                                                            0x00402dc3
                                                            0x00402d89
                                                            0x00402d90
                                                            0x00402d90
                                                            0x00402d69
                                                            0x00402d69
                                                            0x00402d70
                                                            0x00402d73
                                                            0x00402d73
                                                            0x00402d79
                                                            0x00402d80
                                                            0x00402d80

                                                            APIs
                                                            • DestroyWindow.USER32(00000000,00000000,00402F3E,00000001), ref: 00402D73
                                                            • GetTickCount.KERNEL32 ref: 00402D91
                                                            • CreateDialogParamA.USER32(0000006F,00000000,00402CDD,00000000), ref: 00402DAE
                                                            • ShowWindow.USER32(00000000,00000005), ref: 00402DBC
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                            • String ID:
                                                            • API String ID: 2102729457-0
                                                            • Opcode ID: 92830607251259d7b21fa7f6a4b037c479e5f1f9739c9a057c3e932900ba9aab
                                                            • Instruction ID: 761b86bf19c83071f88326f4280a43ff42c19d235faedd25f12e3078a496723d
                                                            • Opcode Fuzzy Hash: 92830607251259d7b21fa7f6a4b037c479e5f1f9739c9a057c3e932900ba9aab
                                                            • Instruction Fuzzy Hash: 62F0F431A05621ABC6217B64BE4C9DF7A64BB04B11B51047AF545B22E4DB744C878BAC
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004050AB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 91%
                                                            			E004050AB(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t11;
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					__eflags = _t15 - 0x200;
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						__eflags = _t15 - 0x419;
						if(_t15 == 0x419) {
							__eflags =  *0x42a85c - _t16; // 0x0
							if(__eflags != 0) {
								_push(_t16);
								_push(6);
								 *0x42a85c = _t16;
								E00404A71();
							}
						}
						L11:
						return CallWindowProcA( *0x42a864, _a4, _t15, _a12, _t16);
					}
					_t11 = IsWindowVisible(_a4);
					__eflags = _t11;
					if(_t11 == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E004049F1(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 == 0x20) {
					E004040EA(0x413);
					return 0;
				}
				goto L10;
			}






                                                            0x004050af
                                                            0x004050b9
                                                            0x004050cf
                                                            0x004050d5
                                                            0x004050f7
                                                            0x004050fa
                                                            0x004050fa
                                                            0x00405100
                                                            0x00405102
                                                            0x00405108
                                                            0x0040510a
                                                            0x0040510b
                                                            0x0040510d
                                                            0x00405113
                                                            0x00405113
                                                            0x00405108
                                                            0x0040511d
                                                            0x00000000
                                                            0x0040512b
                                                            0x004050da
                                                            0x004050e0
                                                            0x004050e2
                                                            0x0040511a
                                                            0x0040511a
                                                            0x00000000
                                                            0x0040511a
                                                            0x004050ee
                                                            0x004050f0
                                                            0x00000000
                                                            0x004050f0
                                                            0x004050bf
                                                            0x004050c6
                                                            0x00000000
                                                            0x004050cb
                                                            0x00000000

                                                            APIs
                                                            • IsWindowVisible.USER32(?), ref: 004050DA
                                                            • CallWindowProcA.USER32 ref: 0040512B
                                                              • Part of subcall function 004040EA: SendMessageA.USER32(000103A6,00000000,00000000,00000000), ref: 004040FC
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Window$CallMessageProcSendVisible
                                                            • String ID:
                                                            • API String ID: 3748168415-3916222277
                                                            • Opcode ID: e888eab98be9719f5677808cf14d784dfa63dd3181dd39c0deeb7150e6d77b2f
                                                            • Instruction ID: 77e6a5b3f6bfc6627eb61d09ca0671ae0e6a579f7b3ef645513b94fc1d41cd39
                                                            • Opcode Fuzzy Hash: e888eab98be9719f5677808cf14d784dfa63dd3181dd39c0deeb7150e6d77b2f
                                                            • Instruction Fuzzy Hash: FD017171600648ABDF206F11DD81A5B3B65EB84750F144036FA417A1D2D73A8C629F6E
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00403798 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00403798() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x429834; // 0x5d4e88
				_t3 = E0040377D(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x429834 =  *0x429834 & 0x00000000;
				return _t3;
			}







                                                            0x00403799
                                                            0x004037a1
                                                            0x004037a8
                                                            0x004037ab
                                                            0x004037ab
                                                            0x004037ad
                                                            0x004037b2
                                                            0x004037b9
                                                            0x004037bf
                                                            0x004037c3
                                                            0x004037c4
                                                            0x004037cc

                                                            APIs
                                                            • FreeLibrary.KERNEL32(?,7476FA90,00000000,C:\Users\user\AppData\Local\Temp\,00403770,0040358A,?,?,00000006,00000008,0000000A), ref: 004037B2
                                                            • GlobalFree.KERNEL32 ref: 004037B9
                                                            Strings
                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00403798
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Free$GlobalLibrary
                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                            • API String ID: 1100898210-3081826266
                                                            • Opcode ID: 248c780681ff10c09d9810c58c710ba8abcca500869ff380da07a7f320702544
                                                            • Instruction ID: 06ba742c3ad1fb67bc09d12af4c86e1058789e05b1a36190638fabe2eea0851a
                                                            • Opcode Fuzzy Hash: 248c780681ff10c09d9810c58c710ba8abcca500869ff380da07a7f320702544
                                                            • Instruction Fuzzy Hash: EAE0C27352212097C7312F15EE04B1AB7A86F86F22F09403AE8407B2A087741C438BCC
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004059EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004059EF(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                            0x004059f0
                                                            0x004059fa
                                                            0x004059fc
                                                            0x00405a03
                                                            0x00405a0b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405a0b
                                                            0x00405a0d
                                                            0x00405a12

                                                            APIs
                                                            • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402E30,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SetupWIService.exe,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 004059F5
                                                            • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402E30,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SetupWIService.exe,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405A03
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: CharPrevlstrlen
                                                            • String ID: C:\Users\user\Desktop
                                                            • API String ID: 2709904686-224404859
                                                            • Opcode ID: 4402843b33e5109e67992b99d0281bb7e81fac819ebae0ac34b6d7d52c4d849b
                                                            • Instruction ID: 7185998fb8cc4c4ccda179d560b4c8302004e2739ffdff7e1043df3a51136750
                                                            • Opcode Fuzzy Hash: 4402843b33e5109e67992b99d0281bb7e81fac819ebae0ac34b6d7d52c4d849b
                                                            • Instruction Fuzzy Hash: E6D0C7B3519DB06EE30392549D04B9F6A48DF16710F094566E181A6195C6784D424BED
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 73DA10E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E73DA10E0(void* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char* _t17;
				char _t19;
				void* _t20;
				void* _t24;
				void* _t27;
				void* _t31;
				void* _t37;
				void* _t39;
				void* _t40;
				signed int _t43;
				void* _t52;
				char* _t53;
				char* _t55;
				void* _t56;
				void* _t58;

				 *0x73da405c = _a8;
				 *0x73da4060 = _a16;
				 *0x73da4064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x73da4038, E73DA1556, _t52);
				_t43 =  *0x73da405c +  *0x73da405c * 4 << 2;
				_t17 = E73DA123B();
				_a8 = _t17;
				_t53 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_a8);
				} else {
					do {
						_t19 =  *_t53;
						_t55 = _t53 + 1;
						_t58 = _t19 - 0x6c;
						if(_t58 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t53 = _t55 + 1;
								_t24 = E73DA1266(E73DA12AD( *_t55 - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t27 = _t20;
							if(_t27 == 0) {
								L10:
								_t53 = _t55 + 1;
								_t24 = E73DA12D1( *_t55 - 0x30, E73DA123B());
								goto L13;
							}
							L7:
							if(_t27 == 1) {
								_t31 = GlobalAlloc(0x40, _t43 + 4);
								 *_t31 =  *0x73da4030;
								 *0x73da4030 = _t31;
								E73DA1508(_t31 + 4,  *0x73da4064, _t43);
								_t56 = _t56 + 0xc;
							}
							goto L14;
						}
						if(_t58 == 0) {
							L17:
							_t34 =  *0x73da4030;
							if( *0x73da4030 != 0) {
								E73DA1508( *0x73da4064, _t34 + 4, _t43);
								_t37 =  *0x73da4030;
								_t56 = _t56 + 0xc;
								GlobalFree(_t37);
								 *0x73da4030 =  *_t37;
							}
							goto L14;
						}
						_t39 = _t19 - 0x4c;
						if(_t39 == 0) {
							goto L17;
						}
						_t40 = _t39 - 4;
						if(_t40 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L12;
						}
						_t27 = _t40;
						if(_t27 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t53 != 0);
					goto L16;
				}
			}


















                                                            0x73da10e7
                                                            0x73da10ef
                                                            0x73da1103
                                                            0x73da110b
                                                            0x73da1116
                                                            0x73da1119
                                                            0x73da1121
                                                            0x73da1124
                                                            0x73da1126
                                                            0x73da11c4
                                                            0x73da11d0
                                                            0x73da112c
                                                            0x73da112d
                                                            0x73da112d
                                                            0x73da1130
                                                            0x73da1131
                                                            0x73da1134
                                                            0x73da1203
                                                            0x73da1206
                                                            0x73da119e
                                                            0x73da11a4
                                                            0x73da11ac
                                                            0x73da11b1
                                                            0x73da11b4
                                                            0x00000000
                                                            0x73da11b4
                                                            0x73da1209
                                                            0x73da120a
                                                            0x73da1186
                                                            0x73da118c
                                                            0x73da1194
                                                            0x00000000
                                                            0x73da1194
                                                            0x73da1152
                                                            0x73da1153
                                                            0x73da115b
                                                            0x73da1168
                                                            0x73da1170
                                                            0x73da1179
                                                            0x73da117e
                                                            0x73da117e
                                                            0x00000000
                                                            0x73da1153
                                                            0x73da113a
                                                            0x73da11d1
                                                            0x73da11d1
                                                            0x73da11d8
                                                            0x73da11e5
                                                            0x73da11ea
                                                            0x73da11ef
                                                            0x73da11f5
                                                            0x73da11fb
                                                            0x73da11fb
                                                            0x00000000
                                                            0x73da11d8
                                                            0x73da1140
                                                            0x73da1143
                                                            0x00000000
                                                            0x00000000
                                                            0x73da1149
                                                            0x73da114c
                                                            0x73da119b
                                                            0x00000000
                                                            0x73da119b
                                                            0x73da114f
                                                            0x73da1150
                                                            0x73da1183
                                                            0x00000000
                                                            0x73da1183
                                                            0x00000000
                                                            0x73da11ba
                                                            0x73da11ba
                                                            0x00000000
                                                            0x73da11c3

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.581302546.0000000073DA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 73DA0000, based on PE: true
                                                            • Associated: 00000000.00000002.581287668.0000000073DA0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000000.00000002.581318631.0000000073DA3000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000000.00000002.581338629.0000000073DA5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_73da0000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: Global$Free$Alloc
                                                            • String ID:
                                                            • API String ID: 1780285237-0
                                                            • Opcode ID: 9048623d90e1c5dd6495bdfb7a279d6bd1461714023ae29490690fd0356fd08a
                                                            • Instruction ID: c1819562407466756bcc0c0c365ad9a484384d661d6d8473f7996391f7ab6e0c
                                                            • Opcode Fuzzy Hash: 9048623d90e1c5dd6495bdfb7a279d6bd1461714023ae29490690fd0356fd08a
                                                            • Instruction Fuzzy Hash: D63126B3404210AFE711AF6EDB49B257FF9FB05260B280415E88AE6350DB38DC14EB2C
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405B0E Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00405B0E(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                            0x00405b1e
                                                            0x00405b20
                                                            0x00405b23
                                                            0x00405b4f
                                                            0x00405b28
                                                            0x00405b31
                                                            0x00405b36
                                                            0x00405b41
                                                            0x00405b44
                                                            0x00405b60
                                                            0x00405b46
                                                            0x00405b4d
                                                            0x00000000
                                                            0x00405b4d
                                                            0x00405b59
                                                            0x00405b5d
                                                            0x00405b5d
                                                            0x00405b57
                                                            0x00000000

                                                            APIs
                                                            • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B1E
                                                            • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B36
                                                            • CharNextA.USER32(00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B47
                                                            • lstrlenA.KERNEL32(00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B50
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.577991423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.577941985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578142681.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.578301632.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579361942.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579422103.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.579548659.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                            Similarity
                                                            • API ID: lstrlen$CharNextlstrcmpi
                                                            • String ID:
                                                            • API String ID: 190613189-0
                                                            • Opcode ID: dddc0b46adaff912d9c321cf48e41736a02eed0190ef2a74250491e495455120
                                                            • Instruction ID: 0197496b5d832c36441f5dd9a15c5c44ab4bce902fcb82863052ee0cfca36748
                                                            • Opcode Fuzzy Hash: dddc0b46adaff912d9c321cf48e41736a02eed0190ef2a74250491e495455120
                                                            • Instruction Fuzzy Hash: C9F0C231600418BFC7029BA5DD00D9EBBB8DF06250B2540BAE840F7210D634FE019BA8
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Execution Graph

                                                            Execution Coverage:4.7%
                                                            Dynamic/Decrypted Code Coverage:0%
                                                            Signature Coverage:0.4%
                                                            Total number of Nodes:1594
                                                            Total number of Limit Nodes:31
                                                            execution_graph 16427 7ff887d65a7c InitializeCriticalSectionAndSpinCount GetModuleHandleW 16428 7ff887d65aad GetModuleHandleW 16427->16428 16429 7ff887d65ac2 GetProcAddress GetProcAddress 16427->16429 16428->16429 16430 7ff887d65b41 16428->16430 16431 7ff887d65aff CreateEventW 16429->16431 16432 7ff887d65aea 16429->16432 16449 7ff887d66758 IsProcessorFeaturePresent 16430->16449 16431->16430 16434 7ff887d65aef 16431->16434 16432->16431 16432->16434 16441 7ff887d658b4 16434->16441 16435 7ff887d65b4b DeleteCriticalSection 16438 7ff887d65b6f 16435->16438 16439 7ff887d65b69 CloseHandle 16435->16439 16439->16438 16440 7ff887d65b28 shared_ptr 16442 7ff887d658c5 16441->16442 16447 7ff887d658f7 16441->16447 16443 7ff887d658ca __scrt_acquire_startup_lock 16442->16443 16444 7ff887d65934 16442->16444 16443->16447 16448 7ff887d658e7 _initialize_onexit_table 16443->16448 16445 7ff887d66758 9 API calls 16444->16445 16446 7ff887d6593e 16445->16446 16447->16430 16447->16440 16448->16447 16450 7ff887d6677e 16449->16450 16451 7ff887d6678c memset RtlCaptureContext RtlLookupFunctionEntry 16450->16451 16452 7ff887d667c6 RtlVirtualUnwind 16451->16452 16453 7ff887d66802 memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16451->16453 16452->16453 16454 7ff887d66886 16453->16454 16454->16435 16455 7ff887d4bf60 OutputDebugStringA 16502 7ff887d5d640 16455->16502 16457 7ff887d4c02c 16507 7ff887d606f0 16457->16507 16459 7ff887d4c001 16459->16457 16590 7ff887d49100 16459->16590 16462 7ff887d4c080 16510 7ff887d54280 16462->16510 16463 7ff887d4c07b 16609 7ff887d656e4 16463->16609 16465 7ff887d4c074 _invalid_parameter_noinfo_noreturn 16465->16463 16470 7ff887d4c11b 16553 7ff887d4e0d0 16470->16553 16472 7ff887d4c116 16473 7ff887d656e4 messages free 16472->16473 16473->16470 16474 7ff887d4c120 16476 7ff887d54280 13 API calls 16474->16476 16475 7ff887d4c10f _invalid_parameter_noinfo_noreturn 16475->16472 16477 7ff887d4c133 16476->16477 16567 7ff887d4fe00 16477->16567 16480 7ff887d4c186 16482 7ff887d4c1ae 16480->16482 16621 7ff887d65c04 EnterCriticalSection 16480->16621 16481 7ff887d4c181 16485 7ff887d656e4 messages free 16481->16485 16572 7ff887d45db0 16482->16572 16484 7ff887d4c17a _invalid_parameter_noinfo_noreturn 16484->16481 16485->16480 16490 7ff887d606f0 2 API calls 16492 7ff887d4c335 16490->16492 16493 7ff887d4c37b 16492->16493 16494 7ff887d4c376 16492->16494 16496 7ff887d4c36f _invalid_parameter_noinfo_noreturn 16492->16496 16612 7ff887d65e20 16493->16612 16497 7ff887d656e4 messages free 16494->16497 16496->16494 16497->16493 16503 7ff887d5d669 16502->16503 16504 7ff887d5d6a2 16502->16504 16626 7ff887d660f0 16503->16626 16504->16459 16508 7ff887d5d640 2 API calls 16507->16508 16509 7ff887d4c039 16508->16509 16509->16462 16509->16463 16509->16465 16511 7ff887d542ae 16510->16511 16534 7ff887d4c0b0 16510->16534 16512 7ff887d542d3 WideCharToMultiByte 16511->16512 16511->16534 16513 7ff887d54305 16512->16513 16512->16534 16514 7ff887d5449b Concurrency::cancel_current_task 16513->16514 16516 7ff887d5432f 16513->16516 16517 7ff887d54359 16513->16517 16637 7ff887d53980 ?_Xlength_error@std@@YAXPEBD 16514->16637 16516->16514 16518 7ff887d5433d 16516->16518 16520 7ff887d656a8 std::_Facet_Register 3 API calls 16517->16520 16630 7ff887d656a8 16518->16630 16522 7ff887d54342 16520->16522 16523 7ff887d54364 memset 16522->16523 16524 7ff887d54461 _invalid_parameter_noinfo_noreturn 16522->16524 16525 7ff887d54389 16523->16525 16524->16534 16526 7ff887d543a4 WideCharToMultiByte 16525->16526 16527 7ff887d54401 16525->16527 16526->16527 16528 7ff887d543d0 16526->16528 16530 7ff887d49100 7 API calls 16527->16530 16528->16527 16529 7ff887d543d4 WideCharToMultiByte 16528->16529 16529->16527 16531 7ff887d5442a 16530->16531 16531->16524 16532 7ff887d54451 16531->16532 16531->16534 16533 7ff887d656e4 messages free 16532->16533 16533->16534 16535 7ff887d45600 16534->16535 16536 7ff887d4564c 16535->16536 16644 7ff887d449b0 16536->16644 16539 7ff887d49100 7 API calls 16540 7ff887d456fe 16539->16540 16657 7ff887d5e5b0 16540->16657 16543 7ff887d45757 16544 7ff887d4579e 16543->16544 16548 7ff887d45799 16543->16548 16550 7ff887d45792 _invalid_parameter_noinfo_noreturn 16543->16550 16549 7ff887d65e20 _Receive_impl 8 API calls 16544->16549 16545 7ff887d45752 16547 7ff887d656e4 messages free 16545->16547 16546 7ff887d4574b _invalid_parameter_noinfo_noreturn 16546->16545 16547->16543 16551 7ff887d656e4 messages free 16548->16551 16552 7ff887d457af 16549->16552 16550->16548 16551->16544 16552->16470 16552->16472 16552->16475 16554 7ff887d4e0f9 16553->16554 16555 7ff887d4e133 16553->16555 16554->16474 16556 7ff887d65c04 shared_ptr 5 API calls 16555->16556 16557 7ff887d4e13f 16556->16557 16557->16554 16558 7ff887d4e148 16557->16558 16559 7ff887d656a8 std::_Facet_Register 3 API calls 16558->16559 16560 7ff887d4e152 16559->16560 16561 7ff887d656a8 std::_Facet_Register 3 API calls 16560->16561 16563 7ff887d4e106 shared_ptr 16560->16563 16562 7ff887d4e1a8 _Mtx_init_in_situ 16561->16562 18248 7ff887d4fe60 16562->18248 16565 7ff887d65ba4 shared_ptr 4 API calls 16563->16565 16566 7ff887d4e126 16565->16566 16566->16474 16568 7ff887d45600 291 API calls 16567->16568 16569 7ff887d4fe33 16568->16569 16570 7ff887d4c13f 16569->16570 16571 7ff887d49100 7 API calls 16569->16571 16570->16480 16570->16481 16570->16484 16571->16570 16573 7ff887d45e30 16572->16573 16573->16573 16574 7ff887d449b0 31 API calls 16573->16574 16575 7ff887d45e56 16574->16575 16576 7ff887d49100 7 API calls 16575->16576 16577 7ff887d45e8e 16576->16577 16578 7ff887d5e5b0 291 API calls 16577->16578 16579 7ff887d45ea6 16578->16579 16580 7ff887d45ee5 16579->16580 16582 7ff887d45ede _invalid_parameter_noinfo_noreturn 16579->16582 16585 7ff887d45eea 16579->16585 16583 7ff887d656e4 messages free 16580->16583 16581 7ff887d65e20 _Receive_impl 8 API calls 16587 7ff887d45f42 16581->16587 16582->16580 16583->16585 16584 7ff887d45f2c 16586 7ff887d656e4 messages free 16584->16586 16585->16584 16588 7ff887d45f25 _invalid_parameter_noinfo_noreturn 16585->16588 16589 7ff887d45f31 16585->16589 16586->16589 16587->16490 16588->16584 16589->16581 16591 7ff887d49124 memmove 16590->16591 16595 7ff887d49145 16590->16595 16593 7ff887d4922c 16591->16593 16593->16457 16594 7ff887d491a1 16599 7ff887d656a8 std::_Facet_Register 3 API calls 16594->16599 16595->16594 16596 7ff887d49251 Concurrency::cancel_current_task 16595->16596 16597 7ff887d491c9 16595->16597 16598 7ff887d49194 16595->16598 16600 7ff887d491ce 16597->16600 16601 7ff887d491db 16597->16601 16598->16594 16598->16596 16605 7ff887d491b2 16599->16605 16602 7ff887d656a8 std::_Facet_Register 3 API calls 16600->16602 16603 7ff887d491de memmove 16601->16603 16602->16605 16603->16593 16606 7ff887d491ff 16603->16606 16604 7ff887d4924a _invalid_parameter_noinfo_noreturn 16604->16596 16605->16603 16605->16604 16606->16604 16607 7ff887d49224 16606->16607 16608 7ff887d656e4 messages free 16607->16608 16608->16593 16609->16462 16610 7ff887d66590 free 16609->16610 16610->16462 16613 7ff887d65e29 16612->16613 16614 7ff887d4c3e7 16613->16614 16615 7ff887d65f04 IsProcessorFeaturePresent 16613->16615 16616 7ff887d65f1c 16615->16616 18277 7ff887d65fd8 RtlCaptureContext 16616->18277 16622 7ff887d65c1a 16621->16622 16623 7ff887d65c1f LeaveCriticalSection 16622->16623 18282 7ff887d65cb0 16622->18282 16627 7ff887d66134 16626->16627 16629 7ff887d5d695 16626->16629 16628 7ff887d66139 malloc free 16627->16628 16627->16629 16628->16629 16629->16459 16631 7ff887d656c2 malloc 16630->16631 16632 7ff887d656cc 16631->16632 16633 7ff887d656b3 16631->16633 16632->16522 16633->16631 16634 7ff887d656d2 16633->16634 16635 7ff887d656dd Concurrency::cancel_current_task 16634->16635 16638 7ff887d66570 16634->16638 16643 7ff887d66550 16638->16643 16640 7ff887d6657e _CxxThrowException 16641 7ff887d66590 free 16640->16641 16641->16635 16643->16640 16662 7ff887d43fd0 16644->16662 16647 7ff887d656e4 messages free 16648 7ff887d44a5e 16647->16648 16649 7ff887d49100 7 API calls 16648->16649 16650 7ff887d44a80 16649->16650 16651 7ff887d44ac3 16650->16651 16653 7ff887d44abe 16650->16653 16656 7ff887d44ab7 _invalid_parameter_noinfo_noreturn 16650->16656 16652 7ff887d65e20 _Receive_impl 8 API calls 16651->16652 16655 7ff887d44ad5 16652->16655 16654 7ff887d656e4 messages free 16653->16654 16654->16651 16655->16539 16656->16653 16823 7ff887d5d5c0 16657->16823 16661 7ff887d45716 16661->16543 16661->16545 16661->16546 16663 7ff887d445ce 16662->16663 16680 7ff887d44012 16662->16680 16664 7ff887d65e20 _Receive_impl 8 API calls 16663->16664 16665 7ff887d44614 16664->16665 16665->16647 16666 7ff887d4403c memchr 16667 7ff887d445be 16666->16667 16666->16680 16720 7ff887d48c80 16667->16720 16668 7ff887d44065 memchr 16668->16680 16669 7ff887d443c3 16729 7ff887d650c0 16669->16729 16672 7ff887d44140 memmove 16672->16680 16673 7ff887d440de memchr 16673->16680 16674 7ff887d440d3 memmove 16674->16673 16675 7ff887d42960 __std_exception_copy _CxxThrowException 16675->16680 16677 7ff887d650c0 __std_exception_copy _CxxThrowException 16677->16680 16678 7ff887d44af0 8 API calls 16678->16680 16680->16663 16680->16666 16680->16668 16680->16669 16680->16672 16680->16673 16680->16674 16680->16675 16680->16677 16680->16678 16681 7ff887d48ee0 16680->16681 16689 7ff887d43cc0 16680->16689 16682 7ff887d48f0c 16681->16682 16686 7ff887d48f4e 16681->16686 16733 7ff887d656ec 16682->16733 16683 7ff887d490aa 16687 7ff887d650c0 2 API calls 16683->16687 16688 7ff887d490c8 16683->16688 16685 7ff887d49070 memcmp 16685->16686 16686->16683 16686->16685 16687->16688 16688->16680 16690 7ff887d43cd7 16689->16690 16693 7ff887d43e9d 16689->16693 16690->16693 16740 7ff887d43510 16690->16740 16693->16680 16694 7ff887d43cfd 16696 7ff887d43d1c 16694->16696 16697 7ff887d43d01 16694->16697 16695 7ff887d43d33 16698 7ff887d49260 2 API calls 16695->16698 16700 7ff887d49260 2 API calls 16696->16700 16699 7ff887d43d0e 16697->16699 16751 7ff887d49260 16697->16751 16698->16699 16702 7ff887d43d7a 16699->16702 16704 7ff887d43dce 16699->16704 16706 7ff887d650c0 2 API calls 16699->16706 16700->16699 16703 7ff887d43db0 16702->16703 16702->16704 16707 7ff887d650c0 2 API calls 16702->16707 16703->16704 16705 7ff887d43e4a 16703->16705 16711 7ff887d43df5 16703->16711 16704->16680 16708 7ff887d43e6c 16705->16708 16713 7ff887d43e43 16705->16713 16757 7ff887d43900 16705->16757 16706->16702 16707->16703 16710 7ff887d650c0 2 API calls 16708->16710 16708->16713 16710->16713 16712 7ff887d650c0 2 API calls 16711->16712 16711->16713 16712->16713 16713->16693 16714 7ff887d43f32 16713->16714 16716 7ff887d43ed7 16713->16716 16719 7ff887d43f29 16713->16719 16714->16719 16781 7ff887d436c0 16714->16781 16715 7ff887d650c0 2 API calls 16715->16693 16717 7ff887d650c0 2 API calls 16716->16717 16716->16719 16717->16719 16719->16693 16719->16715 16721 7ff887d48c89 memchr 16720->16721 16722 7ff887d48d54 16720->16722 16723 7ff887d48d02 16721->16723 16725 7ff887d48cb7 16721->16725 16722->16663 16723->16722 16724 7ff887d48d49 memmove 16723->16724 16724->16722 16726 7ff887d48d66 16725->16726 16818 7ff887d4ba30 16725->16818 16730 7ff887d650f1 16729->16730 16822 7ff887d48980 __std_exception_copy 16730->16822 16732 7ff887d65116 _CxxThrowException 16736 7ff887d656a8 16733->16736 16734 7ff887d656c2 malloc 16735 7ff887d656cc 16734->16735 16734->16736 16735->16686 16736->16734 16737 7ff887d656d2 16736->16737 16738 7ff887d656dd Concurrency::cancel_current_task 16737->16738 16739 7ff887d66570 Concurrency::cancel_current_task 2 API calls 16737->16739 16739->16738 16741 7ff887d43537 16740->16741 16742 7ff887d435b8 16741->16742 16743 7ff887d4359f 16741->16743 16745 7ff887d435cf 16741->16745 16747 7ff887d435b6 16741->16747 16742->16745 16746 7ff887d4364c __std_exception_copy 16742->16746 16744 7ff887d650c0 2 API calls 16743->16744 16744->16747 16745->16747 16750 7ff887d650c0 2 API calls 16745->16750 16805 7ff887d48980 __std_exception_copy 16746->16805 16747->16693 16747->16694 16747->16695 16749 7ff887d436a5 _CxxThrowException 16750->16747 16752 7ff887d4928b 16751->16752 16753 7ff887d49274 16751->16753 16755 7ff887d492bc 16752->16755 16756 7ff887d650c0 2 API calls 16752->16756 16754 7ff887d650c0 2 API calls 16753->16754 16754->16752 16755->16699 16756->16755 16758 7ff887d43abd 16757->16758 16759 7ff887d43932 16757->16759 16760 7ff887d43acb 16758->16760 16762 7ff887d650c0 2 API calls 16758->16762 16759->16758 16761 7ff887d4393c 16759->16761 16765 7ff887d42960 2 API calls 16760->16765 16763 7ff887d43a1c 16761->16763 16768 7ff887d43948 16761->16768 16762->16760 16764 7ff887d43a02 16763->16764 16774 7ff887d43a36 16763->16774 16766 7ff887d650c0 2 API calls 16764->16766 16767 7ff887d439e7 16765->16767 16780 7ff887d43a17 16766->16780 16772 7ff887d42af0 2 API calls 16767->16772 16769 7ff887d650c0 2 API calls 16768->16769 16770 7ff887d4399d 16768->16770 16769->16770 16770->16764 16771 7ff887d439b2 16770->16771 16775 7ff887d439ce 16771->16775 16777 7ff887d650c0 2 API calls 16771->16777 16772->16780 16773 7ff887d48ee0 6 API calls 16776 7ff887d43a92 16773->16776 16774->16773 16806 7ff887d42960 16775->16806 16810 7ff887d42af0 16776->16810 16777->16775 16780->16708 16782 7ff887d4387e 16781->16782 16783 7ff887d436f2 16781->16783 16785 7ff887d4388c 16782->16785 16786 7ff887d650c0 2 API calls 16782->16786 16783->16782 16784 7ff887d436fc 16783->16784 16787 7ff887d437dc 16784->16787 16792 7ff887d43708 16784->16792 16788 7ff887d42960 2 API calls 16785->16788 16786->16785 16789 7ff887d437c2 16787->16789 16797 7ff887d437f6 16787->16797 16790 7ff887d437a7 16788->16790 16791 7ff887d650c0 2 API calls 16789->16791 16795 7ff887d42a20 2 API calls 16790->16795 16804 7ff887d437d7 16791->16804 16793 7ff887d4375d 16792->16793 16796 7ff887d650c0 2 API calls 16792->16796 16793->16789 16794 7ff887d43772 16793->16794 16798 7ff887d4378e 16794->16798 16800 7ff887d650c0 2 API calls 16794->16800 16795->16804 16796->16793 16799 7ff887d48ee0 6 API calls 16797->16799 16802 7ff887d42960 2 API calls 16798->16802 16801 7ff887d43852 16799->16801 16800->16798 16814 7ff887d42a20 16801->16814 16802->16790 16804->16719 16805->16749 16807 7ff887d4297c 16806->16807 16808 7ff887d42a09 16807->16808 16809 7ff887d650c0 2 API calls 16807->16809 16808->16767 16809->16808 16811 7ff887d42b04 16810->16811 16812 7ff887d650c0 2 API calls 16811->16812 16813 7ff887d42b76 16812->16813 16813->16780 16815 7ff887d42a34 16814->16815 16816 7ff887d650c0 2 API calls 16815->16816 16817 7ff887d42aa6 16816->16817 16817->16804 16819 7ff887d4ba66 16818->16819 16820 7ff887d48ce3 memchr 16819->16820 16821 7ff887d4ba81 memmove 16819->16821 16820->16723 16820->16725 16821->16820 16822->16732 16824 7ff887d5d5e9 16823->16824 16825 7ff887d5d5f6 16823->16825 16832 7ff887d5e600 16824->16832 16826 7ff887d65c04 shared_ptr 5 API calls 16825->16826 16827 7ff887d5d602 16826->16827 16827->16824 16945 7ff887d59190 16827->16945 16833 7ff887d5e658 16832->16833 16834 7ff887d5e660 16833->16834 16835 7ff887d5f013 16833->16835 16837 7ff887d5d640 2 API calls 16834->16837 16836 7ff887d5f01a strerror 16835->16836 16838 7ff887d5f060 16836->16838 16839 7ff887d5e695 16837->16839 16838->16838 16841 7ff887d49100 7 API calls 16838->16841 17577 7ff887d617c0 _localtime64 16839->17577 16842 7ff887d5f071 16841->16842 16842->16661 16844 7ff887d449b0 31 API calls 16845 7ff887d5e776 16844->16845 16846 7ff887d5e79f 16845->16846 17666 7ff887d5bd30 16845->17666 16848 7ff887d5e7dd 16846->16848 16849 7ff887d5e7f9 16846->16849 16850 7ff887d656a8 std::_Facet_Register 3 API calls 16848->16850 16852 7ff887d5e858 16849->16852 16854 7ff887d5e851 _invalid_parameter_noinfo_noreturn 16849->16854 16856 7ff887d5e85d 16849->16856 16851 7ff887d5e7e7 16850->16851 16851->16849 16855 7ff887d656e4 messages free 16852->16855 16853 7ff887d5e967 _Mtx_unlock 16858 7ff887d5efe9 16853->16858 16859 7ff887d5e982 AcquireSRWLockShared 16853->16859 16854->16852 16855->16856 16857 7ff887d5e8b1 16856->16857 16860 7ff887d5e8aa _invalid_parameter_noinfo_noreturn 16856->16860 16866 7ff887d5e8b6 16856->16866 16861 7ff887d656e4 messages free 16857->16861 16862 7ff887d65e20 _Receive_impl 8 API calls 16858->16862 16863 7ff887d699b0 60 API calls 16859->16863 16860->16857 16861->16866 16864 7ff887d5eff8 16862->16864 16865 7ff887d5e9a1 16863->16865 16864->16661 16867 7ff887d68020 3 API calls 16865->16867 16866->16853 16868 7ff887d5e9da _invalid_parameter_noinfo_noreturn 16866->16868 16869 7ff887d656e4 messages free 16866->16869 16870 7ff887d5e9ac 16867->16870 16871 7ff887d5e9bb 16868->16871 16869->16866 16872 7ff887d680e0 2 API calls 16870->16872 16873 7ff887d6a540 59 API calls 16871->16873 16872->16871 16874 7ff887d5e9f1 16873->16874 16875 7ff887d68120 3 API calls 16874->16875 16876 7ff887d5ea06 16875->16876 17585 7ff887d61260 16876->17585 16878 7ff887d5ea18 16879 7ff887d42190 9 API calls 16878->16879 16880 7ff887d5ea41 16878->16880 16879->16880 17591 7ff887d58800 16880->17591 16883 7ff887d680e0 2 API calls 16884 7ff887d5eac9 16883->16884 16885 7ff887d677f0 59 API calls 16884->16885 16886 7ff887d5eb1e 16885->16886 16887 7ff887d68120 3 API calls 16886->16887 16890 7ff887d5eb34 16887->16890 16888 7ff887d5ebaa 16889 7ff887d5ebef 16888->16889 16892 7ff887d5ebea 16888->16892 16896 7ff887d5ebe3 _invalid_parameter_noinfo_noreturn 16888->16896 16893 7ff887d5ec34 16889->16893 16898 7ff887d5ec2f 16889->16898 16901 7ff887d5ec28 _invalid_parameter_noinfo_noreturn 16889->16901 16890->16888 16891 7ff887d5eba5 16890->16891 16894 7ff887d5eb9e _invalid_parameter_noinfo_noreturn 16890->16894 16895 7ff887d656e4 messages free 16891->16895 16897 7ff887d656e4 messages free 16892->16897 16899 7ff887d5ec91 16893->16899 16900 7ff887d5ec8c 16893->16900 16903 7ff887d5ec85 _invalid_parameter_noinfo_noreturn 16893->16903 16894->16891 16895->16888 16896->16892 16897->16889 16902 7ff887d656e4 messages free 16898->16902 16905 7ff887d680e0 2 API calls 16899->16905 16904 7ff887d656e4 messages free 16900->16904 16901->16898 16902->16893 16903->16900 16904->16899 16906 7ff887d5ecdb 16905->16906 16907 7ff887d677f0 59 API calls 16906->16907 16908 7ff887d5ed11 16907->16908 16909 7ff887d68120 3 API calls 16908->16909 16910 7ff887d5ed27 16909->16910 16911 7ff887d5d640 2 API calls 16910->16911 16912 7ff887d5ed60 16911->16912 16913 7ff887d680e0 2 API calls 16912->16913 16914 7ff887d5ed6d 16913->16914 16915 7ff887d5ed95 16914->16915 16916 7ff887d4d4c0 std::bad_exception::bad_exception 6 API calls 16914->16916 16917 7ff887d677f0 59 API calls 16915->16917 16916->16915 16918 7ff887d5edc0 16917->16918 16919 7ff887d68120 3 API calls 16918->16919 16920 7ff887d5edd6 16919->16920 16921 7ff887d5ee34 16920->16921 17685 7ff887d6a9d0 16920->17685 16923 7ff887d5ee4c ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N 16921->16923 16924 7ff887d5efc7 16921->16924 17607 7ff887d5e130 ?exceptions@ios_base@std@@QEAAXH ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N 16923->17607 16927 7ff887d5efd1 16924->16927 17713 7ff887d697f0 16924->17713 17717 7ff887d5a280 16927->17717 16929 7ff887d5eee7 17608 7ff887d6dc80 16929->17608 16934 7ff887d5ef49 17632 7ff887d5d2c0 16934->17632 16936 7ff887d5d2c0 274 API calls 16936->16934 16943 7ff887d5ef9a ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 16944 7ff887d5efa7 ??_D?$basic_ostream@DU?$char_traits@D@std@@@std@ ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA 16943->16944 16944->16924 16975 7ff887d5d6b0 16945->16975 16950 7ff887d59298 16951 7ff887d59304 16950->16951 16952 7ff887d592ff 16950->16952 16954 7ff887d592f8 _invalid_parameter_noinfo_noreturn 16950->16954 16956 7ff887d59355 16951->16956 16957 7ff887d5935a 16951->16957 16961 7ff887d5934e _invalid_parameter_noinfo_noreturn 16951->16961 16955 7ff887d656e4 messages free 16952->16955 16953 7ff887d656e4 messages free 16953->16950 16954->16952 16955->16951 16962 7ff887d656e4 messages free 16956->16962 16958 7ff887d593b0 16957->16958 16959 7ff887d593ab 16957->16959 16963 7ff887d593a4 _invalid_parameter_noinfo_noreturn 16957->16963 16995 7ff887d5de70 16958->16995 16964 7ff887d656e4 messages free 16959->16964 16961->16956 16962->16957 16963->16959 16964->16958 17032 7ff887d4e1e0 16975->17032 16978 7ff887d53370 16979 7ff887d533c7 16978->16979 16980 7ff887d534b5 16978->16980 16979->16980 16981 7ff887d533e2 16979->16981 16982 7ff887d449b0 31 API calls 16980->16982 16984 7ff887d449b0 31 API calls 16981->16984 16983 7ff887d53449 16982->16983 16985 7ff887d5352a 16983->16985 16990 7ff887d53456 16983->16990 16984->16983 16986 7ff887d53491 16985->16986 16987 7ff887d53558 16985->16987 16991 7ff887d535bd _invalid_parameter_noinfo_noreturn 16985->16991 16988 7ff887d65e20 _Receive_impl 8 API calls 16986->16988 16992 7ff887d656e4 messages free 16987->16992 16994 7ff887d534a0 16988->16994 16989 7ff887d5348c 16993 7ff887d656e4 messages free 16989->16993 16990->16986 16990->16989 16990->16991 16992->16986 16993->16986 16994->16950 16994->16953 16994->16954 17185 7ff887d54570 16995->17185 16997 7ff887d5deac shared_ptr 17188 7ff887d6e1f0 16997->17188 17000 7ff887d5ded9 shared_ptr 17191 7ff887d54510 17000->17191 17001 7ff887d5df5f shared_ptr 17194 7ff887d56df0 17001->17194 17003 7ff887d5dfc6 17199 7ff887d56f10 17003->17199 17033 7ff887d4e225 17032->17033 17041 7ff887d4e20d 17032->17041 17035 7ff887d65c04 shared_ptr 5 API calls 17033->17035 17037 7ff887d4e231 17035->17037 17036 7ff887d4e21c 17036->16978 17037->17041 17042 7ff887d50020 17037->17042 17039 7ff887d4e246 shared_ptr 17040 7ff887d65ba4 shared_ptr 4 API calls 17039->17040 17040->17041 17079 7ff887d4d4c0 17041->17079 17093 7ff887d53d90 GetTempPathW 17042->17093 17047 7ff887d5013d 17117 7ff887d53b40 17047->17117 17048 7ff887d500be 17048->17047 17049 7ff887d50131 _invalid_parameter_noinfo_noreturn 17048->17049 17051 7ff887d50138 17048->17051 17049->17051 17050 7ff887d656e4 messages free 17050->17048 17052 7ff887d656e4 messages free 17051->17052 17052->17047 17055 7ff887d5017f 17057 7ff887d449b0 31 API calls 17055->17057 17056 7ff887d45600 288 API calls 17056->17055 17058 7ff887d501f2 17057->17058 17059 7ff887d53b40 18 API calls 17058->17059 17060 7ff887d50200 17059->17060 17061 7ff887d5022e 17060->17061 17062 7ff887d45600 288 API calls 17060->17062 17063 7ff887d449b0 31 API calls 17061->17063 17062->17061 17064 7ff887d502aa 17063->17064 17065 7ff887d53b40 18 API calls 17064->17065 17066 7ff887d502b8 17065->17066 17067 7ff887d502e6 17066->17067 17068 7ff887d45600 288 API calls 17066->17068 17069 7ff887d5035f 17067->17069 17070 7ff887d5035a 17067->17070 17072 7ff887d50353 _invalid_parameter_noinfo_noreturn 17067->17072 17068->17067 17071 7ff887d503bb 17069->17071 17074 7ff887d503b6 17069->17074 17076 7ff887d503af _invalid_parameter_noinfo_noreturn 17069->17076 17073 7ff887d656e4 messages free 17070->17073 17075 7ff887d65e20 _Receive_impl 8 API calls 17071->17075 17072->17070 17073->17069 17077 7ff887d656e4 messages free 17074->17077 17078 7ff887d503ce 17075->17078 17076->17074 17077->17071 17078->17039 17080 7ff887d4d4ed 17079->17080 17081 7ff887d4d4fb 17080->17081 17082 7ff887d4d55b 17080->17082 17083 7ff887d4d536 17080->17083 17084 7ff887d4d597 Concurrency::cancel_current_task 17080->17084 17081->17036 17085 7ff887d4d565 memmove 17082->17085 17086 7ff887d4d560 17082->17086 17087 7ff887d656a8 std::_Facet_Register 3 API calls 17083->17087 17089 7ff887d4d59c __std_exception_copy 17084->17089 17085->17081 17088 7ff887d656a8 std::_Facet_Register 3 API calls 17086->17088 17090 7ff887d4d53e 17087->17090 17088->17085 17089->17036 17091 7ff887d4d554 _invalid_parameter_noinfo_noreturn 17090->17091 17092 7ff887d4d546 17090->17092 17091->17082 17092->17085 17094 7ff887d53e14 17093->17094 17095 7ff887d53de4 GetLastError 17093->17095 17097 7ff887d53e3e WideCharToMultiByte 17094->17097 17098 7ff887d53ea2 17094->17098 17130 7ff887d535d0 17095->17130 17097->17098 17099 7ff887d53e6d WideCharToMultiByte 17097->17099 17100 7ff887d49100 7 API calls 17098->17100 17099->17098 17101 7ff887d53ed9 17100->17101 17102 7ff887d65e20 _Receive_impl 8 API calls 17101->17102 17103 7ff887d50059 17102->17103 17104 7ff887d53c10 17103->17104 17105 7ff887d53c5f 17104->17105 17108 7ff887d53c99 17105->17108 17148 7ff887d4cd20 17105->17148 17107 7ff887d53d24 CoTaskMemFree 17109 7ff887d53d44 17107->17109 17108->17107 17108->17108 17110 7ff887d53cc0 WideCharToMultiByte 17108->17110 17109->17109 17111 7ff887d49100 7 API calls 17109->17111 17112 7ff887d53d1f 17110->17112 17113 7ff887d53cea WideCharToMultiByte 17110->17113 17114 7ff887d53d5d 17111->17114 17112->17107 17113->17112 17115 7ff887d65e20 _Receive_impl 8 API calls 17114->17115 17116 7ff887d50078 17115->17116 17116->17048 17116->17049 17116->17050 17118 7ff887d53b5c 17117->17118 17166 7ff887d53ff0 17118->17166 17121 7ff887d53bcc GetLastError 17127 7ff887d53bdd 17121->17127 17122 7ff887d53b92 17123 7ff887d53bc7 17122->17123 17125 7ff887d53bc0 _invalid_parameter_noinfo_noreturn 17122->17125 17126 7ff887d656e4 messages free 17123->17126 17125->17123 17126->17121 17128 7ff887d65e20 _Receive_impl 8 API calls 17127->17128 17129 7ff887d50154 17128->17129 17129->17055 17129->17056 17131 7ff887d53646 17130->17131 17131->17131 17132 7ff887d449b0 31 API calls 17131->17132 17133 7ff887d5366c 17132->17133 17134 7ff887d49100 7 API calls 17133->17134 17135 7ff887d536a8 17134->17135 17136 7ff887d5e5b0 289 API calls 17135->17136 17137 7ff887d536c0 17136->17137 17138 7ff887d53704 17137->17138 17140 7ff887d536ff 17137->17140 17143 7ff887d536f8 _invalid_parameter_noinfo_noreturn 17137->17143 17139 7ff887d5374b 17138->17139 17141 7ff887d53746 17138->17141 17145 7ff887d5373f _invalid_parameter_noinfo_noreturn 17138->17145 17142 7ff887d65e20 _Receive_impl 8 API calls 17139->17142 17144 7ff887d656e4 messages free 17140->17144 17146 7ff887d656e4 messages free 17141->17146 17147 7ff887d5375c 17142->17147 17143->17140 17144->17138 17145->17141 17146->17139 17147->17094 17149 7ff887d4cd96 17148->17149 17149->17149 17150 7ff887d449b0 31 API calls 17149->17150 17151 7ff887d4cdbc 17150->17151 17152 7ff887d49100 7 API calls 17151->17152 17153 7ff887d4cdf8 17152->17153 17154 7ff887d5e5b0 289 API calls 17153->17154 17156 7ff887d4ce10 17154->17156 17155 7ff887d4ce4f 17157 7ff887d656e4 messages free 17155->17157 17156->17155 17160 7ff887d4ce48 _invalid_parameter_noinfo_noreturn 17156->17160 17161 7ff887d4ce54 17156->17161 17157->17161 17158 7ff887d4ce96 17163 7ff887d656e4 messages free 17158->17163 17159 7ff887d65e20 _Receive_impl 8 API calls 17164 7ff887d4ceac 17159->17164 17160->17155 17161->17158 17162 7ff887d4ce8f _invalid_parameter_noinfo_noreturn 17161->17162 17165 7ff887d4ce9b 17161->17165 17162->17158 17163->17165 17164->17108 17165->17159 17167 7ff887d5401d 17166->17167 17183 7ff887d53b6c CreateDirectoryW 17166->17183 17168 7ff887d54039 MultiByteToWideChar 17167->17168 17167->17183 17169 7ff887d54060 17168->17169 17168->17183 17170 7ff887d541c0 17169->17170 17171 7ff887d54081 17169->17171 17184 7ff887d53980 ?_Xlength_error@std@@YAXPEBD 17170->17184 17173 7ff887d5408e memset 17171->17173 17175 7ff887d540bb 17173->17175 17176 7ff887d540d4 MultiByteToWideChar 17175->17176 17180 7ff887d5411d 17175->17180 17177 7ff887d540f5 17176->17177 17176->17180 17178 7ff887d540f9 MultiByteToWideChar 17177->17178 17177->17180 17178->17180 17179 7ff887d5417f 17182 7ff887d656e4 messages free 17179->17182 17180->17179 17181 7ff887d54178 _invalid_parameter_noinfo_noreturn 17180->17181 17180->17183 17181->17179 17182->17183 17183->17121 17183->17122 17186 7ff887d656a8 std::_Facet_Register 3 API calls 17185->17186 17187 7ff887d54591 17186->17187 17187->16997 17189 7ff887d656a8 std::_Facet_Register 3 API calls 17188->17189 17190 7ff887d6e203 17189->17190 17190->17000 17192 7ff887d656a8 std::_Facet_Register 3 API calls 17191->17192 17193 7ff887d54531 17192->17193 17193->17001 17249 7ff887d54630 17194->17249 17196 7ff887d56e26 shared_ptr 17252 7ff887d58760 17196->17252 17198 7ff887d56e5c shared_ptr 17198->17003 17200 7ff887d56f3a 17199->17200 17201 7ff887d699b0 60 API calls 17200->17201 17202 7ff887d56f70 17201->17202 17298 7ff887d680e0 malloc 17202->17298 17208 7ff887d56fca 17209 7ff887d677f0 59 API calls 17208->17209 17210 7ff887d57047 17209->17210 17211 7ff887d656a8 std::_Facet_Register 3 API calls 17210->17211 17212 7ff887d57067 17211->17212 17345 7ff887d60120 17212->17345 17215 7ff887d570dc 17216 7ff887d656e4 messages free 17215->17216 17218 7ff887d570e1 ?setw@std@@YA?AU?$_Smanip@_J@1@_J 17216->17218 17217 7ff887d570d5 _invalid_parameter_noinfo_noreturn 17217->17215 17220 7ff887d574cc 17218->17220 17221 7ff887d677f0 59 API calls 17220->17221 17222 7ff887d5755c 17221->17222 17223 7ff887d577d1 ?setw@std@@YA?AU?$_Smanip@_J@1@_J 17222->17223 17224 7ff887d577fd 17223->17224 17225 7ff887d677f0 59 API calls 17224->17225 17226 7ff887d5788d 17225->17226 17227 7ff887d579fe ?setw@std@@YA?AU?$_Smanip@_J@1@_J 17226->17227 17228 7ff887d57a23 17227->17228 17229 7ff887d677f0 59 API calls 17228->17229 17230 7ff887d57a7b 17229->17230 17231 7ff887d677f0 59 API calls 17230->17231 17232 7ff887d57b55 17231->17232 17233 7ff887d6a520 59 API calls 17232->17233 17234 7ff887d57c5f 17233->17234 17361 7ff887d5ad80 17234->17361 17250 7ff887d656a8 std::_Facet_Register 3 API calls 17249->17250 17251 7ff887d54651 17250->17251 17251->17196 17260 7ff887d59820 InitializeSRWLock 17252->17260 17257 7ff887d656a8 std::_Facet_Register 3 API calls 17258 7ff887d5879c ?_Init@locale@std@@CAPEAV_Locimp@12@_N 17257->17258 17258->17198 17261 7ff887d656a8 std::_Facet_Register 3 API calls 17260->17261 17262 7ff887d58777 17261->17262 17263 7ff887d6a520 17262->17263 17266 7ff887d6a2f0 17263->17266 17265 7ff887d58792 17265->17257 17271 7ff887d6a310 17266->17271 17267 7ff887d6a48a 17268 7ff887d6a49e 17267->17268 17297 7ff887d6d9d0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17267->17297 17273 7ff887d65c04 shared_ptr 5 API calls 17268->17273 17278 7ff887d6a4d7 17268->17278 17271->17267 17272 7ff887d6a32b shared_ptr 17271->17272 17282 7ff887d6d940 AcquireSRWLockExclusive 17271->17282 17272->17271 17274 7ff887d656a8 std::_Facet_Register 3 API calls 17272->17274 17276 7ff887d677f0 59 API calls 17272->17276 17287 7ff887d6a4b0 17272->17287 17293 7ff887d6a240 17272->17293 17296 7ff887d6d900 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17272->17296 17275 7ff887d6a4ef shared_ptr 17273->17275 17274->17272 17277 7ff887d65ba4 shared_ptr 4 API calls 17275->17277 17275->17278 17276->17272 17277->17278 17278->17265 17283 7ff887d6d99b ReleaseSRWLockExclusive 17282->17283 17284 7ff887d6d960 17282->17284 17283->17271 17284->17283 17285 7ff887d6d9b0 ReleaseSRWLockExclusive 17284->17285 17286 7ff887d6d970 SleepConditionVariableSRW 17284->17286 17285->17271 17286->17284 17286->17286 17288 7ff887d6a4d7 17287->17288 17289 7ff887d6a4e3 17287->17289 17288->17272 17290 7ff887d65c04 shared_ptr 5 API calls 17289->17290 17291 7ff887d6a4ef shared_ptr 17290->17291 17291->17288 17292 7ff887d65ba4 shared_ptr EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 17291->17292 17292->17288 17294 7ff887d656a8 std::_Facet_Register malloc _CxxThrowException free 17293->17294 17295 7ff887d6a266 17294->17295 17295->17272 17296->17272 17297->17268 17299 7ff887d56f7d 17298->17299 17300 7ff887d680f4 std::bad_alloc::bad_alloc 17298->17300 17302 7ff887d677f0 17299->17302 17301 7ff887d680fe _CxxThrowException 17300->17301 17369 7ff887d675d0 17302->17369 17306 7ff887d678ed ReleaseSRWLockShared AcquireSRWLockExclusive 17311 7ff887d67911 17306->17311 17307 7ff887d679a2 17308 7ff887d67bfe 17307->17308 17309 7ff887d679b4 17307->17309 17411 7ff887d52b20 17308->17411 17315 7ff887d49100 7 API calls 17309->17315 17311->17307 17313 7ff887d67992 memcmp 17311->17313 17313->17307 17318 7ff887d67bc8 ReleaseSRWLockExclusive 17313->17318 17317 7ff887d679df 17315->17317 17316 7ff887d67c1c 17418 7ff887d66de0 17316->17418 17319 7ff887d4d4c0 std::bad_exception::bad_exception 6 API calls 17317->17319 17320 7ff887d67bd5 17318->17320 17321 7ff887d679fd 17319->17321 17322 7ff887d65e20 _Receive_impl 8 API calls 17320->17322 17324 7ff887d67a1d 17321->17324 17385 7ff887d672e0 17321->17385 17325 7ff887d56fb0 17322->17325 17328 7ff887d67a4b 17324->17328 17329 7ff887d67a61 17324->17329 17342 7ff887d69470 AcquireSRWLockExclusive 17325->17342 17331 7ff887d656a8 std::_Facet_Register 3 API calls 17328->17331 17333 7ff887d4d4c0 std::bad_exception::bad_exception 6 API calls 17329->17333 17330 7ff887d6785a 17330->17306 17332 7ff887d678da ReleaseSRWLockShared 17330->17332 17334 7ff887d67a55 17331->17334 17332->17320 17335 7ff887d67a83 17333->17335 17334->17329 17405 7ff887d48a60 17335->17405 17338 7ff887d67aca 17340 7ff887d656e4 messages free 17338->17340 17339 7ff887d67ac3 _invalid_parameter_noinfo_noreturn 17339->17338 17341 7ff887d67acf 17340->17341 17341->17318 17440 7ff887d68120 17342->17440 17344 7ff887d694b5 ReleaseSRWLockExclusive 17344->17208 17346 7ff887d601a0 17345->17346 17446 7ff887d6e5b0 17346->17446 17349 7ff887d656a8 std::_Facet_Register 3 API calls 17351 7ff887d601bd 17349->17351 17350 7ff887d602ff 17352 7ff887d6034a 17350->17352 17353 7ff887d6038b _invalid_parameter_noinfo_noreturn 17350->17353 17358 7ff887d656e4 messages free 17350->17358 17351->17350 17351->17353 17354 7ff887d656e4 messages free 17351->17354 17352->17353 17355 7ff887d60397 17352->17355 17356 7ff887d60392 17352->17356 17353->17356 17354->17350 17357 7ff887d65e20 _Receive_impl 8 API calls 17355->17357 17359 7ff887d656e4 messages free 17356->17359 17360 7ff887d570a2 17357->17360 17358->17352 17359->17355 17360->17215 17360->17217 17360->17218 17362 7ff887d5adc8 17361->17362 17363 7ff887d65e20 _Receive_impl 8 API calls 17362->17363 17364 7ff887d57cc5 17363->17364 17365 7ff887d5aec0 AcquireSRWLockExclusive 17364->17365 17366 7ff887d656a8 std::_Facet_Register 3 API calls 17365->17366 17367 7ff887d5aeef 17366->17367 17368 7ff887d5af40 ReleaseSRWLockExclusive 17367->17368 17377 7ff887d675f6 shared_ptr 17369->17377 17370 7ff887d6778b 17373 7ff887d6779f 17370->17373 17431 7ff887d6d9d0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17370->17431 17371 7ff887d6d940 4 API calls 17371->17377 17374 7ff887d677fe AcquireSRWLockShared 17373->17374 17375 7ff887d65c04 shared_ptr 5 API calls 17373->17375 17374->17306 17374->17330 17378 7ff887d67c8f shared_ptr 17375->17378 17377->17370 17377->17371 17384 7ff887d67640 shared_ptr 17377->17384 17421 7ff887d66a10 17377->17421 17378->17374 17380 7ff887d65ba4 shared_ptr 4 API calls 17378->17380 17379 7ff887d6764e InitializeSRWLock 17381 7ff887d656a8 std::_Facet_Register 3 API calls 17379->17381 17380->17374 17381->17384 17384->17377 17384->17379 17424 7ff887d67c50 17384->17424 17430 7ff887d6d900 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17384->17430 17388 7ff887d67320 17385->17388 17386 7ff887d674ae Concurrency::cancel_current_task 17432 7ff887d674c0 ?_Xlength_error@std@@YAXPEBD 17386->17432 17388->17386 17390 7ff887d6739c 17388->17390 17392 7ff887d656a8 std::_Facet_Register 3 API calls 17388->17392 17389 7ff887d674bc 17393 7ff887d656a8 std::_Facet_Register 3 API calls 17390->17393 17397 7ff887d67387 memmove 17390->17397 17396 7ff887d67382 17392->17396 17393->17397 17394 7ff887d6740c memmove memmove 17398 7ff887d6743d memset 17394->17398 17395 7ff887d673e7 memmove memset 17395->17398 17396->17397 17399 7ff887d67395 _invalid_parameter_noinfo_noreturn 17396->17399 17397->17394 17397->17395 17400 7ff887d6744d 17398->17400 17401 7ff887d6747f 17398->17401 17399->17390 17402 7ff887d67477 17400->17402 17403 7ff887d674a7 _invalid_parameter_noinfo_noreturn 17400->17403 17401->17324 17404 7ff887d656e4 messages free 17402->17404 17403->17386 17404->17401 17406 7ff887d48a9f 17405->17406 17407 7ff887d48a73 17405->17407 17406->17338 17406->17339 17406->17341 17408 7ff887d48ab8 _invalid_parameter_noinfo_noreturn 17407->17408 17409 7ff887d48a97 17407->17409 17410 7ff887d656e4 messages free 17409->17410 17410->17406 17412 7ff887d52b41 17411->17412 17412->17412 17413 7ff887d49100 7 API calls 17412->17413 17414 7ff887d52b4f 17413->17414 17415 7ff887d6c140 17414->17415 17416 7ff887d6c156 __std_exception_copy 17415->17416 17417 7ff887d6c153 17415->17417 17416->17316 17417->17416 17439 7ff887d66ed0 __std_exception_copy 17418->17439 17420 7ff887d66df4 _CxxThrowException 17422 7ff887d656a8 std::_Facet_Register 3 API calls 17421->17422 17423 7ff887d66a31 17422->17423 17423->17377 17425 7ff887d67c83 17424->17425 17429 7ff887d67c77 17424->17429 17426 7ff887d65c04 shared_ptr 5 API calls 17425->17426 17427 7ff887d67c8f shared_ptr 17426->17427 17428 7ff887d65ba4 shared_ptr 4 API calls 17427->17428 17427->17429 17428->17429 17429->17384 17430->17384 17431->17373 17433 7ff887d656a8 std::_Facet_Register 3 API calls 17432->17433 17434 7ff887d674f7 17433->17434 17437 7ff887d66e10 __std_exception_copy 17434->17437 17436 7ff887d67507 17436->17389 17438 7ff887d66e7e 17437->17438 17438->17436 17439->17420 17441 7ff887d6815d 17440->17441 17442 7ff887d68197 17441->17442 17445 7ff887d68179 17441->17445 17443 7ff887d656a8 std::_Facet_Register 3 API calls 17442->17443 17444 7ff887d681a1 17443->17444 17444->17445 17445->17344 17447 7ff887d6e5f6 17446->17447 17457 7ff887d6e671 17446->17457 17448 7ff887d6e600 memchr 17447->17448 17456 7ff887d6e659 17447->17456 17447->17457 17466 7ff887d6ea50 17447->17466 17460 7ff887d53030 17448->17460 17449 7ff887d65e20 _Receive_impl 8 API calls 17452 7ff887d601b3 17449->17452 17450 7ff887d6e700 17454 7ff887d656e4 messages free 17450->17454 17452->17349 17453 7ff887d6e6f9 _invalid_parameter_noinfo_noreturn 17453->17450 17455 7ff887d6e705 17454->17455 17455->17449 17456->17457 17459 7ff887d53030 10 API calls 17456->17459 17457->17450 17457->17453 17457->17455 17459->17457 17461 7ff887d53092 17460->17461 17464 7ff887d53053 memmove 17460->17464 17470 7ff887d42190 17461->17470 17464->17447 17467 7ff887d6ea78 17466->17467 17469 7ff887d6ed30 17467->17469 17485 7ff887d529b0 17467->17485 17469->17447 17471 7ff887d421be 17470->17471 17473 7ff887d4230b Concurrency::cancel_current_task 17470->17473 17472 7ff887d42211 17471->17472 17474 7ff887d42246 17471->17474 17472->17473 17475 7ff887d656a8 std::_Facet_Register malloc _CxxThrowException free 17472->17475 17476 7ff887d4222f 17474->17476 17478 7ff887d656a8 std::_Facet_Register malloc _CxxThrowException free 17474->17478 17475->17476 17477 7ff887d422c4 _invalid_parameter_noinfo_noreturn 17476->17477 17479 7ff887d422cb memmove memmove 17476->17479 17480 7ff887d42277 memmove memmove 17476->17480 17477->17479 17478->17476 17483 7ff887d422c2 17479->17483 17481 7ff887d422b7 17480->17481 17482 7ff887d422a2 17480->17482 17484 7ff887d656e4 messages free 17481->17484 17482->17477 17482->17481 17483->17447 17484->17483 17486 7ff887d529e2 17485->17486 17488 7ff887d52b0a Concurrency::cancel_current_task 17485->17488 17487 7ff887d52a30 17486->17487 17489 7ff887d52a61 17486->17489 17487->17488 17490 7ff887d656a8 std::_Facet_Register malloc _CxxThrowException free 17487->17490 17491 7ff887d52a4e 17489->17491 17492 7ff887d656a8 std::_Facet_Register malloc _CxxThrowException free 17489->17492 17490->17491 17493 7ff887d52acd _invalid_parameter_noinfo_noreturn 17491->17493 17494 7ff887d52a89 memmove 17491->17494 17495 7ff887d52ad4 memmove 17491->17495 17492->17491 17493->17495 17496 7ff887d52aab 17494->17496 17497 7ff887d52ac0 17494->17497 17498 7ff887d52acb 17495->17498 17496->17493 17496->17497 17499 7ff887d656e4 messages free 17497->17499 17498->17469 17499->17498 17578 7ff887d6181c strftime 17577->17578 17579 7ff887d61819 17577->17579 17580 7ff887d61853 17578->17580 17579->17578 17580->17580 17581 7ff887d49100 7 API calls 17580->17581 17582 7ff887d6186a 17581->17582 17583 7ff887d65e20 _Receive_impl 8 API calls 17582->17583 17584 7ff887d5e6ce 17583->17584 17584->16844 17586 7ff887d61290 17585->17586 17586->17586 17587 7ff887d612ea 17586->17587 17588 7ff887d49100 7 API calls 17586->17588 17589 7ff887d65e20 _Receive_impl 8 API calls 17587->17589 17588->17587 17590 7ff887d612fa 17589->17590 17590->16878 17592 7ff887d5884c 17591->17592 17593 7ff887d5889e 17591->17593 17592->17593 17597 7ff887d58851 memmove 17592->17597 17594 7ff887d588a6 memmove 17593->17594 17596 7ff887d588f9 17593->17596 17598 7ff887d588df 17594->17598 17599 7ff887d588e2 memmove 17594->17599 17595 7ff887d5899d 17596->17595 17721 7ff887d4e540 17596->17721 17600 7ff887d58983 17597->17600 17598->17599 17599->17600 17600->16883 17603 7ff887d5893e memmove 17605 7ff887d5896e memmove 17603->17605 17606 7ff887d5896b 17603->17606 17605->17600 17606->17605 17607->16929 17729 7ff887d5e130 ?exceptions@ios_base@std@@QEAAXH ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N 17608->17729 17610 7ff887d6dcb0 ?_Init@locale@std@@CAPEAV_Locimp@12@_N ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@ 17611 7ff887d6dce8 17610->17611 17613 7ff887d680e0 2 API calls 17611->17613 17628 7ff887d6deae 17611->17628 17612 7ff887d65e20 _Receive_impl 8 API calls 17614 7ff887d5ef00 17612->17614 17615 7ff887d6dd3c 17613->17615 17614->16934 17614->16936 17617 7ff887d6ddd0 17615->17617 17620 7ff887d6ddc9 _invalid_parameter_noinfo_noreturn 17615->17620 17621 7ff887d6ddd5 17615->17621 17616 7ff887d6a520 59 API calls 17619 7ff887d6ddf2 17616->17619 17618 7ff887d656e4 messages free 17617->17618 17618->17621 17730 7ff887d68940 17619->17730 17620->17617 17621->17616 17625 7ff887d6de7f ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N 17625->17628 17628->17612 17631 7ff887d6de7b 17631->17625 17633 7ff887d5d309 17632->17633 17634 7ff887d5d34c ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 17633->17634 17635 7ff887d5d3da ?uncaught_exception@std@ 17633->17635 17636 7ff887d5d3b9 17634->17636 17637 7ff887d5d3ed ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 17635->17637 17638 7ff887d5d3e3 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 17635->17638 17639 7ff887d5c010 288 API calls 17636->17639 17640 7ff887d69ca0 17637->17640 17638->17637 17639->17635 17641 7ff887d69cc8 17640->17641 17643 7ff887d69d62 17640->17643 17814 7ff887d68390 17641->17814 17644 7ff887d69dd0 17643->17644 17645 7ff887d69daf 17643->17645 17646 7ff887d6a1c3 Concurrency::cancel_current_task 17643->17646 17664 7ff887d69ddf 17643->17664 17647 7ff887d69dd5 17644->17647 17644->17664 17648 7ff887d656a8 std::_Facet_Register 3 API calls 17645->17648 17649 7ff887d656a8 std::_Facet_Register 3 API calls 17647->17649 17650 7ff887d69db4 17648->17650 17651 7ff887d69dbc 17649->17651 17650->17651 17652 7ff887d69dca _invalid_parameter_noinfo_noreturn 17650->17652 17651->17664 17652->17644 17654 7ff887d6a192 17656 7ff887d5ef82 17654->17656 17846 7ff887d69780 17654->17846 17655 7ff887d69cd6 17655->17643 17822 7ff887d68620 17655->17822 17708 7ff887d6dc10 17656->17708 17657 7ff887d76670 TlsGetValue 17657->17664 17658 7ff887d6a101 17658->17654 17659 7ff887d6a18a 17658->17659 17662 7ff887d6a183 _invalid_parameter_noinfo_noreturn 17658->17662 17660 7ff887d656e4 messages free 17659->17660 17660->17654 17662->17659 17664->17657 17664->17658 17806 7ff887d58050 GetCurrentThreadId 17664->17806 17830 7ff887d69b00 AcquireSRWLockExclusive 17664->17830 17668 7ff887d5bd54 17666->17668 17669 7ff887d5bdab 17668->17669 17671 7ff887d5bdd7 17668->17671 17672 7ff887d5bef6 Concurrency::cancel_current_task 17668->17672 17669->17672 17673 7ff887d656a8 std::_Facet_Register 3 API calls 17669->17673 17674 7ff887d656a8 std::_Facet_Register 3 API calls 17671->17674 17676 7ff887d5bdc0 17671->17676 18181 7ff887d5bf10 ?_Xlength_error@std@@YAXPEBD 17672->18181 17673->17676 17674->17676 17675 7ff887d5bde9 memmove 17677 7ff887d5be59 memmove memmove 17675->17677 17678 7ff887d5be34 memmove memset 17675->17678 17676->17675 17679 7ff887d5beef _invalid_parameter_noinfo_noreturn 17676->17679 17680 7ff887d5be89 memset 17677->17680 17678->17680 17679->17672 17681 7ff887d5bea8 17680->17681 17682 7ff887d5bed6 17680->17682 17681->17679 17683 7ff887d5bece 17681->17683 17682->16846 17684 7ff887d656e4 messages free 17683->17684 17684->17682 17695 7ff887d6a9e6 17685->17695 17686 7ff887d6aa0f 17688 7ff887d6aa23 17686->17688 18192 7ff887d6d9d0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17686->18192 17687 7ff887d6d940 4 API calls 17687->17695 17690 7ff887d6a950 24 API calls 17688->17690 17691 7ff887d6aa28 17690->17691 18193 7ff887d6fda0 TlsGetValue 17691->18193 17695->17686 17695->17687 18182 7ff887d6a950 17695->18182 18191 7ff887d6d900 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17695->18191 17709 7ff887d5ef8f 17708->17709 17710 7ff887d6dc23 17708->17710 17709->16943 17709->16944 17711 7ff887d6dba0 289 API calls 17710->17711 17712 7ff887d6dc28 ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N ?exceptions@ios_base@std@@QEAAXH 17711->17712 17712->17709 17716 7ff887d69780 17713->17716 17714 7ff887d68280 2 API calls 17715 7ff887d697d0 free 17714->17715 17715->16927 17716->17714 17718 7ff887d5a29b 17717->17718 18236 7ff887d68070 17718->18236 17722 7ff887d4e54d 17721->17722 17723 7ff887d4e57b 17721->17723 17724 7ff887d4e593 Concurrency::cancel_current_task 17722->17724 17725 7ff887d656a8 std::_Facet_Register 3 API calls 17722->17725 17723->17603 17726 7ff887d4e55b 17725->17726 17727 7ff887d4e574 _invalid_parameter_noinfo_noreturn 17726->17727 17728 7ff887d4e563 17726->17728 17727->17723 17728->17603 17729->17610 17732 7ff887d68974 17730->17732 17731 7ff887d6898e 17734 7ff887d6dba0 17731->17734 17732->17731 17769 7ff887d689e0 17732->17769 17735 7ff887d6dbdb 17734->17735 17736 7ff887d6dbb0 17734->17736 17735->17625 17738 7ff887d5e430 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2 ??0_Lockit@std@@QEAA@H ??Bid@locale@std@ 17735->17738 17736->17735 17773 7ff887d5c010 17736->17773 17739 7ff887d5e48b 17738->17739 17740 7ff887d5e505 ??1_Lockit@std@@QEAA ?length@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1_K 17739->17740 17742 7ff887d5e4ad 17739->17742 17743 7ff887d5e4a2 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12 17739->17743 17741 7ff887d5e544 17740->17741 17761 7ff887d60430 17741->17761 17742->17740 17744 7ff887d5e4c4 ?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@ 17742->17744 17743->17742 17745 7ff887d5e4de 17744->17745 17746 7ff887d5e578 17744->17746 17784 7ff887d65490 17745->17784 17787 7ff887d52c60 17746->17787 17762 7ff887d60457 17761->17762 17763 7ff887d60441 17761->17763 17764 7ff887d604a8 17762->17764 17765 7ff887d60471 memset 17762->17765 17763->17631 17791 7ff887d559f0 17764->17791 17765->17631 17770 7ff887d68a24 17769->17770 17772 7ff887d68a07 17769->17772 17771 7ff887d656a8 std::_Facet_Register 3 API calls 17770->17771 17771->17772 17772->17731 17774 7ff887d5c02e 17773->17774 17775 7ff887d5c0a1 17773->17775 17776 7ff887d5c04f 17774->17776 17777 7ff887d5c06a 17774->17777 17775->17735 17779 7ff887d53030 10 API calls 17776->17779 17778 7ff887d5e430 291 API calls 17777->17778 17781 7ff887d5c078 17778->17781 17780 7ff887d5c057 17779->17780 17780->17735 17782 7ff887d53030 10 API calls 17781->17782 17783 7ff887d5c08a 17782->17783 17783->17735 17785 7ff887d656a8 std::_Facet_Register 3 API calls 17784->17785 17786 7ff887d5e4f0 17785->17786 17786->17740 17790 7ff887d52be0 17787->17790 17789 7ff887d52c6e _CxxThrowException 17790->17789 17792 7ff887d55a1e 17791->17792 17799 7ff887d55b6c Concurrency::cancel_current_task 17791->17799 17793 7ff887d55a71 17792->17793 17794 7ff887d55aa6 17792->17794 17795 7ff887d656a8 std::_Facet_Register 3 API calls 17793->17795 17793->17799 17796 7ff887d55a8f 17794->17796 17798 7ff887d656a8 std::_Facet_Register 3 API calls 17794->17798 17795->17796 17797 7ff887d55b25 _invalid_parameter_noinfo_noreturn 17796->17797 17800 7ff887d55b2c memmove memset 17796->17800 17801 7ff887d55ad8 memmove memset 17796->17801 17797->17800 17798->17796 17802 7ff887d55b23 17800->17802 17803 7ff887d55b18 17801->17803 17804 7ff887d55b03 17801->17804 17802->17631 17805 7ff887d656e4 messages free 17803->17805 17804->17797 17804->17803 17805->17802 17807 7ff887d5807e 17806->17807 17808 7ff887d580e6 17807->17808 17850 7ff887d56090 17807->17850 17808->17664 17815 7ff887d683b8 17814->17815 17816 7ff887d683b0 17814->17816 17817 7ff887d683d0 17815->17817 17819 7ff887d687c0 3 API calls 17815->17819 18012 7ff887d687c0 17816->18012 17820 7ff887d683e9 17817->17820 17821 7ff887d687c0 3 API calls 17817->17821 17819->17817 17820->17655 17821->17820 17823 7ff887d68639 17822->17823 17824 7ff887d68631 17822->17824 17826 7ff887d68651 17823->17826 17827 7ff887d687c0 3 API calls 17823->17827 17825 7ff887d687c0 3 API calls 17824->17825 17825->17823 17828 7ff887d6866a 17826->17828 17829 7ff887d687c0 3 API calls 17826->17829 17827->17826 17828->17655 17829->17828 17831 7ff887d76670 TlsGetValue 17830->17831 17832 7ff887d69b25 17831->17832 17833 7ff887d69c5c ReleaseSRWLockExclusive 17832->17833 17834 7ff887d656a8 std::_Facet_Register 3 API calls 17832->17834 17833->17664 17835 7ff887d69b36 17834->17835 17836 7ff887d68020 3 API calls 17835->17836 17837 7ff887d69b46 17836->17837 18016 7ff887d5c7c0 GetSystemTimeAsFileTime 17837->18016 17847 7ff887d69799 17846->17847 18176 7ff887d68280 17847->18176 17880 7ff887d76670 17850->17880 17853 7ff887d560d1 AcquireSRWLockShared 17855 7ff887d656a8 std::_Facet_Register 3 API calls 17853->17855 17854 7ff887d56145 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 17883 7ff887d6df50 17854->17883 17856 7ff887d560ee 17855->17856 17858 7ff887d5610b ReleaseSRWLockShared 17856->17858 17886 7ff887d59ad0 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA 17856->17886 17863 7ff887d76670 TlsGetValue 17858->17863 17865 7ff887d56124 17863->17865 17865->17854 17899 7ff887d76e20 17865->17899 17925 7ff887d76600 17880->17925 17884 7ff887d6df5a OutputDebugStringA 17883->17884 17885 7ff887d6df57 17883->17885 17885->17884 17887 7ff887d59b88 17886->17887 17888 7ff887d59b64 17886->17888 17889 7ff887d59bf4 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N 17887->17889 17893 7ff887d5e430 287 API calls 17887->17893 17888->17887 17891 7ff887d5c010 287 API calls 17888->17891 17928 7ff887d5e130 ?exceptions@ios_base@std@@QEAAXH ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N 17889->17928 17891->17887 17892 7ff887d59c16 ?exceptions@ios_base@std@@QEAAXH ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@ 17898 7ff887d59c7d 17892->17898 17895 7ff887d59be1 17893->17895 17896 7ff887d60430 10 API calls 17895->17896 17897 7ff887d59bf0 17896->17897 17897->17889 17898->17858 17900 7ff887d76600 TlsGetValue 17899->17900 17901 7ff887d76e4b 17900->17901 17902 7ff887d76eee 17901->17902 17905 7ff887d76e57 17901->17905 17903 7ff887d76f09 TlsGetValue 17902->17903 17904 7ff887d76f14 17902->17904 17924 7ff887d76ebd 17902->17924 17903->17904 17913 7ff887d76f24 17903->17913 17906 7ff887d76750 287 API calls 17904->17906 17907 7ff887d76e8f TlsGetValue 17905->17907 17908 7ff887d76e9d 17905->17908 17905->17924 17909 7ff887d76f19 17906->17909 17907->17908 17910 7ff887d76ecb 17907->17910 17929 7ff887d76750 17908->17929 17912 7ff887d76f29 TlsGetValue 17909->17912 17909->17913 17914 7ff887d763d0 free 17910->17914 17912->17913 17915 7ff887d77016 17913->17915 17916 7ff887d76fa3 17913->17916 17913->17924 17914->17924 17944 7ff887d53010 ?_Xlength_error@std@@YAXPEBD 17915->17944 17921 7ff887d656a8 std::_Facet_Register 3 API calls 17916->17921 17919 7ff887d76ead 17936 7ff887d763d0 17919->17936 17920 7ff887d76ec2 TlsGetValue 17920->17910 17921->17924 17924->17854 17926 7ff887d76614 TlsGetValue 17925->17926 17927 7ff887d560c0 17925->17927 17926->17927 17927->17853 17927->17854 17928->17892 17945 7ff887d74eb0 GetProcessHeap HeapAlloc 17929->17945 17934 7ff887d7678b 17934->17919 17934->17920 17935 7ff887d76781 TlsSetValue 17935->17934 17937 7ff887d76403 17936->17937 17940 7ff887d7651e 17937->17940 17941 7ff887d764cf 17937->17941 17938 7ff887d76506 17938->17924 17940->17938 17943 7ff887d656e4 messages free 17940->17943 17941->17938 17942 7ff887d656e4 messages free 17941->17942 17990 7ff887d744c0 17941->17990 17942->17941 17943->17940 17946 7ff887d74efa std::bad_alloc::bad_alloc 17945->17946 17947 7ff887d74ed8 17945->17947 17984 7ff887d6a5c0 17946->17984 17973 7ff887d75130 17947->17973 17952 7ff887d75fa0 17958 7ff887d75ff2 17952->17958 17953 7ff887d76102 17954 7ff887d76198 CloseHandle 17953->17954 17955 7ff887d761a2 17953->17955 17954->17955 17957 7ff887d65e20 _Receive_impl 8 API calls 17955->17957 17956 7ff887d7605c ResetEvent 17956->17958 17961 7ff887d761b2 17957->17961 17958->17953 17958->17956 17959 7ff887d76028 OpenEventA 17958->17959 17962 7ff887d76173 WaitForSingleObjectEx 17958->17962 17964 7ff887d7613d CreateEventA 17958->17964 17965 7ff887d76078 17958->17965 17967 7ff887d76940 GetCurrentProcessId 17958->17967 17987 7ff887d76940 17958->17987 17959->17958 17960 7ff887d7604c CloseHandle 17959->17960 17960->17958 17961->17934 17961->17935 17962->17958 17964->17958 17969 7ff887d76163 CloseHandle 17964->17969 17966 7ff887d760f4 SetEvent 17965->17966 17968 7ff887d760e3 17965->17968 17970 7ff887d760b7 CreateEventA 17965->17970 17972 7ff887d76940 GetCurrentProcessId 17965->17972 17966->17953 17967->17964 17968->17953 17968->17966 17969->17958 17970->17968 17971 7ff887d760dd CloseHandle 17970->17971 17971->17968 17972->17970 17974 7ff887d656a8 std::_Facet_Register malloc _CxxThrowException free 17973->17974 17975 7ff887d7518e CreateEventA 17974->17975 17976 7ff887d75200 17975->17976 17977 7ff887d751d0 17975->17977 17979 7ff887d59e90 _Receive_impl __std_exception_copy 17976->17979 17978 7ff887d65e20 _Receive_impl 8 API calls 17977->17978 17980 7ff887d74ee0 17978->17980 17981 7ff887d7520a 17979->17981 17980->17952 17982 7ff887d57f00 _Receive_impl 290 API calls 17981->17982 17983 7ff887d75213 17982->17983 17985 7ff887d6a6b0 __std_exception_copy 17984->17985 17986 7ff887d6a5d1 _CxxThrowException 17985->17986 17988 7ff887d76990 17987->17988 17988->17988 17989 7ff887d769a9 GetCurrentProcessId 17988->17989 17989->17959 17991 7ff887d74506 17990->17991 17993 7ff887d744df 17990->17993 17991->17941 17992 7ff887d744c0 _Receive_impl free 17992->17993 17993->17991 17993->17992 17994 7ff887d656e4 messages free 17993->17994 17994->17993 18013 7ff887d68925 18012->18013 18014 7ff887d687ea 18012->18014 18013->17815 18014->18013 18015 7ff887d656a8 std::_Facet_Register 3 API calls 18014->18015 18015->18014 18017 7ff887d5c841 18016->18017 18018 7ff887d5c975 18017->18018 18019 7ff887d5c856 18017->18019 18081 7ff887d5f3f0 18018->18081 18020 7ff887d5c986 18019->18020 18021 7ff887d5c860 18019->18021 18024 7ff887d5f3f0 16 API calls 18020->18024 18023 7ff887d5c875 18021->18023 18027 7ff887d5c998 18021->18027 18025 7ff887d5c87f 18023->18025 18026 7ff887d5c9a6 18023->18026 18024->18027 18029 7ff887d5c89b 18025->18029 18030 7ff887d5c9b4 18025->18030 18031 7ff887d5f410 16 API calls 18026->18031 18086 7ff887d5f410 18027->18086 18033 7ff887d5c8aa 18029->18033 18034 7ff887d5c9c6 18029->18034 18091 7ff887d5f430 18030->18091 18031->18030 18061 7ff887d59890 18033->18061 18035 7ff887d5f430 16 API calls 18034->18035 18037 7ff887d5c9db 18035->18037 18038 7ff887d5c8bc 18039 7ff887d65e20 _Receive_impl 8 API calls 18038->18039 18040 7ff887d5c965 18039->18040 18041 7ff887d6f1e0 18040->18041 18050 7ff887d6f1f6 18041->18050 18042 7ff887d6f21f 18043 7ff887d6f233 18042->18043 18151 7ff887d6d9d0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 18042->18151 18046 7ff887d6f290 24 API calls 18043->18046 18044 7ff887d6d940 4 API calls 18044->18050 18047 7ff887d6f238 18046->18047 18152 7ff887d6fda0 TlsGetValue 18047->18152 18050->18042 18050->18044 18141 7ff887d6f290 18050->18141 18150 7ff887d6d900 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 18050->18150 18062 7ff887d59947 18061->18062 18063 7ff887d599af 18062->18063 18064 7ff887d599ca 18062->18064 18065 7ff887d65e20 _Receive_impl 8 API calls 18063->18065 18066 7ff887d52b20 7 API calls 18064->18066 18067 7ff887d599bf 18065->18067 18068 7ff887d599db 18066->18068 18067->18038 18096 7ff887d59440 18068->18096 18070 7ff887d599e9 18099 7ff887d57e40 18070->18099 18103 7ff887d594a0 18081->18103 18084 7ff887d57e40 2 API calls 18085 7ff887d5f407 18084->18085 18113 7ff887d595e0 18086->18113 18127 7ff887d59720 18091->18127 18097 7ff887d59456 __std_exception_copy 18096->18097 18098 7ff887d59453 18096->18098 18097->18070 18098->18097 18102 7ff887d58c70 __std_exception_copy 18099->18102 18101 7ff887d57e51 _CxxThrowException 18102->18101 18104 7ff887d656a8 std::_Facet_Register 3 API calls 18103->18104 18105 7ff887d594c7 __std_exception_copy 18104->18105 18106 7ff887d59576 18105->18106 18107 7ff887d59541 18105->18107 18109 7ff887d65e20 _Receive_impl 8 API calls 18106->18109 18108 7ff887d59571 18107->18108 18110 7ff887d5956a _invalid_parameter_noinfo_noreturn 18107->18110 18111 7ff887d656e4 messages free 18108->18111 18112 7ff887d59590 18109->18112 18110->18108 18111->18106 18112->18084 18114 7ff887d656a8 std::_Facet_Register 3 API calls 18113->18114 18115 7ff887d59607 __std_exception_copy 18114->18115 18116 7ff887d596b7 18115->18116 18117 7ff887d59682 18115->18117 18119 7ff887d65e20 _Receive_impl 8 API calls 18116->18119 18118 7ff887d596b2 18117->18118 18120 7ff887d596ab _invalid_parameter_noinfo_noreturn 18117->18120 18121 7ff887d656e4 messages free 18118->18121 18122 7ff887d596d1 18119->18122 18120->18118 18121->18116 18123 7ff887d57e70 18122->18123 18126 7ff887d58da0 __std_exception_copy 18123->18126 18125 7ff887d57e81 _CxxThrowException 18126->18125 18128 7ff887d656a8 std::_Facet_Register 3 API calls 18127->18128 18129 7ff887d59747 __std_exception_copy 18128->18129 18130 7ff887d597cb 18129->18130 18131 7ff887d59800 18129->18131 18133 7ff887d597fb 18130->18133 18134 7ff887d597f4 _invalid_parameter_noinfo_noreturn 18130->18134 18132 7ff887d65e20 _Receive_impl 8 API calls 18131->18132 18136 7ff887d5981a 18132->18136 18135 7ff887d656e4 messages free 18133->18135 18134->18133 18135->18131 18137 7ff887d57ea0 18136->18137 18140 7ff887d58ed0 __std_exception_copy 18137->18140 18139 7ff887d57eb1 _CxxThrowException 18140->18139 18142 7ff887d6f2b9 18141->18142 18143 7ff887d6f2c6 18141->18143 18142->18050 18144 7ff887d65c04 shared_ptr 5 API calls 18143->18144 18145 7ff887d6f2d2 18144->18145 18145->18142 18153 7ff887d6fd40 TlsAlloc 18145->18153 18147 7ff887d6f2ea shared_ptr 18148 7ff887d65ba4 shared_ptr 4 API calls 18147->18148 18149 7ff887d6f303 18148->18149 18149->18050 18150->18050 18151->18043 18154 7ff887d6fd5f 18153->18154 18155 7ff887d6fd56 18153->18155 18158 7ff887d6d850 18154->18158 18155->18147 18159 7ff887d52b20 7 API calls 18158->18159 18160 7ff887d6d872 18159->18160 18167 7ff887d6c250 18160->18167 18162 7ff887d6d8a3 18170 7ff887d6b530 18162->18170 18164 7ff887d6d8b4 18173 7ff887d6b760 18164->18173 18168 7ff887d6c26a __std_exception_copy 18167->18168 18169 7ff887d6c267 18167->18169 18168->18162 18169->18168 18171 7ff887d6c1e0 7 API calls 18170->18171 18172 7ff887d6b53e 18171->18172 18172->18164 18174 7ff887d6bee0 7 API calls 18173->18174 18175 7ff887d6b774 _CxxThrowException 18174->18175 18177 7ff887d68373 free 18176->18177 18180 7ff887d682a1 18176->18180 18177->17656 18178 7ff887d6835c free 18178->18177 18179 7ff887d656e4 messages free 18179->18180 18180->18178 18180->18179 18183 7ff887d6a979 18182->18183 18184 7ff887d6a986 18182->18184 18183->17695 18185 7ff887d65c04 shared_ptr 5 API calls 18184->18185 18186 7ff887d6a992 18185->18186 18186->18183 18187 7ff887d6fd40 15 API calls 18186->18187 18188 7ff887d6a9aa shared_ptr 18187->18188 18189 7ff887d65ba4 shared_ptr 4 API calls 18188->18189 18190 7ff887d6a9c3 18189->18190 18190->17695 18191->17695 18192->17688 18237 7ff887d68087 18236->18237 18242 7ff887d5a2cd ReleaseSRWLockShared 18236->18242 18244 7ff887d67ea0 18237->18244 18239 7ff887d68093 18240 7ff887d680b9 18239->18240 18243 7ff887d656e4 messages free 18239->18243 18241 7ff887d656e4 messages free 18240->18241 18241->18242 18242->16858 18243->18239 18245 7ff887d67f3f 18244->18245 18246 7ff887d67eca 18244->18246 18245->18239 18246->18245 18247 7ff887d656e4 messages free 18246->18247 18247->18246 18249 7ff887d53d90 291 API calls 18248->18249 18250 7ff887d4fe8f 18249->18250 18251 7ff887d656a8 std::_Facet_Register 3 API calls 18250->18251 18252 7ff887d4fe9c 18251->18252 18262 7ff887d4ff58 18252->18262 18267 7ff887d4d640 18252->18267 18256 7ff887d4ff53 18257 7ff887d656e4 messages free 18256->18257 18257->18262 18258 7ff887d4fff6 18263 7ff887d65e20 _Receive_impl 8 API calls 18258->18263 18260 7ff887d4ff4c _invalid_parameter_noinfo_noreturn 18260->18256 18261 7ff887d4fff1 18265 7ff887d656e4 messages free 18261->18265 18272 7ff887d4c830 18262->18272 18266 7ff887d50003 18263->18266 18264 7ff887d4ffea _invalid_parameter_noinfo_noreturn 18264->18261 18265->18258 18266->16563 18268 7ff887d4d4c0 std::bad_exception::bad_exception 6 API calls 18267->18268 18269 7ff887d4d65a 18268->18269 18270 7ff887d4d4c0 std::bad_exception::bad_exception 6 API calls 18269->18270 18271 7ff887d4d667 18270->18271 18271->18256 18271->18260 18271->18262 18273 7ff887d4c85d 18272->18273 18274 7ff887d4c8be ?_Xlength_error@std@@YAXPEBD 18272->18274 18275 7ff887d656a8 std::_Facet_Register 3 API calls 18273->18275 18276 7ff887d4c871 18275->18276 18276->18258 18276->18261 18276->18264 18278 7ff887d65ff2 RtlLookupFunctionEntry 18277->18278 18279 7ff887d66008 RtlVirtualUnwind 18278->18279 18280 7ff887d65f2f 18278->18280 18279->18278 18279->18280 18281 7ff887d65ed0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 18280->18281 18283 7ff887d65cc4 18282->18283 18284 7ff887d65ce1 LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 18282->18284 18283->18284 18285 7ff887d4a1f0 18286 7ff887d5d640 2 API calls 18285->18286 18287 7ff887d4a2a2 18286->18287 18288 7ff887d4a2cd 18287->18288 18290 7ff887d49100 7 API calls 18287->18290 18289 7ff887d606f0 2 API calls 18288->18289 18291 7ff887d4a2da 18289->18291 18290->18288 18292 7ff887d4a321 18291->18292 18294 7ff887d4a31c 18291->18294 18297 7ff887d4a315 _invalid_parameter_noinfo_noreturn 18291->18297 18293 7ff887d54280 13 API calls 18292->18293 18296 7ff887d4a36a 18293->18296 18295 7ff887d656e4 messages free 18294->18295 18295->18292 18322 7ff887d457c0 18296->18322 18297->18294 18300 7ff887d4a409 18302 7ff887d4e0d0 295 API calls 18300->18302 18301 7ff887d4a404 18304 7ff887d656e4 messages free 18301->18304 18305 7ff887d4a40e 18302->18305 18303 7ff887d4a3fd _invalid_parameter_noinfo_noreturn 18303->18301 18304->18300 18306 7ff887d54280 13 API calls 18305->18306 18307 7ff887d4a424 18306->18307 18340 7ff887d4f010 18307->18340 18310 7ff887d4a48d 18312 7ff887d606f0 2 API calls 18310->18312 18311 7ff887d4a488 18314 7ff887d656e4 messages free 18311->18314 18315 7ff887d4a4a6 18312->18315 18313 7ff887d4a481 _invalid_parameter_noinfo_noreturn 18313->18311 18314->18310 18316 7ff887d4a4ec 18315->18316 18317 7ff887d4a4e7 18315->18317 18319 7ff887d4a4e0 _invalid_parameter_noinfo_noreturn 18315->18319 18318 7ff887d65e20 _Receive_impl 8 API calls 18316->18318 18320 7ff887d656e4 messages free 18317->18320 18321 7ff887d4a609 18318->18321 18319->18317 18320->18316 18323 7ff887d4580c 18322->18323 18324 7ff887d449b0 31 API calls 18323->18324 18325 7ff887d458ec 18324->18325 18326 7ff887d49100 7 API calls 18325->18326 18327 7ff887d4591e 18326->18327 18328 7ff887d5e5b0 291 API calls 18327->18328 18329 7ff887d45936 18328->18329 18330 7ff887d45977 18329->18330 18331 7ff887d45972 18329->18331 18332 7ff887d4596b _invalid_parameter_noinfo_noreturn 18329->18332 18334 7ff887d459b9 18330->18334 18336 7ff887d459b2 _invalid_parameter_noinfo_noreturn 18330->18336 18339 7ff887d459be 18330->18339 18333 7ff887d656e4 messages free 18331->18333 18332->18331 18333->18330 18337 7ff887d656e4 messages free 18334->18337 18335 7ff887d65e20 _Receive_impl 8 API calls 18338 7ff887d459cf 18335->18338 18336->18334 18337->18339 18338->18300 18338->18301 18338->18303 18339->18335 18341 7ff887d4f078 memset 18340->18341 18342 7ff887d4f085 18340->18342 18341->18342 18343 7ff887d4f66c 18342->18343 18344 7ff887d4f091 _Mtx_lock 18342->18344 18448 7ff887d4c8d0 18343->18448 18346 7ff887d4f6a1 ?_Throw_C_error@std@@YAXH 18344->18346 18353 7ff887d4f0aa 18344->18353 18348 7ff887d4f0ed 18349 7ff887d4cd20 291 API calls 18348->18349 18366 7ff887d4f11a 18349->18366 18351 7ff887d4f68f _CxxThrowException 18351->18346 18353->18348 18377 7ff887d4fb10 18353->18377 18354 7ff887d4f634 18439 7ff887d4ca90 18354->18439 18356 7ff887d4f5c7 _Mtx_unlock 18358 7ff887d65e20 _Receive_impl 8 API calls 18356->18358 18360 7ff887d4a445 18358->18360 18360->18310 18360->18311 18360->18313 18361 7ff887d4d4c0 std::bad_exception::bad_exception 6 API calls 18361->18366 18362 7ff887d4f65a _CxxThrowException 18362->18343 18363 7ff887d53ff0 7 API calls 18363->18366 18364 7ff887d4f5fc _invalid_parameter_noinfo_noreturn 18365 7ff887d4f603 _invalid_parameter_noinfo_noreturn 18364->18365 18367 7ff887d4f60a _invalid_parameter_noinfo_noreturn 18365->18367 18366->18354 18366->18356 18366->18361 18366->18363 18366->18364 18366->18365 18366->18367 18368 7ff887d4f611 _invalid_parameter_noinfo_noreturn 18366->18368 18369 7ff887d4f618 _invalid_parameter_noinfo_noreturn 18366->18369 18370 7ff887d4f61f _invalid_parameter_noinfo_noreturn 18366->18370 18371 7ff887d4f626 _invalid_parameter_noinfo_noreturn 18366->18371 18372 7ff887d4f62d _invalid_parameter_noinfo_noreturn 18366->18372 18373 7ff887d45600 291 API calls 18366->18373 18374 7ff887d54280 13 API calls 18366->18374 18376 7ff887d656e4 free messages 18366->18376 18421 7ff887d4cec0 18366->18421 18367->18368 18368->18369 18369->18370 18370->18371 18371->18372 18372->18354 18373->18366 18374->18366 18376->18366 18378 7ff887d4fced 18377->18378 18379 7ff887d4fb43 18377->18379 18382 7ff887d4d4c0 std::bad_exception::bad_exception 6 API calls 18378->18382 18380 7ff887d4fb4d 18379->18380 18381 7ff887d4fdc3 18379->18381 18383 7ff887d4d4c0 std::bad_exception::bad_exception 6 API calls 18380->18383 18385 7ff887d4c8d0 31 API calls 18381->18385 18384 7ff887d4fcf5 18382->18384 18386 7ff887d4fb55 18383->18386 18387 7ff887d53ff0 7 API calls 18384->18387 18388 7ff887d4fdd3 18385->18388 18389 7ff887d53ff0 7 API calls 18386->18389 18390 7ff887d4fd0d 18387->18390 18391 7ff887d4d750 __std_exception_copy 18388->18391 18392 7ff887d4fb6d 18389->18392 18393 7ff887d4fd5a 18390->18393 18395 7ff887d4fd55 18390->18395 18399 7ff887d4fd4e _invalid_parameter_noinfo_noreturn 18390->18399 18394 7ff887d4fde0 _CxxThrowException 18391->18394 18398 7ff887d53ff0 7 API calls 18392->18398 18396 7ff887d4fdaa 18393->18396 18401 7ff887d4fda5 18393->18401 18405 7ff887d4fd9e _invalid_parameter_noinfo_noreturn 18393->18405 18400 7ff887d656e4 messages free 18395->18400 18397 7ff887d65e20 _Receive_impl 8 API calls 18396->18397 18403 7ff887d4fdb8 18397->18403 18404 7ff887d4fb85 18398->18404 18399->18395 18400->18393 18402 7ff887d656e4 messages free 18401->18402 18402->18396 18403->18353 18406 7ff887d53ff0 7 API calls 18404->18406 18405->18401 18407 7ff887d4fb9d 18406->18407 18408 7ff887d4fbf0 18407->18408 18410 7ff887d4fbeb 18407->18410 18414 7ff887d4fbe4 _invalid_parameter_noinfo_noreturn 18407->18414 18409 7ff887d4fc45 18408->18409 18412 7ff887d4fc40 18408->18412 18415 7ff887d4fc39 _invalid_parameter_noinfo_noreturn 18408->18415 18413 7ff887d4fc98 18409->18413 18417 7ff887d4fc93 18409->18417 18418 7ff887d4fc8c _invalid_parameter_noinfo_noreturn 18409->18418 18411 7ff887d656e4 messages free 18410->18411 18411->18408 18416 7ff887d656e4 messages free 18412->18416 18413->18396 18413->18401 18420 7ff887d4fce6 _invalid_parameter_noinfo_noreturn 18413->18420 18414->18410 18415->18412 18416->18409 18419 7ff887d656e4 messages free 18417->18419 18418->18417 18419->18413 18420->18378 18422 7ff887d4cf0c 18421->18422 18423 7ff887d449b0 31 API calls 18422->18423 18424 7ff887d4cfdd 18423->18424 18425 7ff887d49100 7 API calls 18424->18425 18426 7ff887d4d00f 18425->18426 18427 7ff887d5e5b0 291 API calls 18426->18427 18428 7ff887d4d027 18427->18428 18429 7ff887d4d063 18428->18429 18433 7ff887d4d05c _invalid_parameter_noinfo_noreturn 18428->18433 18434 7ff887d4d068 18428->18434 18430 7ff887d656e4 messages free 18429->18430 18430->18434 18431 7ff887d4d0aa 18436 7ff887d656e4 messages free 18431->18436 18432 7ff887d65e20 _Receive_impl 8 API calls 18437 7ff887d4d0c0 18432->18437 18433->18429 18434->18431 18435 7ff887d4d0a3 _invalid_parameter_noinfo_noreturn 18434->18435 18438 7ff887d4d0af 18434->18438 18435->18431 18436->18438 18437->18366 18438->18432 18440 7ff887d4cae5 18439->18440 18440->18440 18441 7ff887d449b0 31 API calls 18440->18441 18442 7ff887d4cb05 18441->18442 18443 7ff887d65e20 _Receive_impl 8 API calls 18442->18443 18444 7ff887d4cb15 18443->18444 18445 7ff887d4d5e0 18444->18445 18446 7ff887d4d5f6 __std_exception_copy 18445->18446 18447 7ff887d4d5f3 18445->18447 18446->18362 18447->18446 18449 7ff887d4c920 18448->18449 18449->18449 18450 7ff887d449b0 31 API calls 18449->18450 18451 7ff887d4c940 18450->18451 18452 7ff887d65e20 _Receive_impl 8 API calls 18451->18452 18453 7ff887d4c950 18452->18453 18454 7ff887d4d750 18453->18454 18455 7ff887d4d766 __std_exception_copy 18454->18455 18456 7ff887d4d763 18454->18456 18455->18351 18456->18455 18457 7ff887d4a620 18458 7ff887d5d640 2 API calls 18457->18458 18459 7ff887d4a699 18458->18459 18460 7ff887d4a6be 18459->18460 18462 7ff887d49100 7 API calls 18459->18462 18461 7ff887d606f0 2 API calls 18460->18461 18463 7ff887d4a6c8 18461->18463 18462->18460 18464 7ff887d4a709 18463->18464 18465 7ff887d4a704 18463->18465 18468 7ff887d4a6fd _invalid_parameter_noinfo_noreturn 18463->18468 18466 7ff887d54280 13 API calls 18464->18466 18469 7ff887d656e4 messages free 18465->18469 18467 7ff887d4a731 18466->18467 18494 7ff887d459e0 18467->18494 18468->18465 18469->18464 18472 7ff887d4a7a5 18474 7ff887d4e0d0 295 API calls 18472->18474 18473 7ff887d4a7a0 18476 7ff887d656e4 messages free 18473->18476 18477 7ff887d4a7aa 18474->18477 18475 7ff887d4a799 _invalid_parameter_noinfo_noreturn 18475->18473 18476->18472 18478 7ff887d54280 13 API calls 18477->18478 18479 7ff887d4a7bd 18478->18479 18512 7ff887d503f0 _Mtx_lock 18479->18512 18481 7ff887d4a7cc 18482 7ff887d4a813 18481->18482 18483 7ff887d4a80e 18481->18483 18485 7ff887d4a807 _invalid_parameter_noinfo_noreturn 18481->18485 18484 7ff887d606f0 2 API calls 18482->18484 18486 7ff887d656e4 messages free 18483->18486 18487 7ff887d4a81e 18484->18487 18485->18483 18486->18482 18488 7ff887d4a85e 18487->18488 18489 7ff887d4a859 18487->18489 18490 7ff887d4a852 _invalid_parameter_noinfo_noreturn 18487->18490 18492 7ff887d65e20 _Receive_impl 8 API calls 18488->18492 18491 7ff887d656e4 messages free 18489->18491 18490->18489 18491->18488 18493 7ff887d4a8c3 18492->18493 18495 7ff887d45a2c 18494->18495 18496 7ff887d449b0 31 API calls 18495->18496 18497 7ff887d45abe 18496->18497 18498 7ff887d49100 7 API calls 18497->18498 18499 7ff887d45af0 18498->18499 18500 7ff887d5e5b0 291 API calls 18499->18500 18501 7ff887d45b08 18500->18501 18502 7ff887d45b49 18501->18502 18503 7ff887d45b44 18501->18503 18506 7ff887d45b3d _invalid_parameter_noinfo_noreturn 18501->18506 18504 7ff887d45b90 18502->18504 18508 7ff887d45b8b 18502->18508 18511 7ff887d45b84 _invalid_parameter_noinfo_noreturn 18502->18511 18507 7ff887d656e4 messages free 18503->18507 18505 7ff887d65e20 _Receive_impl 8 API calls 18504->18505 18510 7ff887d45ba1 18505->18510 18506->18503 18507->18502 18509 7ff887d656e4 messages free 18508->18509 18509->18504 18510->18472 18510->18473 18510->18475 18511->18508 18513 7ff887d50441 18512->18513 18514 7ff887d505a3 ?_Throw_C_error@std@@YAXH 18512->18514 18516 7ff887d4d4c0 std::bad_exception::bad_exception 6 API calls 18513->18516 18515 7ff887d5073f 18514->18515 18518 7ff887d505cf 18514->18518 18515->18481 18534 7ff887d5044e 18516->18534 18517 7ff887d505d4 18517->18481 18518->18517 18519 7ff887d50626 18518->18519 18521 7ff887d50602 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 18518->18521 18519->18515 18525 7ff887d4e540 4 API calls 18519->18525 18520 7ff887d50508 18522 7ff887d50548 _Mtx_unlock 18520->18522 18524 7ff887d50543 18520->18524 18527 7ff887d5053c _invalid_parameter_noinfo_noreturn 18520->18527 18521->18481 18526 7ff887d65e20 _Receive_impl 8 API calls 18522->18526 18523 7ff887d4d4c0 std::bad_exception::bad_exception 6 API calls 18523->18534 18528 7ff887d656e4 messages free 18524->18528 18530 7ff887d50679 memmove 18525->18530 18531 7ff887d50587 18526->18531 18527->18524 18528->18522 18529 7ff887d504aa memcmp 18529->18534 18532 7ff887d506b7 18530->18532 18531->18481 18533 7ff887d50715 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 18532->18533 18539 7ff887d4e680 18532->18539 18533->18481 18534->18520 18534->18523 18534->18529 18536 7ff887d50501 _invalid_parameter_noinfo_noreturn 18534->18536 18537 7ff887d656e4 messages free 18534->18537 18536->18520 18537->18534 18540 7ff887d4e690 _invalid_parameter_noinfo_noreturn 18539->18540 18542 7ff887d77b10 18543 7ff887d77b2a 18542->18543 18546 7ff887d45460 18543->18546 18547 7ff887d454e0 18546->18547 18547->18547 18548 7ff887d449b0 31 API calls 18547->18548 18549 7ff887d45506 18548->18549 18550 7ff887d49100 7 API calls 18549->18550 18551 7ff887d4553e 18550->18551 18552 7ff887d5e5b0 291 API calls 18551->18552 18553 7ff887d45556 18552->18553 18554 7ff887d4559a 18553->18554 18556 7ff887d45595 18553->18556 18559 7ff887d4558e _invalid_parameter_noinfo_noreturn 18553->18559 18555 7ff887d455e1 18554->18555 18557 7ff887d455dc 18554->18557 18561 7ff887d455d5 _invalid_parameter_noinfo_noreturn 18554->18561 18558 7ff887d65e20 _Receive_impl 8 API calls 18555->18558 18560 7ff887d656e4 messages free 18556->18560 18562 7ff887d656e4 messages free 18557->18562 18563 7ff887d455f2 SetLastError 18558->18563 18559->18556 18560->18554 18561->18557 18562->18555

                                                            Executed Functions

                                                            Function 00007FF887D69CA0 Relevance: 4.9, APIs: 3, Instructions: 353COMMONCrypto
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 827 7ff887d69ca0-7ff887d69cc2 828 7ff887d69cc8-7ff887d69cef call 7ff887d68390 call 7ff887d68580 827->828 829 7ff887d69d62 827->829 846 7ff887d69cf0-7ff887d69cf5 828->846 830 7ff887d69d68-7ff887d69d8d 829->830 832 7ff887d69e24 830->832 833 7ff887d69d93-7ff887d69da0 830->833 836 7ff887d69e29-7ff887d69e4d 832->836 837 7ff887d69da2-7ff887d69da9 833->837 838 7ff887d69dd0-7ff887d69dd3 833->838 840 7ff887d69e53-7ff887d69e5b 836->840 841 7ff887d69ee0-7ff887d69efd 836->841 842 7ff887d69daf-7ff887d69dba call 7ff887d656a8 837->842 843 7ff887d6a1c3-7ff887d6a1c9 call 7ff887d48ea0 837->843 844 7ff887d69ddf 838->844 845 7ff887d69dd5-7ff887d69ddd call 7ff887d656a8 838->845 847 7ff887d69e60-7ff887d69e6a 840->847 849 7ff887d69f05 841->849 864 7ff887d69dbc-7ff887d69dc8 842->864 865 7ff887d69dca _invalid_parameter_noinfo_noreturn 842->865 852 7ff887d69de1-7ff887d69df6 844->852 845->852 846->830 853 7ff887d69cf7-7ff887d69cfe 846->853 854 7ff887d69e6c 847->854 855 7ff887d69e84-7ff887d69e92 847->855 857 7ff887d69f08-7ff887d69f0b 849->857 860 7ff887d69e00-7ff887d69e17 852->860 861 7ff887d69d48-7ff887d69d60 call 7ff887d68620 853->861 862 7ff887d69d00-7ff887d69d21 853->862 863 7ff887d69e6f-7ff887d69e71 854->863 868 7ff887d69e94-7ff887d69e9f 855->868 869 7ff887d69ec0-7ff887d69ec4 855->869 866 7ff887d69f0d-7ff887d69f18 call 7ff887d58050 857->866 867 7ff887d69f5a-7ff887d69f68 857->867 860->860 870 7ff887d69e19-7ff887d69e22 860->870 861->846 862->861 892 7ff887d69d23-7ff887d69d31 862->892 873 7ff887d69e82 863->873 874 7ff887d69e73-7ff887d69e7b 863->874 864->852 865->838 884 7ff887d69f1b-7ff887d69f1d 866->884 877 7ff887d69f6e-7ff887d69f71 867->877 878 7ff887d6a101-7ff887d6a104 867->878 868->869 875 7ff887d69ea1-7ff887d69eb5 868->875 871 7ff887d69ec6-7ff887d69eca 869->871 872 7ff887d69ed2-7ff887d69ed9 869->872 870->836 871->872 872->847 881 7ff887d69edb 872->881 873->855 874->863 883 7ff887d69e7d-7ff887d69e80 874->883 875->869 905 7ff887d69eb7-7ff887d69eba 875->905 886 7ff887d6a0ce 877->886 887 7ff887d69f77-7ff887d69f7a 877->887 879 7ff887d6a10a-7ff887d6a10f 878->879 880 7ff887d6a193-7ff887d6a19b 878->880 888 7ff887d6a156-7ff887d6a16c 879->888 889 7ff887d6a111-7ff887d6a118 879->889 890 7ff887d6a19d-7ff887d6a1a8 880->890 891 7ff887d6a1b0-7ff887d6a1c2 880->891 881->841 883->855 893 7ff887d69f1f-7ff887d69f4a 884->893 894 7ff887d69f4c-7ff887d69f58 884->894 886->849 896 7ff887d6a098-7ff887d6a0ca 887->896 897 7ff887d69f80-7ff887d69f9a call 7ff887d76670 887->897 903 7ff887d6a16e-7ff887d6a181 888->903 904 7ff887d6a18a-7ff887d6a192 call 7ff887d656e4 888->904 899 7ff887d6a11a-7ff887d6a125 889->899 900 7ff887d6a146-7ff887d6a14f 889->900 890->891 901 7ff887d6a1aa-7ff887d6a1af call 7ff887d69780 890->901 892->861 902 7ff887d69d33-7ff887d69d36 892->902 893->857 894->857 896->886 915 7ff887d69f9c-7ff887d69fad call 7ff887d69b00 call 7ff887d76670 897->915 916 7ff887d69fb0-7ff887d69fb7 897->916 899->900 908 7ff887d6a127-7ff887d6a13b 899->908 900->889 911 7ff887d6a151 900->911 901->891 902->861 910 7ff887d69d38-7ff887d69d3c 902->910 903->904 912 7ff887d6a183-7ff887d6a189 _invalid_parameter_noinfo_noreturn 903->912 904->880 905->869 908->900 924 7ff887d6a13d-7ff887d6a140 908->924 910->861 918 7ff887d69d3e-7ff887d69d41 910->918 911->888 912->904 915->916 921 7ff887d6a08d-7ff887d6a090 916->921 922 7ff887d69fbd-7ff887d69fc7 916->922 918->861 921->896 925 7ff887d69fd0-7ff887d6a062 922->925 924->900 927 7ff887d6a064-7ff887d6a07c 925->927 928 7ff887d6a080-7ff887d6a087 925->928 927->928 928->921 928->925
                                                            C-Code - Quality: 48%
                                                            			E00007FF87FF887D69CA0(void* __rax, long long __rcx, signed long long __rdx, void* __r9, void* _a8, signed char _a16, long long _a24, long long _a32) {
				char _v72;
				long long _v96;
				intOrPtr _v104;
				intOrPtr _v112;
				long long _v120;
				long long _v128;
				long long _v136;
				signed long long _v144;
				void* _v152;
				void* __rbx;
				void* __rsi;
				void* _t97;
				void* _t102;
				void* _t103;
				signed int _t140;
				signed int _t143;
				void* _t156;
				signed long long _t161;
				intOrPtr _t164;
				intOrPtr* _t191;
				intOrPtr _t192;
				long long _t194;
				signed long long _t196;
				intOrPtr* _t206;
				void* _t219;
				long long _t220;
				long long _t221;
				long long* _t223;
				long long _t224;
				intOrPtr* _t225;
				intOrPtr* _t226;
				intOrPtr* _t228;
				intOrPtr* _t232;
				void* _t234;
				long long _t267;
				intOrPtr* _t270;
				signed long long _t276;
				signed long long _t277;
				intOrPtr* _t278;
				long long* _t279;
				void* _t283;
				long long* _t285;
				long long _t286;
				signed long long _t287;
				signed long long _t289;
				long long* _t296;
				intOrPtr* _t299;
				signed long long _t300;
				void* _t302;
				void* _t303;
				long long* _t304;
				intOrPtr _t306;
				intOrPtr* _t307;

				_a8 = __rcx;
				_t276 = __rdx;
				_t306 =  *((intOrPtr*)(__rdx));
				if ( *((char*)(_t306 + 0x18)) == 0) goto 0x87d69d62;
				_t4 = _t306 + 8; // -64
				_t97 = E00007FF87FF887D68390(_t219, _t4,  &_v120, _t283);
				_t6 = _t306 + 8; // -64
				E00007FF87FF887D68580(_t97, _t6,  &_v72);
				r13d = 0xffffffff;
				_t220 = _v120;
				if (_t220 == _v72) goto 0x87d69d68;
				_t232 =  *((intOrPtr*)(_t220 + 0x18));
				if (_t232 == 0) goto 0x87d69d48;
				_t191 =  *_t232;
				 *((intOrPtr*)(_t191 + 0x18))();
				 *_t191 =  *((intOrPtr*)(_t220 + 0x18));
				 *((long long*)(_t220 + 0x18)) =  *_t191;
				_t192 = _v104;
				if (_t192 == 0) goto 0x87d69d48;
				_t234 = _t192 + 8;
				asm("lock xadd [ecx], eax");
				if (r13d != 1) goto 0x87d69d48;
				_t156 = _t234;
				if (_t156 == 0) goto 0x87d69d48;
				if (_t156 == 0) goto 0x87d69d48;
				 *((intOrPtr*)( *((intOrPtr*)(_t234 + 0xfffffff8))))();
				_t102 = E00007FF87FF887D68620(_v112);
				_t194 = _v120;
				_t221 =  *((intOrPtr*)(_t194 + 8));
				_v120 = _t221;
				goto 0x87d69cf0;
				r13d = 0xffffffff;
				 *_t276 = 0;
				_v152 = _t306;
				asm("xorps xmm0, xmm0");
				asm("movdqu [esp+0x28], xmm0");
				_v128 = 0;
				if (_t221 == 0) goto 0x87d69e24;
				_t277 = _t276 << 4;
				if (_t277 - 0x1000 < 0) goto 0x87d69dd0;
				if (_t277 + 0x27 - _t277 <= 0) goto 0x87d6a1c3;
				_t103 = E00007FF87FF887D656A8(_t102, _t194, _t277 + 0x27);
				if (_t194 == 0) goto 0x87d69dca;
				_t196 = _t194 + 0x00000027 & 0xffffffe0;
				 *((long long*)(_t196 - 8)) = _t194;
				goto 0x87d69de1;
				__imp___invalid_parameter_noinfo_noreturn();
				_t161 = _t277;
				if (_t161 == 0) goto 0x87d69ddf;
				E00007FF87FF887D656A8(_t103, _t196, _t277);
				goto 0x87d69de1;
				_v144 = _t196;
				_v128 = _t196 + _t277;
				asm("o16 nop [eax+eax]");
				 *_t196 = 0;
				 *((long long*)(_t196 + 8)) = 0;
				if (_t161 != 0) goto 0x87d69e00;
				_v136 = _t196 + 0x10;
				goto 0x87d69e29;
				_t285 = _v144;
				_t304 = _t285;
				_v96 = _t285;
				_t307 = _t306 + 0x20;
				r12d =  *(_t306 + 0x10);
				_t302 = (_t300 << 4) + _t307;
				_t223 = _t285;
				_a24 = _t223;
				if (_t307 == _t302) goto 0x87d69ee0;
				_a24 = _t223;
				r8d = 0;
				_t267 =  *((intOrPtr*)(_t307 + 8));
				if (_t267 == 0) goto 0x87d69e84;
				_t164 =  *((intOrPtr*)(_t267 + 8));
				if (_t164 == 0) goto 0x87d69e82;
				asm("lock cmpxchg [edx+0x8], ecx");
				if (_t164 != 0) goto 0x87d69e6f;
				goto 0x87d69e84;
				 *_t223 =  *_t307;
				_t278 =  *((intOrPtr*)(_t223 + 8));
				 *((long long*)(_t223 + 8)) = _t267;
				if (_t278 == 0) goto 0x87d69ec0;
				asm("lock xadd [edi+0x8], eax");
				if (r13d != 1) goto 0x87d69ec0;
				 *((intOrPtr*)( *_t278 + 8))();
				asm("lock xadd [edi+0xc], eax");
				if (r13d != 1) goto 0x87d69ec0;
				 *((intOrPtr*)( *_t278 + 0x10))();
				if ( *_t223 == 0) goto 0x87d69ed2;
				_t224 = _t223 + 0x10;
				_a24 = _t224;
				if (_t307 + 0x10 != _t302) goto 0x87d69e60;
				_t286 = _v144;
				r12b = (_t224 - _t286 & 0xfffffff0) - 0x10 <= 0;
				_a16 = r12b;
				_t279 = _t286;
				_a32 = _t286;
				r15b = 1;
				if (_t279 == _t224) goto 0x87d69f5a;
				if ( *((intOrPtr*)( *((intOrPtr*)( *_t279)) + 0x18))() == 0) goto 0x87d69f4c;
				_t225 = _t224 - 0x10;
				_a24 = _t225;
				 *_t225 =  *_t279;
				 *_t279 =  *_t225;
				 *((long long*)(_t279 + 8)) =  *((intOrPtr*)(_t225 + 8));
				 *((long long*)(_t225 + 8)) =  *((intOrPtr*)(_t279 + 8));
				r15b = 0;
				goto 0x87d69f08;
				_a32 = _t279 + 0x10;
				goto 0x87d69f08;
				_a32 = _t304;
				if (_t304 == _t225) goto 0x87d6a101;
				if (r15b == 0) goto 0x87d6a0ce;
				if (r12b != 0) goto 0x87d6a098;
				_t206 = _a8;
				E00007FF87FF887D76670(_t206);
				if (_t206 != 0) goto 0x87d69fb0;
				E00007FF87FF887D69B00( *(_t306 + 0x10), _t206, _t225,  *_t206,  *_t307, __r9);
				E00007FF87FF887D76670(_t206);
				_t299 = _t206;
				_t296 = _t304 + 0x10;
				if (_t296 == _t225) goto 0x87d6a08d;
				asm("o16 nop [eax+eax]");
				_t140 =  *(_t299 + 8);
				r9d = _t140;
				r9d = r9d >> 0xd;
				r9d = r9d ^ _t140 & 0x0007ffc0;
				r9d = r9d >> 6;
				r9d = r9d ^ (_t140 & 0xfffffffe) << 0x0000000c;
				 *(_t299 + 8) = r9d;
				_t143 =  *(_t299 + 0xc);
				r8d = _t143;
				r8d = r8d & 0x3f800000;
				r8d = r8d ^ _t143 >> 0x00000002;
				r8d = r8d >> 0x17;
				r8d = r8d ^ (_t143 & 0xfffffff8) << 0x00000004;
				 *(_t299 + 0xc) = r8d;
				 *(_t299 + 0x10) = ( *(_t299 + 0x10) >> 0x00000003 ^  *(_t299 + 0x10) & 0x1fffff00) >> 0x00000008 ^ ( *(_t299 + 0x10) & 0xfffffff0) << 0x00000011;
				asm("dec eax");
				_t270 = ( &_v152 << 4) + _t304;
				if (_t270 == _t296) goto 0x87d6a080;
				 *_t270 =  *_t296;
				 *_t296 =  *_t270;
				 *((long long*)(_t296 + 8)) =  *((intOrPtr*)(_t270 + 8));
				 *((long long*)(_t270 + 8)) =  *((intOrPtr*)(_t296 + 8));
				if (_t296 + 0x10 != _t225) goto 0x87d69fd0;
				r12b = 1;
				_a16 = r12b;
				 *((intOrPtr*)( *((intOrPtr*)( *_t304)) + 0x10))();
				_t226 = _t225 - 0x10;
				_a24 = _t226;
				 *_t226 =  *_t304;
				 *_t304 =  *_t226;
				 *((long long*)(_t304 + 8)) =  *((intOrPtr*)(_t226 + 8));
				 *((long long*)(_t226 + 8)) =  *((intOrPtr*)(_t304 + 8));
				r13d = 0xffffffff;
				_t287 = _v144;
				r12d = _a16 & 0x000000ff;
				goto 0x87d69f05;
				if (_t287 == 0) goto 0x87d6a193;
				if (_t287 == _v136) goto 0x87d6a156;
				_t228 =  *((intOrPtr*)(_t287 + 8));
				if (_t228 == 0) goto 0x87d6a146;
				asm("lock xadd [ebx+0x8], eax");
				if (r13d != 1) goto 0x87d6a146;
				 *((intOrPtr*)( *_t228 + 8))();
				asm("lock xadd [ebx+0xc], eax");
				if (r13d != 1) goto 0x87d6a146;
				 *((intOrPtr*)( *_t228 + 0x10))();
				if (_t287 + 0x10 != _v136) goto 0x87d6a111;
				_t289 = _v144;
				if ((_v128 - _t289 & 0xfffffff0) - 0x1000 < 0) goto 0x87d6a18a;
				if (_t289 -  *((intOrPtr*)(_t289 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d6a18a;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				if (_v152 == 0) goto 0x87d6a1b0;
				asm("lock inc esp");
				if (_t303 - 1 != 0) goto 0x87d6a1b0;
				return E00007FF87FF887D69780(_t228, _v152,  *((intOrPtr*)(_t289 - 8)));
			}
























































                                                            0x7ff887d69ca0
                                                            0x7ff887d69cb7
                                                            0x7ff887d69cba
                                                            0x7ff887d69cc2
                                                            0x7ff887d69ccd
                                                            0x7ff887d69cd1
                                                            0x7ff887d69cdb
                                                            0x7ff887d69cdf
                                                            0x7ff887d69ce4
                                                            0x7ff887d69cea
                                                            0x7ff887d69cf5
                                                            0x7ff887d69cf7
                                                            0x7ff887d69cfe
                                                            0x7ff887d69d00
                                                            0x7ff887d69d08
                                                            0x7ff887d69d12
                                                            0x7ff887d69d15
                                                            0x7ff887d69d19
                                                            0x7ff887d69d21
                                                            0x7ff887d69d23
                                                            0x7ff887d69d2a
                                                            0x7ff887d69d31
                                                            0x7ff887d69d33
                                                            0x7ff887d69d36
                                                            0x7ff887d69d3c
                                                            0x7ff887d69d46
                                                            0x7ff887d69d4d
                                                            0x7ff887d69d52
                                                            0x7ff887d69d57
                                                            0x7ff887d69d5b
                                                            0x7ff887d69d60
                                                            0x7ff887d69d62
                                                            0x7ff887d69d68
                                                            0x7ff887d69d6f
                                                            0x7ff887d69d78
                                                            0x7ff887d69d7b
                                                            0x7ff887d69d81
                                                            0x7ff887d69d8d
                                                            0x7ff887d69d95
                                                            0x7ff887d69da0
                                                            0x7ff887d69da9
                                                            0x7ff887d69daf
                                                            0x7ff887d69dba
                                                            0x7ff887d69dc0
                                                            0x7ff887d69dc4
                                                            0x7ff887d69dc8
                                                            0x7ff887d69dca
                                                            0x7ff887d69dd0
                                                            0x7ff887d69dd3
                                                            0x7ff887d69dd8
                                                            0x7ff887d69ddd
                                                            0x7ff887d69de8
                                                            0x7ff887d69ded
                                                            0x7ff887d69df6
                                                            0x7ff887d69e00
                                                            0x7ff887d69e07
                                                            0x7ff887d69e17
                                                            0x7ff887d69e19
                                                            0x7ff887d69e22
                                                            0x7ff887d69e24
                                                            0x7ff887d69e29
                                                            0x7ff887d69e2c
                                                            0x7ff887d69e31
                                                            0x7ff887d69e35
                                                            0x7ff887d69e3c
                                                            0x7ff887d69e3f
                                                            0x7ff887d69e42
                                                            0x7ff887d69e4d
                                                            0x7ff887d69e53
                                                            0x7ff887d69e60
                                                            0x7ff887d69e63
                                                            0x7ff887d69e6a
                                                            0x7ff887d69e6f
                                                            0x7ff887d69e71
                                                            0x7ff887d69e76
                                                            0x7ff887d69e7b
                                                            0x7ff887d69e80
                                                            0x7ff887d69e84
                                                            0x7ff887d69e87
                                                            0x7ff887d69e8b
                                                            0x7ff887d69e92
                                                            0x7ff887d69e97
                                                            0x7ff887d69e9f
                                                            0x7ff887d69ea7
                                                            0x7ff887d69ead
                                                            0x7ff887d69eb5
                                                            0x7ff887d69ebd
                                                            0x7ff887d69ec4
                                                            0x7ff887d69ec6
                                                            0x7ff887d69eca
                                                            0x7ff887d69ed9
                                                            0x7ff887d69edb
                                                            0x7ff887d69eee
                                                            0x7ff887d69ef2
                                                            0x7ff887d69efa
                                                            0x7ff887d69efd
                                                            0x7ff887d69f05
                                                            0x7ff887d69f0b
                                                            0x7ff887d69f1d
                                                            0x7ff887d69f1f
                                                            0x7ff887d69f23
                                                            0x7ff887d69f31
                                                            0x7ff887d69f34
                                                            0x7ff887d69f3f
                                                            0x7ff887d69f43
                                                            0x7ff887d69f47
                                                            0x7ff887d69f4a
                                                            0x7ff887d69f50
                                                            0x7ff887d69f58
                                                            0x7ff887d69f5d
                                                            0x7ff887d69f68
                                                            0x7ff887d69f71
                                                            0x7ff887d69f7a
                                                            0x7ff887d69f80
                                                            0x7ff887d69f8f
                                                            0x7ff887d69f9a
                                                            0x7ff887d69f9f
                                                            0x7ff887d69fa8
                                                            0x7ff887d69fad
                                                            0x7ff887d69fb0
                                                            0x7ff887d69fb7
                                                            0x7ff887d69fc7
                                                            0x7ff887d69fd0
                                                            0x7ff887d69fd4
                                                            0x7ff887d69fd7
                                                            0x7ff887d69fe2
                                                            0x7ff887d69fe5
                                                            0x7ff887d69fef
                                                            0x7ff887d69ff2
                                                            0x7ff887d69ff6
                                                            0x7ff887d69ffa
                                                            0x7ff887d69ffd
                                                            0x7ff887d6a009
                                                            0x7ff887d6a00c
                                                            0x7ff887d6a016
                                                            0x7ff887d6a019
                                                            0x7ff887d6a03b
                                                            0x7ff887d6a053
                                                            0x7ff887d6a05c
                                                            0x7ff887d6a062
                                                            0x7ff887d6a06a
                                                            0x7ff887d6a06d
                                                            0x7ff887d6a078
                                                            0x7ff887d6a07c
                                                            0x7ff887d6a087
                                                            0x7ff887d6a08d
                                                            0x7ff887d6a090
                                                            0x7ff887d6a0a3
                                                            0x7ff887d6a0a6
                                                            0x7ff887d6a0aa
                                                            0x7ff887d6a0b8
                                                            0x7ff887d6a0bb
                                                            0x7ff887d6a0c6
                                                            0x7ff887d6a0ca
                                                            0x7ff887d6a0d3
                                                            0x7ff887d6a0d9
                                                            0x7ff887d6a0eb
                                                            0x7ff887d6a0fc
                                                            0x7ff887d6a104
                                                            0x7ff887d6a10f
                                                            0x7ff887d6a111
                                                            0x7ff887d6a118
                                                            0x7ff887d6a11d
                                                            0x7ff887d6a125
                                                            0x7ff887d6a12d
                                                            0x7ff887d6a133
                                                            0x7ff887d6a13b
                                                            0x7ff887d6a143
                                                            0x7ff887d6a14f
                                                            0x7ff887d6a151
                                                            0x7ff887d6a16c
                                                            0x7ff887d6a181
                                                            0x7ff887d6a183
                                                            0x7ff887d6a189
                                                            0x7ff887d6a18d
                                                            0x7ff887d6a19b
                                                            0x7ff887d6a19d
                                                            0x7ff887d6a1a8
                                                            0x7ff887d6a1c2

                                                            APIs
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,-00000048,?,?,?,00000000), ref: 00007FF887D69DCA
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 3668304517-0
                                                            • Opcode ID: f9f3f1f0bf61b3e3777ae63e9082cabff50ef6bf8633eb60f008c8dbe202ed4d
                                                            • Instruction ID: 8b0348a42bd24390f8ec6f000dddc6a21a88f671568d733b93e6713d604ee964
                                                            • Opcode Fuzzy Hash: f9f3f1f0bf61b3e3777ae63e9082cabff50ef6bf8633eb60f008c8dbe202ed4d
                                                            • Instruction Fuzzy Hash: A9E19E32A49A4182EB908F25D44436D73B4FB94BE4F198335EAAE47798DF3CE851C780
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D5E600 Relevance: 44.4, APIs: 17, Strings: 8, Instructions: 637stringCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 0 7ff887d5e600-7ff887d5e65a call 7ff887d65430 3 7ff887d5e660-7ff887d5e6d7 call 7ff887d61790 call 7ff887d5d640 call 7ff887d617c0 0->3 4 7ff887d5f013-7ff887d5f05a call 7ff887d6543c strerror 0->4 17 7ff887d5e6dc-7ff887d5e6fd 3->17 18 7ff887d5e6d9 3->18 10 7ff887d5f060-7ff887d5f067 4->10 10->10 12 7ff887d5f069-7ff887d5f079 call 7ff887d49100 10->12 19 7ff887d5e6ff 17->19 20 7ff887d5e702-7ff887d5e71c 17->20 18->17 19->20 21 7ff887d5e71e 20->21 22 7ff887d5e721-7ff887d5e78c call 7ff887d449b0 20->22 21->22 25 7ff887d5e7ad-7ff887d5e7db 22->25 26 7ff887d5e78e-7ff887d5e7a6 call 7ff887d5bd30 22->26 28 7ff887d5e7dd-7ff887d5e7f2 call 7ff887d656a8 25->28 29 7ff887d5e7f9-7ff887d5e824 25->29 26->25 28->29 32 7ff887d5e85d-7ff887d5e880 29->32 33 7ff887d5e826-7ff887d5e83a 29->33 37 7ff887d5e8b6-7ff887d5e8c1 32->37 38 7ff887d5e882-7ff887d5e893 32->38 35 7ff887d5e83c-7ff887d5e84f 33->35 36 7ff887d5e858 call 7ff887d656e4 33->36 35->36 41 7ff887d5e851-7ff887d5e857 _invalid_parameter_noinfo_noreturn 35->41 36->32 39 7ff887d5e967-7ff887d5e97c _Mtx_unlock 37->39 40 7ff887d5e8c7-7ff887d5e8ce 37->40 43 7ff887d5e895-7ff887d5e8a8 38->43 44 7ff887d5e8b1 call 7ff887d656e4 38->44 45 7ff887d5efe9-7ff887d5f012 call 7ff887d65e20 39->45 46 7ff887d5e982-7ff887d5e9be AcquireSRWLockShared call 7ff887d699b0 call 7ff887d68020 call 7ff887d680e0 39->46 49 7ff887d5e8d0-7ff887d5e8f0 40->49 41->36 43->44 47 7ff887d5e8aa-7ff887d5e8b0 _invalid_parameter_noinfo_noreturn 43->47 44->37 66 7ff887d5e9e1 46->66 71 7ff887d5e9c0-7ff887d5e9d8 46->71 47->44 52 7ff887d5e922-7ff887d5e943 49->52 53 7ff887d5e8f2-7ff887d5e8ff 49->53 58 7ff887d5e94a-7ff887d5e951 52->58 59 7ff887d5e945-7ff887d5e948 52->59 56 7ff887d5e91d call 7ff887d656e4 53->56 57 7ff887d5e901-7ff887d5e914 53->57 56->52 61 7ff887d5e9da-7ff887d5e9e0 _invalid_parameter_noinfo_noreturn 57->61 62 7ff887d5e91a 57->62 64 7ff887d5e954-7ff887d5e961 58->64 59->64 61->66 62->56 64->39 64->49 68 7ff887d5e9e4-7ff887d5ea3f call 7ff887d6a540 call 7ff887d68120 call 7ff887d61260 call 7ff887d52ca0 66->68 79 7ff887d5ea5d-7ff887d5ea7c call 7ff887d42190 68->79 80 7ff887d5ea41-7ff887d5ea50 68->80 71->68 84 7ff887d5ea7f-7ff887d5ead6 call 7ff887d58800 call 7ff887d680e0 79->84 81 7ff887d5ea55-7ff887d5ea5b 80->81 82 7ff887d5ea52 80->82 81->84 82->81 90 7ff887d5ead8-7ff887d5eb08 84->90 91 7ff887d5eb0a 84->91 92 7ff887d5eb0d-7ff887d5eb42 call 7ff887d677f0 call 7ff887d68120 90->92 91->92 97 7ff887d5eb6c-7ff887d5eb74 92->97 98 7ff887d5eb44-7ff887d5eb51 92->98 100 7ff887d5ebab-7ff887d5ebb6 97->100 101 7ff887d5eb76-7ff887d5eb87 97->101 98->97 99 7ff887d5eb53-7ff887d5eb61 98->99 99->97 104 7ff887d5eb63-7ff887d5eb6b 99->104 102 7ff887d5ebb8-7ff887d5ebcc 100->102 103 7ff887d5ebf0-7ff887d5ebfb 100->103 105 7ff887d5eb89-7ff887d5eb9c 101->105 106 7ff887d5eba5-7ff887d5ebaa call 7ff887d656e4 101->106 107 7ff887d5ebce-7ff887d5ebe1 102->107 108 7ff887d5ebea-7ff887d5ebef call 7ff887d656e4 102->108 109 7ff887d5ebfd-7ff887d5ec11 103->109 110 7ff887d5ec34-7ff887d5ec58 103->110 104->97 105->106 111 7ff887d5eb9e-7ff887d5eba4 _invalid_parameter_noinfo_noreturn 105->111 106->100 107->108 114 7ff887d5ebe3-7ff887d5ebe9 _invalid_parameter_noinfo_noreturn 107->114 108->103 117 7ff887d5ec2f call 7ff887d656e4 109->117 118 7ff887d5ec13-7ff887d5ec26 109->118 119 7ff887d5ec5a-7ff887d5ec6e 110->119 120 7ff887d5ec91-7ff887d5ecb3 110->120 111->106 114->108 117->110 118->117 126 7ff887d5ec28-7ff887d5ec2e _invalid_parameter_noinfo_noreturn 118->126 121 7ff887d5ec8c call 7ff887d656e4 119->121 122 7ff887d5ec70-7ff887d5ec83 119->122 123 7ff887d5eccd-7ff887d5ecde call 7ff887d680e0 120->123 124 7ff887d5ecb5-7ff887d5ecc9 120->124 121->120 122->121 128 7ff887d5ec85-7ff887d5ec8b _invalid_parameter_noinfo_noreturn 122->128 132 7ff887d5ecfd 123->132 133 7ff887d5ece0-7ff887d5ecfb 123->133 124->123 126->117 128->121 134 7ff887d5ed00-7ff887d5ed30 call 7ff887d677f0 call 7ff887d68120 132->134 133->134 139 7ff887d5ed5b-7ff887d5ed78 call 7ff887d5d640 call 7ff887d680e0 134->139 140 7ff887d5ed32-7ff887d5ed3f 134->140 147 7ff887d5ed9c-7ff887d5ed9e 139->147 148 7ff887d5ed7a-7ff887d5ed9a call 7ff887d4d4c0 139->148 140->139 141 7ff887d5ed41-7ff887d5ed4f 140->141 141->139 143 7ff887d5ed51-7ff887d5ed54 141->143 143->139 150 7ff887d5eda0-7ff887d5eda3 147->150 148->150 152 7ff887d5edaf-7ff887d5eddf call 7ff887d677f0 call 7ff887d68120 150->152 153 7ff887d5eda5-7ff887d5edaa 150->153 158 7ff887d5ee0a-7ff887d5ee16 call 7ff887d69ac0 152->158 159 7ff887d5ede1-7ff887d5edee 152->159 153->152 164 7ff887d5ee18-7ff887d5ee39 call 7ff887d6a9d0 call 7ff887d69c80 158->164 165 7ff887d5ee3b-7ff887d5ee3e 158->165 159->158 160 7ff887d5edf0-7ff887d5edfe 159->160 160->158 162 7ff887d5ee00-7ff887d5ee03 160->162 162->158 166 7ff887d5ee43-7ff887d5ee46 164->166 165->166 168 7ff887d5ee4c-7ff887d5ef05 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z call 7ff887d5e130 call 7ff887d6dc80 166->168 169 7ff887d5efc7-7ff887d5efca 166->169 183 7ff887d5ef07-7ff887d5ef0b 168->183 184 7ff887d5ef30-7ff887d5ef36 168->184 172 7ff887d5efcc-7ff887d5efd1 call 7ff887d697f0 169->172 173 7ff887d5efd6-7ff887d5efe4 call 7ff887d5a280 ReleaseSRWLockShared 169->173 172->173 173->45 185 7ff887d5ef0d-7ff887d5ef11 183->185 186 7ff887d5ef21-7ff887d5ef2e 183->186 187 7ff887d5ef3d-7ff887d5ef44 call 7ff887d5d2c0 184->187 188 7ff887d5ef49-7ff887d5ef52 185->188 189 7ff887d5ef13-7ff887d5ef1f 185->189 186->187 187->188 191 7ff887d5ef54 188->191 192 7ff887d5ef57-7ff887d5ef7d call 7ff887d5d2c0 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ call 7ff887d69ca0 188->192 189->187 191->192 196 7ff887d5ef82-7ff887d5ef98 call 7ff887d6dc10 192->196 199 7ff887d5ef9a-7ff887d5efa1 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ 196->199 200 7ff887d5efa7-7ff887d5efc2 ??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ 196->200 199->200 200->169
                                                            C-Code - Quality: 33%
                                                            			E00007FF87FF887D5E600(void* __eax, void* __ecx, intOrPtr __edx, long long __rbx, void* __rcx, signed int __rdx, void* __r8, long long __r9) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* __r13;
				void* __r14;
				void* __r15;
				void* _t191;
				signed int _t215;
				void* _t234;
				void* _t242;
				void* _t269;
				void* _t286;
				long long _t322;
				signed long long _t328;
				signed long long _t338;
				signed long long _t339;
				long long _t341;
				intOrPtr _t350;
				long long _t352;
				long long* _t353;
				long long* _t357;
				intOrPtr _t358;
				long long* _t372;
				intOrPtr _t374;
				long long _t375;
				intOrPtr _t377;
				intOrPtr* _t378;
				signed int _t389;
				char* _t390;
				long long _t393;
				intOrPtr _t409;
				intOrPtr _t411;
				signed long long _t412;
				intOrPtr _t414;
				intOrPtr _t419;
				intOrPtr* _t443;
				intOrPtr _t450;
				signed long long _t451;
				intOrPtr* _t456;
				intOrPtr* _t461;
				long long _t465;
				long long _t488;
				long long _t489;
				intOrPtr _t490;
				intOrPtr _t493;
				signed long long _t496;
				intOrPtr _t497;
				signed long long _t501;
				intOrPtr _t506;
				intOrPtr _t509;
				intOrPtr _t512;
				intOrPtr _t515;
				intOrPtr _t518;
				intOrPtr _t521;
				void* _t534;
				long long _t536;
				void* _t538;
				long long _t540;
				void* _t542;
				void* _t543;
				void* _t545;
				signed long long _t546;
				intOrPtr _t552;
				char* _t564;
				void* _t565;
				void* _t567;
				void* _t568;
				void* _t571;
				intOrPtr* _t572;
				void* _t575;
				void* _t576;

				 *((long long*)(_t545 + 0x10)) = __rbx;
				_t543 = _t545 - 0x280;
				_t546 = _t545 - 0x380;
				_t328 =  *0x87d8ec78; // 0x522936145607
				 *(_t543 + 0x270) = _t328 ^ _t546;
				 *((long long*)(_t546 + 0x48)) = __r9;
				_t568 = __r8;
				r12d = __edx;
				_t576 = __rcx;
				_t572 =  *((intOrPtr*)(_t543 + 0x2e0));
				 *((long long*)(_t543 - 0x50)) = 0x87d91b20;
				0x87d65430();
				if (__eax != 0) goto 0x87d5f013;
				E00007FF87FF887D61790(__eax, 0x87d91b20, __rdx);
				_t388 = (__rdx >> 7) + (__rdx >> 7 >> 0x3f);
				_t540 = 0x87d91b20 - ((__rdx >> 7) + (__rdx >> 7 >> 0x3f)) * 0x3e8;
				E00007FF87FF887D5D640((__rdx >> 7) + (__rdx >> 7 >> 0x3f), ((__rdx >> 7) + (__rdx >> 7 >> 0x3f)) * 0x3e8, __r8);
				 *((long long*)(_t543 + 0x40)) = 0xe353f7cf;
				 *((long long*)(_t543 + 0x58)) = 0xf;
				 *((long long*)(_t543 + 0x50)) = 2;
				 *((short*)(_t543 + 0x40)) = 0x5425;
				 *((char*)(_t543 + 0x42)) = 0;
				E00007FF87FF887D617C0(_t388, _t543 + 0x80, _t388, _t543 + 0x40); // executed
				if ( *((long long*)(0x20c49ba5e353f7e7)) - 0x10 < 0) goto 0x87d5e6dc;
				 *((long long*)(_t543 + 0xe0)) =  *0xe353f7cf;
				 *((long long*)(_t543 + 0xe8)) =  *((intOrPtr*)(0x20c49ba5e353f7df));
				 *((long long*)(_t543 + 0xf0)) = _t540;
				if ( *((long long*)(0x20c49ba5e353f7e7)) - 0x10 < 0) goto 0x87d5e702;
				 *((long long*)(_t543 + 0x100)) =  *0xe353f7cf;
				 *((long long*)(_t543 + 0x108)) =  *((intOrPtr*)(0x20c49ba5e353f7df));
				if ( *((long long*)(_t572 + 0x18)) - 0x10 < 0) goto 0x87d5e721;
				 *((long long*)(_t543 + 0x110)) =  *_t572;
				 *((long long*)(_t543 + 0x118)) =  *((intOrPtr*)(_t572 + 0x10));
				 *((long long*)(_t543 - 0x70)) = 0x7388e;
				 *((long long*)(_t543 - 0x68)) = _t543 + 0xe0;
				asm("movaps xmm0, [ebp-0x70]");
				asm("movdqa [ebp-0x20], xmm0");
				 *((long long*)(_t543 - 0x60)) = "{}.{:03d} | {:<15} {}";
				 *((long long*)(_t543 - 0x58)) = 0x15;
				E00007FF87FF887D449B0(_t388, _t543 + 0x230, 0xe353f7cf, _t540);
				_t488 =  *0x87d91b18; // 0xb
				_t39 = _t488 + 1; // 0xc
				_t409 =  *0x87d91b08; // 0x10
				if (_t409 - _t39 > 0) goto 0x87d5e7ad;
				_t191 = E00007FF87FF887D5BD30(_t39, _t388, 0x87d91af8, _t488, 0xe353f7cf, _t565, _t572, _t576);
				_t489 =  *0x87d91b18; // 0xb
				_t411 =  *0x87d91b08; // 0x10
				_t412 = _t411 - 1;
				_t338 =  *0x87d91b10; // 0x0
				_t339 = _t338 & _t412;
				 *0x87d91b10 = _t339;
				_t389 = (_t412 & _t339 + _t489) * 8;
				_t341 =  *0x87d91b00; // 0xcf4b20
				if ( *((long long*)(_t341 + _t389)) != 0) goto 0x87d5e7f9;
				E00007FF87FF887D656A8(_t191, _t341, _t412 & _t339 + _t489);
				_t414 =  *0x87d91b00; // 0xcf4b20
				 *((long long*)(_t414 + _t389)) = _t341;
				asm("movups xmm0, [ebp+0x230]");
				asm("movups [eax], xmm0");
				asm("movups xmm1, [ebp+0x240]");
				asm("movups [eax+0x10], xmm1");
				 *0x87d91b18 =  *0x87d91b18 + 1;
				_t490 =  *((intOrPtr*)(_t543 + 0x98));
				if (_t490 - 0x10 < 0) goto 0x87d5e85d;
				if (_t490 + 1 - 0x1000 < 0) goto 0x87d5e858;
				if ( *((intOrPtr*)(_t543 + 0x80)) -  *((intOrPtr*)( *((intOrPtr*)(_t543 + 0x80)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d5e858;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				 *((long long*)(_t543 + 0x90)) = 0xe353f7cf;
				 *((long long*)(_t543 + 0x98)) = 0xf;
				 *((intOrPtr*)(_t543 + 0x80)) = dil;
				_t493 =  *((intOrPtr*)(_t543 + 0x58));
				if (_t493 - 0x10 < 0) goto 0x87d5e8b6;
				if (_t493 + 1 - 0x1000 < 0) goto 0x87d5e8b1;
				if ( *((intOrPtr*)(_t543 + 0x40)) -  *((intOrPtr*)( *((intOrPtr*)(_t543 + 0x40)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d5e8b1;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				if ( *0x87d91b18 - 0xc8 <= 0) goto 0x87d5e967;
				_t496 =  *0x87d91b10; // 0x0
				_t419 =  *0x87d91b08; // 0x10
				_t350 =  *0x87d91b00; // 0xcf4b20
				_t390 =  *((intOrPtr*)(_t350 + (_t419 - 0x00000001 & _t496) * 8));
				_t497 =  *((intOrPtr*)(_t390 + 0x18));
				if (_t497 - 0x10 < 0) goto 0x87d5e922;
				if (_t497 + 1 - 0x1000 < 0) goto 0x87d5e91d;
				_t57 =  *_t390 -  *((intOrPtr*)( *_t390 - 8)) - 8; // 0x7
				_t286 = _t57 - 0x1f;
				if (_t286 > 0) goto 0x87d5e9da;
				E00007FF87FF887D656E4();
				 *((long long*)(_t390 + 0x10)) = 0xe353f7cf;
				 *((long long*)(_t390 + 0x18)) = 0xf;
				 *_t390 = 0;
				_t352 =  *0x87d91b18; // 0xb
				_t353 = _t352 - 1;
				 *0x87d91b18 = _t353;
				if (_t286 != 0) goto 0x87d5e94a;
				goto 0x87d5e954;
				_t501 =  *0x87d91b10; // 0x0
				 *0x87d91b10 = _t501 + 1;
				if (_t353 - 0xc8 > 0) goto 0x87d5e8d0;
				0x87d65436();
				if ( *((intOrPtr*)(_t576 + 0x50)) != 0x3a875d21) goto 0x87d5efe9;
				 *((long long*)(_t543 - 0x10)) = _t576 + 0x48;
				 *((char*)(_t543 - 8)) = 1;
				0x87d654e8();
				E00007FF87FF887D699B0(_t353, _t546 + 0x60, _t501 + 1);
				E00007FF87FF887D68020(_t353, _t390, _t546 + 0x70, _t575);
				 *((intOrPtr*)(_t546 + 0x78)) = 0;
				E00007FF87FF887D680E0(_t353);
				if (_t353 == 0) goto 0x87d5e9e1;
				 *((long long*)(_t353 + 8)) = 0xe353f7cf;
				 *_t353 = 0x87d7d580;
				asm("lock xadd [eax+0x8], ecx");
				goto 0x87d5e9e4;
				__imp___invalid_parameter_noinfo_noreturn();
				 *((long long*)(_t543 - 0x80)) = 0xe353f7cf;
				E00007FF87FF887D6A540(0xe353f7cf, _t543 - 0x78, _t501 + 1);
				r8d =  *0xe353f7cf;
				E00007FF87FF887D61260(E00007FF87FF887D68120(_t390, _t546 + 0x70, _t543, _t540, _t543 - 0x80), _t543 + 0x250,  *((intOrPtr*)(_t546 + 0x48)));
				0x87d52ca0();
				_t506 =  *((intOrPtr*)(0x20c49ba5e353f7df));
				_t552 =  *((intOrPtr*)(0x20c49ba5e353f7e7));
				if (_t552 - _t506 - 1 < 0) goto 0x87d5ea5d;
				 *((long long*)(0x20c49ba5e353f7df)) = _t506 + 1;
				if (_t552 - 0x10 < 0) goto 0x87d5ea55;
				_t357 =  *0xe353f7cf;
				 *((short*)(_t357 + _t506)) = 0x3a;
				goto 0x87d5ea7f;
				 *((long long*)(_t546 + 0x20)) = 1;
				r8d = 0;
				E00007FF87FF887D42190(0xe353f7cf, _t506, 0xe353f7cf, _t543, ":", _t568, _t576 + 0x48, _t571, _t567);
				_t564 = _t357;
				asm("inc ecx");
				asm("movups [ebp+0xc0], xmm0");
				asm("inc ecx");
				asm("movups [ebp+0xd0], xmm1");
				 *((long long*)(_t564 + 0x10)) = 0xe353f7cf;
				 *((long long*)(_t564 + 0x18)) = 0xf;
				 *_t564 = 0;
				E00007FF87FF887D58800(0xe353f7cf, _t543 + 0x60, _t543, _t543 + 0xc0, 0xe353f7cf, _t565);
				E00007FF87FF887D680E0(_t357);
				if (_t357 == 0) goto 0x87d5eb0a;
				 *((intOrPtr*)(_t357 + 8)) = 0;
				asm("movups xmm0, [ebp+0x60]");
				asm("movups [eax+0x10], xmm0");
				asm("movups xmm1, [ebp+0x70]");
				asm("movups [eax+0x20], xmm1");
				 *((long long*)(_t543 + 0x70)) = 0xe353f7cf;
				 *((long long*)(_t543 + 0x78)) = 0xf;
				 *((char*)(_t543 + 0x60)) = 0;
				 *_t357 = 0x87d7d508;
				asm("lock xadd [ecx+0x8], eax");
				goto 0x87d5eb0d;
				 *((long long*)(_t546 + 0x50)) = 0xe353f7cf;
				r8d = E00007FF87FF887D677F0(_t269, _t357, _t357, 0xe353f7cf, "FileName", _t506, _t543 + 0xc0, 0xe353f7cf);
				E00007FF87FF887D68120(0xe353f7cf, _t546 + 0x70, _t543 + 0x10, _t540, _t546 + 0x50);
				_t358 =  *((intOrPtr*)(_t546 + 0x50));
				if (_t358 == 0) goto 0x87d5eb6c;
				asm("lock xadd [edx], eax");
				if (0xffffffff != 1) goto 0x87d5eb6c;
				_t443 =  ==  ? 0xe353f7cf : _t358 + 8 - 8;
				if (_t443 == 0) goto 0x87d5eb6c;
				 *((intOrPtr*)( *_t443))();
				_t509 =  *((intOrPtr*)(_t543 + 0x78));
				if (_t509 - 0x10 < 0) goto 0x87d5ebab;
				if (_t509 + 1 - 0x1000 < 0) goto 0x87d5eba5;
				if ( *((intOrPtr*)(_t543 + 0x60)) -  *((intOrPtr*)( *((intOrPtr*)(_t543 + 0x60)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d5eba5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_t512 =  *((intOrPtr*)(_t543 + 0xd8));
				if (_t512 - 0x10 < 0) goto 0x87d5ebf0;
				if (_t512 + 1 - 0x1000 < 0) goto 0x87d5ebea;
				if ( *((intOrPtr*)(_t543 + 0xc0)) -  *((intOrPtr*)( *((intOrPtr*)(_t543 + 0xc0)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d5ebea;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_t515 =  *((intOrPtr*)(_t543 + 0xb8));
				if (_t515 - 0x10 < 0) goto 0x87d5ec34;
				if (_t515 + 1 - 0x1000 < 0) goto 0x87d5ec2f;
				if ( *((intOrPtr*)(_t543 + 0xa0)) -  *((intOrPtr*)( *((intOrPtr*)(_t543 + 0xa0)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d5ec2f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				 *((long long*)(_t543 + 0xb0)) = 0xe353f7cf;
				 *((long long*)(_t543 + 0xb8)) = 0xf;
				 *((char*)(_t543 + 0xa0)) = 0;
				_t518 =  *((intOrPtr*)(_t543 + 0x268));
				if (_t518 - 0x10 < 0) goto 0x87d5ec91;
				_t450 =  *((intOrPtr*)(_t543 + 0x250));
				if (_t518 + 1 - 0x1000 < 0) goto 0x87d5ec8c;
				_t451 =  *((intOrPtr*)(_t450 - 8));
				if (_t450 - _t451 + 0xfffffff8 - 0x1f <= 0) goto 0x87d5ec8c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_t372 =  *[gs:0x58];
				_t521 =  *((intOrPtr*)(_t372 + _t451 * 8));
				_t215 =  *(_t451 + _t521);
				if ((_t215 & 0x00000001) != 0) goto 0x87d5eccd;
				 *(_t451 + _t521) = _t215 | 0x00000001;
				asm("lock dec eax");
				 *((long long*)(_t521 + 0xe353f7cf)) = _t372;
				E00007FF87FF887D680E0(_t372);
				if (_t372 == 0) goto 0x87d5ecfd;
				 *((intOrPtr*)(_t372 + 8)) = 0;
				 *((long long*)(_t372 + 0x10)) =  *((intOrPtr*)(_t521 + 0xe353f7cf));
				 *_t372 = 0x87d7d4a8;
				asm("lock xadd [eax+0x8], ecx");
				goto 0x87d5ed00;
				 *((long long*)(_t546 + 0x58)) = 0xe353f7cf;
				r8d = E00007FF87FF887D677F0(0xffffffff, _t372, 0xe353f7cf,  *((intOrPtr*)(_t521 + 0xe353f7cf)), "ThreadId", _t521, _t543 + 0xc0, _t546 + 0x50);
				E00007FF87FF887D68120( *((intOrPtr*)(_t521 + 0xe353f7cf)), _t546 + 0x70, _t543 + 0x20, _t540, _t546 + 0x58);
				_t374 =  *((intOrPtr*)(_t546 + 0x58));
				if (_t374 == 0) goto 0x87d5ed5b;
				asm("lock xadd [edx], eax");
				if (0xffffffff != 1) goto 0x87d5ed5b;
				_t456 =  ==  ? 0xe353f7cf : _t374 + 8 - 8;
				if (_t456 == 0) goto 0x87d5ed5b;
				_t375 =  *_t456;
				 *_t375();
				E00007FF87FF887D5D640( *((intOrPtr*)(_t521 + 0xe353f7cf)), _t456, _t543 + 0xc0);
				_t536 = _t375;
				E00007FF87FF887D680E0(_t375);
				_t393 = _t375;
				 *((long long*)(_t546 + 0x40)) = _t375;
				if (_t375 == 0) goto 0x87d5ed9c;
				 *((intOrPtr*)(_t393 + 8)) = 0;
				 *_t393 = 0x87d7d4d8;
				_t132 = _t393 + 0x10; // 0x10
				E00007FF87FF887D4D4C0(0x87d7d4d8, _t393, _t132, _t536, _t540);
				 *_t393 = 0x87d7d508;
				goto 0x87d5eda0;
				if (_t393 == 0) goto 0x87d5edaf;
				asm("lock xadd [ebx+0x8], eax");
				 *((long long*)(_t546 + 0x48)) = _t393;
				r8d = E00007FF87FF887D677F0(0xffffffff, _t393, 0x87d7d4d8, _t393, "Scope", _t536, _t543 + 0xc0, _t546 + 0x58);
				E00007FF87FF887D68120(_t393, _t546 + 0x70, _t543 + 0x30, _t540, _t546 + 0x48);
				_t377 =  *((intOrPtr*)(_t546 + 0x48));
				if (_t377 == 0) goto 0x87d5ee0a;
				asm("lock xadd [edx], esi");
				_t139 = _t540 - 1; // 0xfffffffe
				if (_t139 != 0) goto 0x87d5ee0a;
				_t461 =  ==  ? _t536 : _t377 + 8 - 8;
				if (_t461 == 0) goto 0x87d5ee0a;
				_t378 =  *_t461;
				 *_t378();
				if (E00007FF87FF887D69AC0( *((intOrPtr*)(_t546 + 0x60))) == 0) goto 0x87d5ee3b;
				E00007FF87FF887D6A9D0(0x30, 1, _t393, _t377 + 8);
				 *_t378 = r12d;
				_t234 = E00007FF87FF887D69C80(_t378,  *((intOrPtr*)(_t546 + 0x60)), _t546 + 0x38);
				goto 0x87d5ee43;
				_t465 = _t536;
				 *((long long*)(_t546 + 0x38)) = _t465;
				_t322 = _t465;
				if (_t322 == 0) goto 0x87d5efc7;
				__imp__??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ();
				 *((long long*)(_t543 + 0x120)) = 0x87d7d350;
				 *((long long*)(_t543 + 0x188)) = _t536;
				 *((long long*)(_t543 + 0x190)) = _t536;
				 *((char*)(_t543 + 0x198)) = 0;
				 *((long long*)( *((intOrPtr*)(_t543 + 0x140)))) = _t543 + 0x1a0;
				 *((long long*)( *((intOrPtr*)(_t543 + 0x160)))) = _t543 + 0x1a0;
				 *((intOrPtr*)( *((intOrPtr*)(_t543 + 0x178)))) = 0 - _t234 + 0x90;
				r9d = 1;
				r8d = 0;
				__imp__??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z();
				E00007FF87FF887D5E130(_t234, _t543 + 0x120, _t543 + 0x120);
				 *((long long*)(_t543 + 0x220)) = _t546 + 0x38;
				E00007FF87FF887D6DC80(0 - _t234 + 0x90, 0, 0xffffffff, _t322, _t543 + 0x120, _t543 + 0x120, _t540, _t564);
				r12d = r12d - 3;
				if (_t322 == 0) goto 0x87d5ef30;
				r12d = r12d - 1;
				if (_t322 == 0) goto 0x87d5ef21;
				if (r12d != 1) goto 0x87d5ef49;
				r8d = _t565 + 0xb;
				goto 0x87d5ef3d;
				r8d = 0xc;
				goto 0x87d5ef3d;
				r8d = 0xa;
				E00007FF87FF887D5D2C0(_t543 + 0x120, _t543 + 0x120, "!WARNING! ", _t536, _t540, _t543, _t546 + 0x70, _t565, _t534);
				if ( *((long long*)(_t572 + 0x18)) - 0x10 < 0) goto 0x87d5ef57;
				E00007FF87FF887D5D2C0(_t543 + 0x120, _t543 + 0x120,  *_t572, _t536, _t540, _t543,  *((intOrPtr*)(_t572 + 0x10)), _t538, _t542);
				__imp__?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ();
				E00007FF87FF887D69CA0(_t546 + 0x38,  *((intOrPtr*)(_t546 + 0x60)), _t546 + 0x38, _t546 + 0x48); // executed
				E00007FF87FF887D6DC10(_t543 + 0x120, _t546 + 0x38,  *((intOrPtr*)(_t572 + 0x10)));
				if ( *((long long*)(_t543 + 0x188)) == 0) goto 0x87d5efa7;
				__imp__?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ();
				__imp__??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ();
				__imp__??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ();
				if ( *((intOrPtr*)(_t546 + 0x38)) == 0) goto 0x87d5efd6;
				E00007FF87FF887D697F0( *((intOrPtr*)(_t546 + 0x38)));
				 *((long long*)(_t546 + 0x38)) = _t536;
				_t242 = E00007FF87FF887D5A280(_t546 + 0x38, _t543 + 0x120, _t546 + 0x60);
				0x87d654f8();
				return E00007FF87FF887D65E20(_t242, 0x30,  *(_t543 + 0x270) ^ _t546);
			}











































































                                                            0x7ff887d5e600
                                                            0x7ff887d5e610
                                                            0x7ff887d5e618
                                                            0x7ff887d5e61f
                                                            0x7ff887d5e629
                                                            0x7ff887d5e630
                                                            0x7ff887d5e635
                                                            0x7ff887d5e638
                                                            0x7ff887d5e63b
                                                            0x7ff887d5e63e
                                                            0x7ff887d5e64c
                                                            0x7ff887d5e653
                                                            0x7ff887d5e65a
                                                            0x7ff887d5e660
                                                            0x7ff887d5e683
                                                            0x7ff887d5e68d
                                                            0x7ff887d5e690
                                                            0x7ff887d5e69a
                                                            0x7ff887d5e69e
                                                            0x7ff887d5e6a6
                                                            0x7ff887d5e6b3
                                                            0x7ff887d5e6b7
                                                            0x7ff887d5e6c9
                                                            0x7ff887d5e6d7
                                                            0x7ff887d5e6e0
                                                            0x7ff887d5e6e7
                                                            0x7ff887d5e6ee
                                                            0x7ff887d5e6fd
                                                            0x7ff887d5e706
                                                            0x7ff887d5e70d
                                                            0x7ff887d5e71c
                                                            0x7ff887d5e725
                                                            0x7ff887d5e72c
                                                            0x7ff887d5e733
                                                            0x7ff887d5e742
                                                            0x7ff887d5e746
                                                            0x7ff887d5e74a
                                                            0x7ff887d5e756
                                                            0x7ff887d5e75a
                                                            0x7ff887d5e771
                                                            0x7ff887d5e777
                                                            0x7ff887d5e77e
                                                            0x7ff887d5e782
                                                            0x7ff887d5e78c
                                                            0x7ff887d5e79a
                                                            0x7ff887d5e79f
                                                            0x7ff887d5e7a6
                                                            0x7ff887d5e7ad
                                                            0x7ff887d5e7b0
                                                            0x7ff887d5e7b7
                                                            0x7ff887d5e7ba
                                                            0x7ff887d5e7c7
                                                            0x7ff887d5e7cf
                                                            0x7ff887d5e7db
                                                            0x7ff887d5e7e2
                                                            0x7ff887d5e7e7
                                                            0x7ff887d5e7ee
                                                            0x7ff887d5e7fd
                                                            0x7ff887d5e804
                                                            0x7ff887d5e807
                                                            0x7ff887d5e80e
                                                            0x7ff887d5e812
                                                            0x7ff887d5e819
                                                            0x7ff887d5e824
                                                            0x7ff887d5e83a
                                                            0x7ff887d5e84f
                                                            0x7ff887d5e851
                                                            0x7ff887d5e857
                                                            0x7ff887d5e858
                                                            0x7ff887d5e85f
                                                            0x7ff887d5e866
                                                            0x7ff887d5e871
                                                            0x7ff887d5e878
                                                            0x7ff887d5e880
                                                            0x7ff887d5e893
                                                            0x7ff887d5e8a8
                                                            0x7ff887d5e8aa
                                                            0x7ff887d5e8b0
                                                            0x7ff887d5e8b1
                                                            0x7ff887d5e8c1
                                                            0x7ff887d5e8c7
                                                            0x7ff887d5e8d0
                                                            0x7ff887d5e8dd
                                                            0x7ff887d5e8e4
                                                            0x7ff887d5e8e8
                                                            0x7ff887d5e8f0
                                                            0x7ff887d5e8ff
                                                            0x7ff887d5e90c
                                                            0x7ff887d5e910
                                                            0x7ff887d5e914
                                                            0x7ff887d5e91d
                                                            0x7ff887d5e922
                                                            0x7ff887d5e926
                                                            0x7ff887d5e92e
                                                            0x7ff887d5e931
                                                            0x7ff887d5e938
                                                            0x7ff887d5e93c
                                                            0x7ff887d5e943
                                                            0x7ff887d5e948
                                                            0x7ff887d5e94a
                                                            0x7ff887d5e954
                                                            0x7ff887d5e961
                                                            0x7ff887d5e96e
                                                            0x7ff887d5e97c
                                                            0x7ff887d5e986
                                                            0x7ff887d5e98a
                                                            0x7ff887d5e991
                                                            0x7ff887d5e99c
                                                            0x7ff887d5e9a7
                                                            0x7ff887d5e9ad
                                                            0x7ff887d5e9b6
                                                            0x7ff887d5e9be
                                                            0x7ff887d5e9c0
                                                            0x7ff887d5e9cb
                                                            0x7ff887d5e9d3
                                                            0x7ff887d5e9d8
                                                            0x7ff887d5e9da
                                                            0x7ff887d5e9e4
                                                            0x7ff887d5e9ec
                                                            0x7ff887d5e9f5
                                                            0x7ff887d5ea13
                                                            0x7ff887d5ea25
                                                            0x7ff887d5ea2d
                                                            0x7ff887d5ea31
                                                            0x7ff887d5ea3f
                                                            0x7ff887d5ea45
                                                            0x7ff887d5ea50
                                                            0x7ff887d5ea52
                                                            0x7ff887d5ea55
                                                            0x7ff887d5ea5b
                                                            0x7ff887d5ea5d
                                                            0x7ff887d5ea6d
                                                            0x7ff887d5ea77
                                                            0x7ff887d5ea7c
                                                            0x7ff887d5ea7f
                                                            0x7ff887d5ea83
                                                            0x7ff887d5ea8a
                                                            0x7ff887d5ea8f
                                                            0x7ff887d5ea96
                                                            0x7ff887d5ea9a
                                                            0x7ff887d5eaa2
                                                            0x7ff887d5eab9
                                                            0x7ff887d5eac4
                                                            0x7ff887d5ead6
                                                            0x7ff887d5ead8
                                                            0x7ff887d5eadb
                                                            0x7ff887d5eadf
                                                            0x7ff887d5eae3
                                                            0x7ff887d5eae7
                                                            0x7ff887d5eaeb
                                                            0x7ff887d5eaef
                                                            0x7ff887d5eaf7
                                                            0x7ff887d5eafb
                                                            0x7ff887d5eb03
                                                            0x7ff887d5eb08
                                                            0x7ff887d5eb0d
                                                            0x7ff887d5eb23
                                                            0x7ff887d5eb2f
                                                            0x7ff887d5eb3a
                                                            0x7ff887d5eb42
                                                            0x7ff887d5eb4a
                                                            0x7ff887d5eb51
                                                            0x7ff887d5eb5a
                                                            0x7ff887d5eb61
                                                            0x7ff887d5eb69
                                                            0x7ff887d5eb6c
                                                            0x7ff887d5eb74
                                                            0x7ff887d5eb87
                                                            0x7ff887d5eb9c
                                                            0x7ff887d5eb9e
                                                            0x7ff887d5eba4
                                                            0x7ff887d5eba5
                                                            0x7ff887d5ebab
                                                            0x7ff887d5ebb6
                                                            0x7ff887d5ebcc
                                                            0x7ff887d5ebe1
                                                            0x7ff887d5ebe3
                                                            0x7ff887d5ebe9
                                                            0x7ff887d5ebea
                                                            0x7ff887d5ebf0
                                                            0x7ff887d5ebfb
                                                            0x7ff887d5ec11
                                                            0x7ff887d5ec26
                                                            0x7ff887d5ec28
                                                            0x7ff887d5ec2e
                                                            0x7ff887d5ec2f
                                                            0x7ff887d5ec34
                                                            0x7ff887d5ec3b
                                                            0x7ff887d5ec46
                                                            0x7ff887d5ec4d
                                                            0x7ff887d5ec58
                                                            0x7ff887d5ec5d
                                                            0x7ff887d5ec6e
                                                            0x7ff887d5ec74
                                                            0x7ff887d5ec83
                                                            0x7ff887d5ec85
                                                            0x7ff887d5ec8b
                                                            0x7ff887d5ec8c
                                                            0x7ff887d5ec97
                                                            0x7ff887d5eca0
                                                            0x7ff887d5eca9
                                                            0x7ff887d5ecb3
                                                            0x7ff887d5ecb8
                                                            0x7ff887d5ecc0
                                                            0x7ff887d5ecc9
                                                            0x7ff887d5ecd6
                                                            0x7ff887d5ecde
                                                            0x7ff887d5ece0
                                                            0x7ff887d5ece3
                                                            0x7ff887d5ecee
                                                            0x7ff887d5ecf6
                                                            0x7ff887d5ecfb
                                                            0x7ff887d5ed00
                                                            0x7ff887d5ed16
                                                            0x7ff887d5ed22
                                                            0x7ff887d5ed28
                                                            0x7ff887d5ed30
                                                            0x7ff887d5ed38
                                                            0x7ff887d5ed3f
                                                            0x7ff887d5ed48
                                                            0x7ff887d5ed4f
                                                            0x7ff887d5ed51
                                                            0x7ff887d5ed59
                                                            0x7ff887d5ed5b
                                                            0x7ff887d5ed60
                                                            0x7ff887d5ed68
                                                            0x7ff887d5ed6d
                                                            0x7ff887d5ed70
                                                            0x7ff887d5ed78
                                                            0x7ff887d5ed7c
                                                            0x7ff887d5ed86
                                                            0x7ff887d5ed89
                                                            0x7ff887d5ed90
                                                            0x7ff887d5ed95
                                                            0x7ff887d5ed9a
                                                            0x7ff887d5eda3
                                                            0x7ff887d5edaa
                                                            0x7ff887d5edaf
                                                            0x7ff887d5edc5
                                                            0x7ff887d5edd1
                                                            0x7ff887d5edd7
                                                            0x7ff887d5eddf
                                                            0x7ff887d5ede5
                                                            0x7ff887d5ede9
                                                            0x7ff887d5edee
                                                            0x7ff887d5edf7
                                                            0x7ff887d5edfe
                                                            0x7ff887d5ee00
                                                            0x7ff887d5ee08
                                                            0x7ff887d5ee16
                                                            0x7ff887d5ee18
                                                            0x7ff887d5ee1d
                                                            0x7ff887d5ee2f
                                                            0x7ff887d5ee39
                                                            0x7ff887d5ee3b
                                                            0x7ff887d5ee3e
                                                            0x7ff887d5ee43
                                                            0x7ff887d5ee46
                                                            0x7ff887d5ee5a
                                                            0x7ff887d5ee67
                                                            0x7ff887d5ee6e
                                                            0x7ff887d5ee75
                                                            0x7ff887d5ee7c
                                                            0x7ff887d5ee91
                                                            0x7ff887d5eea2
                                                            0x7ff887d5eebb
                                                            0x7ff887d5eebd
                                                            0x7ff887d5eec3
                                                            0x7ff887d5eed4
                                                            0x7ff887d5eee2
                                                            0x7ff887d5eeed
                                                            0x7ff887d5eefb
                                                            0x7ff887d5ef01
                                                            0x7ff887d5ef05
                                                            0x7ff887d5ef07
                                                            0x7ff887d5ef0b
                                                            0x7ff887d5ef11
                                                            0x7ff887d5ef13
                                                            0x7ff887d5ef1f
                                                            0x7ff887d5ef21
                                                            0x7ff887d5ef2e
                                                            0x7ff887d5ef30
                                                            0x7ff887d5ef44
                                                            0x7ff887d5ef52
                                                            0x7ff887d5ef61
                                                            0x7ff887d5ef6d
                                                            0x7ff887d5ef7d
                                                            0x7ff887d5ef8a
                                                            0x7ff887d5ef98
                                                            0x7ff887d5efa1
                                                            0x7ff887d5efae
                                                            0x7ff887d5efbb
                                                            0x7ff887d5efca
                                                            0x7ff887d5efcc
                                                            0x7ff887d5efd1
                                                            0x7ff887d5efdb
                                                            0x7ff887d5efe4
                                                            0x7ff887d5f012

                                                            APIs
                                                            • strerror.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D5F02C
                                                              • Part of subcall function 00007FF887D5D640: __tlregdtor.LIBCMT ref: 00007FF887D5D690
                                                              • Part of subcall function 00007FF887D617C0: _localtime64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF887D617F4
                                                              • Part of subcall function 00007FF887D617C0: strftime.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF887D6182E
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D5E851
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D5E8AA
                                                            • _Mtx_unlock.MSVCP140 ref: 00007FF887D5E96E
                                                            • AcquireSRWLockShared.KERNEL32 ref: 00007FF887D5E991
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D5E9DA
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D5EB9E
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D5EBE3
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D5EC28
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D5EC85
                                                            • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF887D5EE5A
                                                            • ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF887D5EED4
                                                            • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF887D5EF6D
                                                            • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF887D5EFA1
                                                            • ??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF887D5EFAE
                                                            • ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF887D5EFBB
                                                            • ReleaseSRWLockShared.KERNEL32 ref: 00007FF887D5EFE4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: U?$char_traits@_invalid_parameter_noinfo_noreturn$D@std@@@std@@$?flush@?$basic_ostream@LockSharedV12@$??0?$basic_ostream@??0?$basic_streambuf@??1?$basic_streambuf@AcquireD?$basic_ostream@D@std@@@1@_Mtx_unlockReleaseV?$basic_streambuf@__tlregdtor_localtime64strerrorstrftime
                                                            • String ID: !!!ERROR!!! $!!!FATAL!!! $!WARNING! $FileName$Scope$ThreadId$Unknown error${}.{:03d} | {:<15} {}
                                                            • API String ID: 1873823629-45781566
                                                            • Opcode ID: d6b5294e0b4a771fc1879de6181a7980b9e4594efd536c7ad5e602cac746ba68
                                                            • Instruction ID: 5134cce55d4e07b906db564d9f5c2732e05cb4050309d4c49d2e0949951ba938
                                                            • Opcode Fuzzy Hash: d6b5294e0b4a771fc1879de6181a7980b9e4594efd536c7ad5e602cac746ba68
                                                            • Instruction Fuzzy Hash: 5E527B72A49B8686EB10DF25D8553AD23B1FB44BD8F404232DA5E4B7A9EF3CE584C340
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D4F010 Relevance: 35.4, APIs: 14, Strings: 6, Instructions: 426COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 201 7ff887d4f010-7ff887d4f076 202 7ff887d4f078-7ff887d4f080 memset 201->202 203 7ff887d4f085-7ff887d4f08b 201->203 202->203 204 7ff887d4f66c-7ff887d4f6a0 call 7ff887d4c8d0 call 7ff887d4d750 _CxxThrowException 203->204 205 7ff887d4f091-7ff887d4f0a4 _Mtx_lock 203->205 208 7ff887d4f6a1-7ff887d4f6a8 ?_Throw_C_error@std@@YAXH@Z 204->208 207 7ff887d4f0aa-7ff887d4f0b8 205->207 205->208 210 7ff887d4f0ba-7ff887d4f0c7 207->210 211 7ff887d4f0f7-7ff887d4f11d call 7ff887d4cd20 207->211 214 7ff887d4f0d0-7ff887d4f0eb call 7ff887d4fb10 210->214 219 7ff887d4f634-7ff887d4f66b call 7ff887d4ca90 call 7ff887d4d5e0 _CxxThrowException 211->219 220 7ff887d4f123-7ff887d4f137 211->220 221 7ff887d4f0ed-7ff887d4f0f2 214->221 219->204 223 7ff887d4f13d 220->223 224 7ff887d4f5c7-7ff887d4f5fb _Mtx_unlock call 7ff887d65e20 220->224 221->211 227 7ff887d4f140-7ff887d4f16f call 7ff887d4d4c0 call 7ff887d53ff0 223->227 235 7ff887d4f171-7ff887d4f182 227->235 236 7ff887d4f1a2-7ff887d4f1c7 227->236 239 7ff887d4f19d call 7ff887d656e4 235->239 240 7ff887d4f184-7ff887d4f197 235->240 237 7ff887d4f1cc-7ff887d4f1ea call 7ff887d53ff0 236->237 238 7ff887d4f1c9 236->238 246 7ff887d4f1ec 237->246 247 7ff887d4f1ef-7ff887d4f20b call 7ff887d53ff0 237->247 238->237 239->236 240->239 242 7ff887d4f5fc-7ff887d4f602 _invalid_parameter_noinfo_noreturn 240->242 245 7ff887d4f603-7ff887d4f609 _invalid_parameter_noinfo_noreturn 242->245 248 7ff887d4f60a-7ff887d4f610 _invalid_parameter_noinfo_noreturn 245->248 246->247 253 7ff887d4f414-7ff887d4f435 247->253 254 7ff887d4f211-7ff887d4f214 247->254 250 7ff887d4f611-7ff887d4f617 _invalid_parameter_noinfo_noreturn 248->250 252 7ff887d4f618-7ff887d4f61e _invalid_parameter_noinfo_noreturn 250->252 255 7ff887d4f61f-7ff887d4f625 _invalid_parameter_noinfo_noreturn 252->255 256 7ff887d4f440-7ff887d4f44e 253->256 257 7ff887d4f21a-7ff887d4f23d 254->257 258 7ff887d4f4d4 254->258 259 7ff887d4f626-7ff887d4f62c _invalid_parameter_noinfo_noreturn 255->259 256->256 261 7ff887d4f450-7ff887d4f48f call 7ff887d54280 call 7ff887d45600 256->261 262 7ff887d4f240-7ff887d4f24e 257->262 260 7ff887d4f4d7-7ff887d4f4df 258->260 263 7ff887d4f62d-7ff887d4f633 _invalid_parameter_noinfo_noreturn 259->263 264 7ff887d4f517-7ff887d4f530 260->264 265 7ff887d4f4e1-7ff887d4f4f7 260->265 284 7ff887d4f494-7ff887d4f49d 261->284 262->262 267 7ff887d4f250-7ff887d4f26e 262->267 263->219 270 7ff887d4f568-7ff887d4f581 264->270 271 7ff887d4f532-7ff887d4f548 264->271 268 7ff887d4f4f9-7ff887d4f50c 265->268 269 7ff887d4f512 call 7ff887d656e4 265->269 273 7ff887d4f270-7ff887d4f27e 267->273 268->255 268->269 269->264 274 7ff887d4f5b6-7ff887d4f5c1 270->274 275 7ff887d4f583-7ff887d4f59a 270->275 277 7ff887d4f54a-7ff887d4f55d 271->277 278 7ff887d4f563 call 7ff887d656e4 271->278 273->273 280 7ff887d4f280-7ff887d4f29d 273->280 274->224 274->227 281 7ff887d4f59c-7ff887d4f5af 275->281 282 7ff887d4f5b1 call 7ff887d656e4 275->282 277->259 277->278 278->270 285 7ff887d4f2a0-7ff887d4f2ae 280->285 281->263 281->282 282->274 288 7ff887d4f49f-7ff887d4f4b0 284->288 289 7ff887d4f4d0 284->289 285->285 286 7ff887d4f2b0-7ff887d4f33f call 7ff887d54280 * 3 call 7ff887d4cec0 285->286 301 7ff887d4f341-7ff887d4f352 286->301 302 7ff887d4f372-7ff887d4f38d 286->302 290 7ff887d4f4cb call 7ff887d656e4 288->290 291 7ff887d4f4b2-7ff887d4f4c5 288->291 289->258 290->289 291->252 291->290 303 7ff887d4f36d call 7ff887d656e4 301->303 304 7ff887d4f354-7ff887d4f367 301->304 305 7ff887d4f38f-7ff887d4f3a0 302->305 306 7ff887d4f3c0-7ff887d4f3d8 302->306 303->302 304->245 304->303 310 7ff887d4f3bb call 7ff887d656e4 305->310 311 7ff887d4f3a2-7ff887d4f3b5 305->311 307 7ff887d4f3da-7ff887d4f3eb 306->307 308 7ff887d4f40b-7ff887d4f40f 306->308 313 7ff887d4f3ed-7ff887d4f400 307->313 314 7ff887d4f406 call 7ff887d656e4 307->314 308->260 310->306 311->248 311->310 313->250 313->314 314->308
                                                            C-Code - Quality: 50%
                                                            			E00007FF87FF887D4F010(intOrPtr __esi, long long __rbx, long long __rcx, long long __r9) {
				void* __rsi;
				void* __rbp;
				void* _t141;
				signed int _t152;
				signed int _t153;
				signed int _t162;
				intOrPtr _t171;
				signed int _t176;
				void* _t180;
				void* _t195;
				signed long long _t232;
				intOrPtr* _t235;
				signed long long _t238;
				signed short* _t243;
				long long _t256;
				intOrPtr* _t273;
				intOrPtr* _t275;
				signed short* _t289;
				signed short* _t292;
				signed short* _t304;
				intOrPtr _t323;
				intOrPtr _t343;
				intOrPtr _t346;
				intOrPtr _t349;
				intOrPtr _t357;
				signed long long _t360;
				signed long long _t363;
				signed long long _t366;
				void* _t369;
				void* _t372;
				intOrPtr _t374;
				long long _t375;
				long long _t376;
				long long _t377;
				long long _t378;
				void* _t380;
				intOrPtr* _t381;
				void* _t383;
				signed long long _t384;
				void* _t391;
				int _t393;
				intOrPtr* _t395;
				intOrPtr _t396;
				int _t398;
				long long _t399;
				void* _t401;
				long long* _t404;
				long long* _t405;

				 *((long long*)(_t383 + 0x10)) = __rbx;
				_t381 = _t383 - 0x30;
				_t384 = _t383 - 0x130;
				_t232 =  *0x87d8ec78; // 0x522936145607
				 *(_t381 + 0x28) = _t232 ^ _t384;
				 *((long long*)(_t384 + 0x48)) = __r9;
				_t171 = r8d;
				 *((intOrPtr*)(_t384 + 0x40)) = _t171;
				 *((long long*)(_t384 + 0x58)) = __rcx;
				 *((intOrPtr*)(_t384 + 0x50)) = _t171;
				 *((long long*)(_t384 + 0x60)) =  *((intOrPtr*)(_t381 + 0x90));
				_t399 =  *((intOrPtr*)(_t381 + 0x98));
				r12d = __esi;
				r12d = r12d - r9d;
				 *((intOrPtr*)(_t384 + 0x44)) = r12d;
				if (r12d <= 0) goto 0x87d4f085;
				memset(_t401, _t398, _t393);
				_t141 = __rbx - 1;
				if (_t141 - 1 > 0) goto 0x87d4f66c;
				 *((long long*)(_t384 + 0x50)) = __rcx + 0x70;
				0x87d65430(_t391, _t369, _t372, _t380);
				if (_t141 != 0) goto 0x87d4f6a1;
				 *_t399 = _t141;
				_t395 =  *((intOrPtr*)(__rcx + 0x60));
				_t273 =  *_t395;
				if (_t273 == _t395) goto 0x87d4f0f7;
				asm("o16 nop [eax+eax]");
				r8d =  *((intOrPtr*)(_t384 + 0x40));
				 *_t399 =  *_t399 + E00007FF87FF887D4FB10(_t273 - _t395,  *((intOrPtr*)(_t384 + 0x58)), _t273 + 0x10);
				if ( *_t273 != _t395) goto 0x87d4f0d0;
				_t374 =  *((intOrPtr*)(_t384 + 0x60));
				_t404 =  *((intOrPtr*)(_t384 + 0x48));
				 *((long long*)(_t384 + 0x20)) = _t399;
				r8d = 0x122;
				E00007FF87FF887D4CD20(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", _t381, "size needed is {}"); // executed
				if (r12d -  *_t399 < 0) goto 0x87d4f634;
				_t396 =  *((intOrPtr*)(_t384 + 0x58));
				_t235 =  *((intOrPtr*)(_t396 + 0x60));
				 *((long long*)(_t384 + 0x48)) = _t235;
				_t275 =  *_t235;
				if (_t275 == _t235) goto 0x87d4f5c7;
				r14d = 0;
				E00007FF87FF887D4D4C0(_t235, _t275, _t381 - 0x78,  *((intOrPtr*)(_t275 + 0x10)), _t374);
				_t322 =  >=  ?  *((void*)(_t381 - 0x78)) : _t381 - 0x78;
				E00007FF87FF887D53FF0(_t171, _t275, _t384 + 0x68,  >=  ?  *((void*)(_t381 - 0x78)) : _t381 - 0x78, _t374, _t381);
				_t323 =  *((intOrPtr*)(_t381 - 0x60));
				if (_t323 - 0x10 < 0) goto 0x87d4f1a2;
				if (_t323 + 1 - 0x1000 < 0) goto 0x87d4f19d;
				_t238 =  *((intOrPtr*)(_t381 - 0x78)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x78)) - 8)) + 0xfffffff8;
				if (_t238 - 0x1f > 0) goto 0x87d4f5fc;
				E00007FF87FF887D656E4();
				 *((long long*)(_t381 - 0x68)) = _t399;
				 *((long long*)(_t381 - 0x60)) = 0xf;
				 *((char*)(_t381 - 0x78)) = 0;
				r12d = 2 + _t238 * 2;
				if ( *((long long*)(_t396 + 0x38)) - 0x10 < 0) goto 0x87d4f1cc;
				E00007FF87FF887D53FF0(_t171, _t275, _t381 - 0x38,  *((intOrPtr*)(_t396 + 0x20)), _t374, _t381);
				r14d = 2 + _t238 * 2;
				_t195 =  *((long long*)(_t396 + 0x58)) - 0x10;
				if (_t195 < 0) goto 0x87d4f1ef;
				E00007FF87FF887D53FF0(_t171, _t275, _t381 - 0x58,  *((intOrPtr*)(_t396 + 0x40)), _t374, _t381);
				r8d = 2 + _t238 * 2;
				if (_t195 == 0) goto 0x87d4f414;
				if ( *((intOrPtr*)(_t384 + 0x40)) - 1 != 1) goto 0x87d4f4d4;
				asm("xorps xmm0, xmm0");
				asm("inc ecx");
				asm("inc ecx");
				_t375 = _t374 - r14d;
				_t289 =  >=  ?  *((void*)(_t381 - 0x38)) : _t381 - 0x38;
				_t152 =  *_t289 & 0x0000ffff;
				 *(_t289 + _t375 - _t289) = _t152;
				if (_t152 != 0) goto 0x87d4f240;
				 *((long long*)(_t404 + 8)) = _t375;
				_t376 = _t375 - r8d;
				_t292 =  >=  ?  *((void*)(_t381 - 0x58)) : _t381 - 0x58;
				_t153 =  *_t292 & 0x0000ffff;
				 *(_t292 + _t376 - _t292) = _t153;
				if (_t153 != 0) goto 0x87d4f270;
				 *((long long*)(_t404 + 0x10)) = _t376;
				_t377 = _t376 - r12d;
				_t243 =  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68;
				_t176 =  *_t243 & 0x0000ffff;
				 *(_t243 + _t377 - _t243) = _t176;
				if (_t176 != 0) goto 0x87d4f2a0;
				 *_t404 = _t377;
				_t337 =  >=  ?  *((void*)(_t381 - 0x58)) : _t381 - 0x58;
				E00007FF87FF887D54280(_t180, _t275, _t381 - 0x18,  >=  ?  *((void*)(_t381 - 0x58)) : _t381 - 0x58, _t377, _t381);
				_t339 =  >=  ?  *((void*)(_t381 - 0x38)) : _t381 - 0x38;
				E00007FF87FF887D54280(_t180, _t275, _t381 + 8,  >=  ?  *((void*)(_t381 - 0x38)) : _t381 - 0x38, _t377, _t381);
				_t341 =  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68;
				E00007FF87FF887D54280(_t180, _t275, _t381 - 0x78,  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68, _t377, _t381);
				 *((long long*)(_t384 + 0x30)) = _t381 - 0x18;
				 *((long long*)(_t384 + 0x28)) = _t381 + 8;
				 *((long long*)(_t384 + 0x20)) = _t381 - 0x78;
				r8d = 0x145;
				E00007FF87FF887D4CEC0(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", _t381, "copy port \'{}\', \'{}\', \'{}\'");
				_t343 =  *((intOrPtr*)(_t381 - 0x60));
				if (_t343 - 0x10 < 0) goto 0x87d4f372;
				if (_t343 + 1 - 0x1000 < 0) goto 0x87d4f36d;
				if ( *((intOrPtr*)(_t381 - 0x78)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x78)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87d4f603;
				E00007FF87FF887D656E4();
				r14d = 0;
				 *((long long*)(_t381 - 0x68)) = _t399;
				 *((long long*)(_t381 - 0x60)) = 0xf;
				 *((intOrPtr*)(_t381 - 0x78)) = r14b;
				_t346 =  *((intOrPtr*)(_t381 + 0x20));
				if (_t346 - 0x10 < 0) goto 0x87d4f3c0;
				if (_t346 + 1 - 0x1000 < 0) goto 0x87d4f3bb;
				if ( *((intOrPtr*)(_t381 + 8)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 + 8)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87d4f60a;
				E00007FF87FF887D656E4();
				 *((long long*)(_t381 + 0x18)) = _t399;
				 *((long long*)(_t381 + 0x20)) = 0xf;
				 *((char*)(_t381 + 8)) = 0;
				_t349 =  *_t381;
				if (_t349 - 0x10 < 0) goto 0x87d4f40b;
				if (_t349 + 1 - 0x1000 < 0) goto 0x87d4f406;
				_t256 =  *((intOrPtr*)(_t381 - 0x18)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x18)) - 8)) + 0xfffffff8;
				if (_t256 - 0x1f > 0) goto 0x87d4f611;
				E00007FF87FF887D656E4();
				_t405 = _t404 + 0x20;
				goto 0x87d4f4d7;
				 *_t405 = _t256;
				_t378 = _t377 - r12d;
				_t304 =  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68;
				asm("o16 nop [eax+eax]");
				_t162 =  *_t304 & 0x0000ffff;
				 *(_t378 - _t304 + _t304) = _t162;
				if (_t162 != 0) goto 0x87d4f440;
				 *_t405 = _t378;
				_t355 =  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68;
				E00007FF87FF887D54280(_t180, _t275, _t381 - 0x18,  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68, _t378, _t381);
				 *((long long*)(_t384 + 0x20)) = _t381 - 0x18;
				r8d = 0x134;
				E00007FF87FF887D45600(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "copy port \'{}\'"); // executed
				_t357 =  *_t381;
				if (_t357 - 0x10 < 0) goto 0x87d4f4d0;
				if (_t357 + 1 - 0x1000 < 0) goto 0x87d4f4cb;
				if ( *((intOrPtr*)(_t381 - 0x18)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x18)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87d4f618;
				E00007FF87FF887D656E4();
				r14d = 0;
				_t360 =  *((intOrPtr*)(_t381 - 0x40));
				if (_t360 - 8 < 0) goto 0x87d4f517;
				if (2 + _t360 * 2 - 0x1000 < 0) goto 0x87d4f512;
				if ( *((intOrPtr*)(_t381 - 0x58)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x58)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87d4f61f;
				E00007FF87FF887D656E4();
				 *((long long*)(_t381 - 0x48)) = _t399;
				 *((long long*)(_t381 - 0x40)) = 7;
				 *((intOrPtr*)(_t381 - 0x58)) = r14w;
				_t363 =  *((intOrPtr*)(_t381 - 0x20));
				if (_t363 - 8 < 0) goto 0x87d4f568;
				if (2 + _t363 * 2 - 0x1000 < 0) goto 0x87d4f563;
				if ( *((intOrPtr*)(_t381 - 0x38)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x38)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87d4f626;
				E00007FF87FF887D656E4();
				 *((long long*)(_t381 - 0x28)) = _t399;
				 *((long long*)(_t381 - 0x20)) = 7;
				 *((intOrPtr*)(_t381 - 0x38)) = r14w;
				_t366 =  *((intOrPtr*)(_t381 - 0x80));
				if (_t366 - 8 < 0) goto 0x87d4f5b6;
				if (2 + _t366 * 2 - 0x1000 < 0) goto 0x87d4f5b1;
				if ( *((intOrPtr*)(_t384 + 0x68)) -  *((intOrPtr*)( *((intOrPtr*)(_t384 + 0x68)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87d4f62d;
				E00007FF87FF887D656E4();
				if ( *_t275 !=  *((intOrPtr*)(_t384 + 0x48))) goto 0x87d4f140;
				0x87d65436();
				return E00007FF87FF887D65E20( *((intOrPtr*)(_t396 + 0x68)), 1,  *(_t381 + 0x28) ^ _t384);
			}



















































                                                            0x7ff887d4f010
                                                            0x7ff887d4f020
                                                            0x7ff887d4f025
                                                            0x7ff887d4f02c
                                                            0x7ff887d4f036
                                                            0x7ff887d4f03d
                                                            0x7ff887d4f042
                                                            0x7ff887d4f045
                                                            0x7ff887d4f04c
                                                            0x7ff887d4f051
                                                            0x7ff887d4f05c
                                                            0x7ff887d4f061
                                                            0x7ff887d4f068
                                                            0x7ff887d4f06b
                                                            0x7ff887d4f06e
                                                            0x7ff887d4f076
                                                            0x7ff887d4f080
                                                            0x7ff887d4f085
                                                            0x7ff887d4f08b
                                                            0x7ff887d4f095
                                                            0x7ff887d4f09d
                                                            0x7ff887d4f0a4
                                                            0x7ff887d4f0aa
                                                            0x7ff887d4f0ad
                                                            0x7ff887d4f0b1
                                                            0x7ff887d4f0b8
                                                            0x7ff887d4f0c7
                                                            0x7ff887d4f0d4
                                                            0x7ff887d4f0df
                                                            0x7ff887d4f0eb
                                                            0x7ff887d4f0ed
                                                            0x7ff887d4f0f2
                                                            0x7ff887d4f0f7
                                                            0x7ff887d4f103
                                                            0x7ff887d4f115
                                                            0x7ff887d4f11d
                                                            0x7ff887d4f123
                                                            0x7ff887d4f128
                                                            0x7ff887d4f12c
                                                            0x7ff887d4f131
                                                            0x7ff887d4f137
                                                            0x7ff887d4f13d
                                                            0x7ff887d4f148
                                                            0x7ff887d4f157
                                                            0x7ff887d4f161
                                                            0x7ff887d4f167
                                                            0x7ff887d4f16f
                                                            0x7ff887d4f182
                                                            0x7ff887d4f18f
                                                            0x7ff887d4f197
                                                            0x7ff887d4f19d
                                                            0x7ff887d4f1a2
                                                            0x7ff887d4f1a6
                                                            0x7ff887d4f1ae
                                                            0x7ff887d4f1b6
                                                            0x7ff887d4f1c7
                                                            0x7ff887d4f1d0
                                                            0x7ff887d4f1d9
                                                            0x7ff887d4f1e5
                                                            0x7ff887d4f1ea
                                                            0x7ff887d4f1f3
                                                            0x7ff887d4f1fc
                                                            0x7ff887d4f20b
                                                            0x7ff887d4f214
                                                            0x7ff887d4f21a
                                                            0x7ff887d4f21d
                                                            0x7ff887d4f221
                                                            0x7ff887d4f229
                                                            0x7ff887d4f235
                                                            0x7ff887d4f240
                                                            0x7ff887d4f243
                                                            0x7ff887d4f24e
                                                            0x7ff887d4f250
                                                            0x7ff887d4f257
                                                            0x7ff887d4f263
                                                            0x7ff887d4f270
                                                            0x7ff887d4f273
                                                            0x7ff887d4f27e
                                                            0x7ff887d4f280
                                                            0x7ff887d4f287
                                                            0x7ff887d4f294
                                                            0x7ff887d4f2a0
                                                            0x7ff887d4f2a3
                                                            0x7ff887d4f2ae
                                                            0x7ff887d4f2b0
                                                            0x7ff887d4f2bc
                                                            0x7ff887d4f2c5
                                                            0x7ff887d4f2d4
                                                            0x7ff887d4f2dd
                                                            0x7ff887d4f2ed
                                                            0x7ff887d4f2f7
                                                            0x7ff887d4f301
                                                            0x7ff887d4f30a
                                                            0x7ff887d4f313
                                                            0x7ff887d4f31f
                                                            0x7ff887d4f331
                                                            0x7ff887d4f337
                                                            0x7ff887d4f33f
                                                            0x7ff887d4f352
                                                            0x7ff887d4f367
                                                            0x7ff887d4f36d
                                                            0x7ff887d4f372
                                                            0x7ff887d4f375
                                                            0x7ff887d4f379
                                                            0x7ff887d4f381
                                                            0x7ff887d4f385
                                                            0x7ff887d4f38d
                                                            0x7ff887d4f3a0
                                                            0x7ff887d4f3b5
                                                            0x7ff887d4f3bb
                                                            0x7ff887d4f3c0
                                                            0x7ff887d4f3c4
                                                            0x7ff887d4f3cc
                                                            0x7ff887d4f3d0
                                                            0x7ff887d4f3d8
                                                            0x7ff887d4f3eb
                                                            0x7ff887d4f3f8
                                                            0x7ff887d4f400
                                                            0x7ff887d4f406
                                                            0x7ff887d4f40b
                                                            0x7ff887d4f40f
                                                            0x7ff887d4f416
                                                            0x7ff887d4f41c
                                                            0x7ff887d4f429
                                                            0x7ff887d4f435
                                                            0x7ff887d4f440
                                                            0x7ff887d4f443
                                                            0x7ff887d4f44e
                                                            0x7ff887d4f450
                                                            0x7ff887d4f45d
                                                            0x7ff887d4f467
                                                            0x7ff887d4f471
                                                            0x7ff887d4f47d
                                                            0x7ff887d4f48f
                                                            0x7ff887d4f495
                                                            0x7ff887d4f49d
                                                            0x7ff887d4f4b0
                                                            0x7ff887d4f4c5
                                                            0x7ff887d4f4cb
                                                            0x7ff887d4f4d4
                                                            0x7ff887d4f4d7
                                                            0x7ff887d4f4df
                                                            0x7ff887d4f4f7
                                                            0x7ff887d4f50c
                                                            0x7ff887d4f512
                                                            0x7ff887d4f517
                                                            0x7ff887d4f51b
                                                            0x7ff887d4f523
                                                            0x7ff887d4f528
                                                            0x7ff887d4f530
                                                            0x7ff887d4f548
                                                            0x7ff887d4f55d
                                                            0x7ff887d4f563
                                                            0x7ff887d4f568
                                                            0x7ff887d4f56c
                                                            0x7ff887d4f574
                                                            0x7ff887d4f579
                                                            0x7ff887d4f581
                                                            0x7ff887d4f59a
                                                            0x7ff887d4f5af
                                                            0x7ff887d4f5b1
                                                            0x7ff887d4f5c1
                                                            0x7ff887d4f5ce
                                                            0x7ff887d4f5fb

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$ExceptionThrow$C_error@std@@Mtx_lockMtx_unlockThrow_memset
                                                            • String ID: buffer has capacity of {}, while {} is needed$c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$copy port '{}'$copy port '{}', '{}', '{}'$port level {} is not valid$size needed is {}
                                                            • API String ID: 2180992759-3307107698
                                                            • Opcode ID: d0a291cdb2c3ad6c7ddc1ba408e20ac3f1f35012bb512ce83cc74023693e442c
                                                            • Instruction ID: dbeb6bd92eea99d1f0dcb9565ad95b21f0bfcf84d96804f5ec12e02f7f2393d2
                                                            • Opcode Fuzzy Hash: d0a291cdb2c3ad6c7ddc1ba408e20ac3f1f35012bb512ce83cc74023693e442c
                                                            • Instruction Fuzzy Hash: E4027B72B88B8685EF00DB68D4882AD2771FB457D8F505232EA5E57AEDDF38E485C340
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D65A7C Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61libraryloaderCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            C-Code - Quality: 23%
                                                            			E00007FF87FF887D65A7C(long long __rax, struct _CRITICAL_SECTION* __rbx, void* __r9, void* _a8) {

				InitializeCriticalSectionAndSpinCount(__rbx);
				GetModuleHandleW(??); // executed
				if (__rax != 0) goto 0x87d65ac2;
				GetModuleHandleW(??);
				if (__rax == 0) goto 0x87d65b41;
				GetProcAddress(??, ??);
				GetProcAddress(??, ??);
				if (__rax == 0) goto 0x87d65aff;
				if (__rax == 0) goto 0x87d65aff;
				 *0x87d91cf8 = __rax;
				 *0x87d91d00 = __rax;
				goto 0x87d65b1d;
				r9d = 0;
				r8d = 0;
				CreateEventW(??, ??, ??, ??);
				 *0x87d91cc8 = __rax;
				if (__rax == 0) goto 0x87d65b41;
				if (E00007FF87FF887D658B4(0, __rax) == 0) goto 0x87d65b41;
				E00007FF87FF887D65A64(E00007FF87FF887D658B4(0, __rax), __rax);
				return 0;
			}



                                                            0x7ff887d65a92
                                                            0x7ff887d65a9f
                                                            0x7ff887d65aab
                                                            0x7ff887d65ab4
                                                            0x7ff887d65ac0
                                                            0x7ff887d65acc
                                                            0x7ff887d65adf
                                                            0x7ff887d65ae8
                                                            0x7ff887d65aed
                                                            0x7ff887d65aef
                                                            0x7ff887d65af6
                                                            0x7ff887d65afd
                                                            0x7ff887d65aff
                                                            0x7ff887d65b02
                                                            0x7ff887d65b0b
                                                            0x7ff887d65b11
                                                            0x7ff887d65b1b
                                                            0x7ff887d65b26
                                                            0x7ff887d65b2f
                                                            0x7ff887d65b40

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                            • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                            • API String ID: 2565136772-3242537097
                                                            • Opcode ID: d861e4b9320158ff47eb84d8279c67ef2caac247e81ead71abf6a798d57e674a
                                                            • Instruction ID: 3351b9b0ff555726b9d1e286042aad4609fb00474b6734750ac8c41674bab600
                                                            • Opcode Fuzzy Hash: d861e4b9320158ff47eb84d8279c67ef2caac247e81ead71abf6a798d57e674a
                                                            • Instruction Fuzzy Hash: 9021F420A89A0391FA54DB25A89567C63B1BF447C4F885635D90F067ACEF2CB895C340
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D5E430 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 122COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FF887D5C078,?,?,?,00007FF887D5D3C7), ref: 00007FF887D5E44F
                                                            • ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FF887D5C078,?,?,?,00007FF887D5D3C7), ref: 00007FF887D5E45D
                                                            • ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FF887D5C078,?,?,?,00007FF887D5D3C7), ref: 00007FF887D5E477
                                                            • ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FF887D5C078,?,?,?,00007FF887D5D3C7), ref: 00007FF887D5E4A2
                                                            • ?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FF887D5C078,?,?,?,00007FF887D5D3C7), ref: 00007FF887D5E4CE
                                                            • std::_Facet_Register.LIBCPMT ref: 00007FF887D5E4EB
                                                            • ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FF887D5C078,?,?,?,00007FF887D5D3C7), ref: 00007FF887D5E50A
                                                            • ?length@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1_K@Z.MSVCP140 ref: 00007FF887D5E531
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887D5E578
                                                            • _localtime64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF887D5E584
                                                              • Part of subcall function 00007FF887D4D810: __std_exception_copy.VCRUNTIME140 ref: 00007FF887D4D83F
                                                              • Part of subcall function 00007FF887D57ED0: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF887D5E5AE), ref: 00007FF887D57EED
                                                              • Part of subcall function 00007FF887D57ED0: _CxxThrowException.VCRUNTIME140 ref: 00007FF887D57F20
                                                              • Part of subcall function 00007FF887D57ED0: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(?,?,?,?,?,00000000), ref: 00007FF887D5D34F
                                                              • Part of subcall function 00007FF887D57ED0: ?uncaught_exception@std@@YA_NXZ.MSVCP140(?,?,?,?,?,00000000), ref: 00007FF887D5D3DA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: D@std@@@std@@ExceptionLockit@std@@Mbstatet@@@std@@ThrowU?$char_traits@$??0_??1_?flush@?$basic_ostream@?getloc@?$basic_streambuf@?length@?$codecvt@_?uncaught_exception@std@@Bid@locale@std@@Concurrency::cancel_current_taskFacet_Getcat@?$codecvt@_Getgloballocale@locale@std@@Locimp@12@Mbstatet@@RegisterV12@V42@@Vfacet@locale@2@Vlocale@2@__std_exception_copy_localtime64std::_
                                                            • String ID: could not convert calendar time to local time
                                                            • API String ID: 566687407-4174379530
                                                            • Opcode ID: 7730723aa5f217de64bff47fb819d92a538bb737153a0366e2201d2edec3ae85
                                                            • Instruction ID: 8a104f52e6997f98ba54e1b5929573f0ab817f14126bf3575da8fa3c0ed69a8e
                                                            • Opcode Fuzzy Hash: 7730723aa5f217de64bff47fb819d92a538bb737153a0366e2201d2edec3ae85
                                                            • Instruction Fuzzy Hash: 4A517C22A49B8582EA14AF15E44426EA770FB95FD0F584735EB9E07BADDF3CE440C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D4BF60 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 241COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 366 7ff887d4bf60-7ff887d4c00c OutputDebugStringA call 7ff887d5d640 369 7ff887d4c02c-7ff887d4c046 call 7ff887d606f0 366->369 370 7ff887d4c00e-7ff887d4c017 366->370 376 7ff887d4c048-7ff887d4c05d 369->376 377 7ff887d4c080-7ff887d4c0e1 call 7ff887d54280 call 7ff887d45600 369->377 372 7ff887d4c01c-7ff887d4c027 call 7ff887d49100 370->372 373 7ff887d4c019 370->373 372->369 373->372 378 7ff887d4c05f-7ff887d4c072 376->378 379 7ff887d4c07b call 7ff887d656e4 376->379 386 7ff887d4c11b-7ff887d4c14c call 7ff887d4e0d0 call 7ff887d54280 call 7ff887d4fe00 377->386 387 7ff887d4c0e3-7ff887d4c0f8 377->387 378->379 381 7ff887d4c074-7ff887d4c07a _invalid_parameter_noinfo_noreturn 378->381 379->377 381->379 398 7ff887d4c14e-7ff887d4c163 386->398 399 7ff887d4c187-7ff887d4c1a8 386->399 389 7ff887d4c0fa-7ff887d4c10d 387->389 390 7ff887d4c116 call 7ff887d656e4 387->390 389->390 393 7ff887d4c10f-7ff887d4c115 _invalid_parameter_noinfo_noreturn 389->393 390->386 393->390 400 7ff887d4c165-7ff887d4c178 398->400 401 7ff887d4c181-7ff887d4c186 call 7ff887d656e4 398->401 402 7ff887d4c1ae-7ff887d4c31c call 7ff887d45db0 399->402 403 7ff887d4c3f8-7ff887d4c40b call 7ff887d65c04 399->403 400->401 405 7ff887d4c17a-7ff887d4c180 _invalid_parameter_noinfo_noreturn 400->405 401->399 409 7ff887d4c321-7ff887d4c341 call 7ff887d606f0 402->409 403->402 411 7ff887d4c411-7ff887d4c41e call 7ff887d656a8 403->411 405->401 416 7ff887d4c37c-7ff887d4c3f7 call 7ff887d65e20 409->416 417 7ff887d4c343-7ff887d4c358 409->417 418 7ff887d4c449-7ff887d4c46a call 7ff887d65a64 call 7ff887d65ba4 411->418 419 7ff887d4c420-7ff887d4c442 411->419 420 7ff887d4c35a-7ff887d4c36d 417->420 421 7ff887d4c376-7ff887d4c37b call 7ff887d656e4 417->421 418->402 419->418 420->421 425 7ff887d4c36f-7ff887d4c375 _invalid_parameter_noinfo_noreturn 420->425 421->416 425->421
                                                            C-Code - Quality: 20%
                                                            			E00007FF87FF887D4BF60(long long __rbx, void* __rcx, void* __rbp, void* __r14, long long _a16) {
				signed int _v16;
				intOrPtr _v24;
				char _v48;
				intOrPtr _v56;
				char _v80;
				long long _v88;
				long long _v96;
				char _v106;
				short _v108;
				char _v112;
				long long _v128;
				long long _v168;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				long long _v208;
				long long _v216;
				long long _v224;
				long long _v232;
				long long _v240;
				long long _v248;
				long long _v256;
				char _v264;
				long long _v280;
				char _t73;
				void* _t100;
				void* _t112;
				signed long long _t120;
				signed long long _t121;
				long long _t125;
				intOrPtr _t134;
				intOrPtr* _t135;
				long long _t149;
				intOrPtr _t154;
				void* _t159;
				intOrPtr _t160;
				intOrPtr _t174;
				signed long long _t175;
				char _t177;
				long long _t185;
				intOrPtr _t190;
				intOrPtr _t195;
				void* _t196;
				intOrPtr _t199;
				intOrPtr _t202;
				void* _t206;
				void* _t207;
				void* _t208;
				void* _t211;

				_t215 = __r14;
				_t207 = __rbp;
				_a16 = __rbx;
				_t209 = _t208 - 0x130;
				_t120 =  *0x87d8ec78; // 0x522936145607
				_t121 = _t120 ^ _t208 - 0x00000130;
				_v16 = _t121;
				_t159 = __rcx;
				OutputDebugStringA(??); // executed
				_v112 = 0;
				_v88 = 0xf;
				_v96 = 6;
				_t73 = "system"; // 0x74737973
				_v112 = _t73;
				_v108 =  *0x87d7ba84 & 0x0000ffff;
				_v106 = 0;
				_v80 = 0;
				asm("movdqa xmm0, [0x303b5]");
				asm("movdqu [esp+0xf8], xmm0");
				_v80 = 0;
				E00007FF87FF887D5D640(__rcx, "wfaxport.dll initialize", _t211);
				if ( &_v80 == _t121) goto 0x87d4c02c;
				_t212 =  *((intOrPtr*)(_t121 + 0x10));
				if ( *((long long*)(_t121 + 0x18)) - 0x10 < 0) goto 0x87d4c01c;
				E00007FF87FF887D49100(_t159,  &_v80,  *_t121,  *((intOrPtr*)(_t121 + 0x10)), __r14);
				E00007FF87FF887D606F0( *((long long*)(_t121 + 0x18)) - 0x10,  *_t121,  &_v112,  *((intOrPtr*)(_t121 + 0x10)));
				_t185 = _v88;
				if (_t185 - 0x10 < 0) goto 0x87d4c080;
				if (_t185 + 1 - 0x1000 < 0) goto 0x87d4c07b;
				_t125 = _v112 -  *((intOrPtr*)(_v112 - 8)) + 0xfffffff8;
				if (_t125 - 0x1f <= 0) goto 0x87d4c07b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v96 = 0;
				_v88 = 0xf;
				_v112 = 0;
				E00007FF87FF887D54280(_t100, _t159,  &_v48, _t159, _t206, _t207);
				_v280 = _t125;
				r8d = 0xd7;
				E00007FF87FF887D45600(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "InitializePrintMonitor \'{}\'"); // executed
				_t190 = _v24;
				if (_t190 - 0x10 < 0) goto 0x87d4c11b;
				_t170 = _v48;
				if (_t190 + 1 - 0x1000 < 0) goto 0x87d4c116;
				if (_v48 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4c116;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				E00007FF87FF887D4E0D0( *((intOrPtr*)(_t170 - 8)), _t190 + 0x28);
				E00007FF87FF887D54280(_t100, _t159,  &_v48, _t159, _t206, _t207);
				E00007FF87FF887D4FE00(_v48 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8 - 0x1f, _t159, _v48 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8, _v48 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8, _t207,  *((intOrPtr*)(_t121 + 0x10)), _t215); // executed
				_t195 = _v24;
				if (_t195 - 0x10 < 0) goto 0x87d4c187;
				_t196 = _t195 + 1;
				_t174 = _v48;
				if (_t196 - 0x1000 < 0) goto 0x87d4c181;
				_t175 =  *((intOrPtr*)(_t174 - 8));
				if (_t174 - _t175 + 0xfffffff8 - 0x1f <= 0) goto 0x87d4c181;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_t112 =  *0x87d91a88 -  *((intOrPtr*)(_t196 + 0x27 +  *((intOrPtr*)( *[gs:0x58] + _t175 * 8)))); // 0x8000000c
				if (_t112 > 0) goto 0x87d4c3f8;
				_t134 =  *0x87d91a80; // 0xcc0560
				asm("xorps xmm0, xmm0");
				asm("movups [eax+0x8], xmm0");
				asm("movups [eax+0x18], xmm0");
				asm("movups [eax+0x28], xmm0");
				asm("movups [eax+0x38], xmm0");
				asm("movups [eax+0x48], xmm0");
				asm("movups [eax+0x58], xmm0");
				asm("movups [eax+0x68], xmm0");
				asm("movups [eax+0x78], xmm0");
				 *(_t134 + 0x88) = _t175;
				_t135 =  *0x87d91a80; // 0xcc0560
				 *_t135 = 0x88;
				_v256 = 0x7ff887d4a1f0;
				_v248 = 0x7ff887d4a620;
				_v240 = 0x7ff887d4a8e0;
				_v232 = 0x7ff887d4ab60;
				_v224 = 0x7ff887d4ae80;
				_v216 = 0x7ff887d4a8f0;
				_v208 = 0x7ff887d4a000;
				_v200 = 0x7ff887d49780;
				_v192 = 0x7ff887d493c0;
				_v184 = 0x7ff887d49770;
				_v176 = 0x7ff887d49980;
				_v168 = 0x7ff887d49c50;
				asm("xorps xmm2, xmm2");
				_v128 = 0x7ff887d49c50;
				asm("movups xmm0, [esp+0x38]");
				asm("movups [eax+0x8], xmm0");
				asm("movups xmm1, [esp+0x48]");
				asm("movups [eax+0x18], xmm1");
				asm("movups xmm0, [esp+0x58]");
				asm("movups [eax+0x28], xmm0");
				asm("movups xmm1, [esp+0x68]");
				asm("movups [eax+0x38], xmm1");
				asm("movups xmm0, [esp+0x78]");
				asm("movups [eax+0x48], xmm0");
				asm("movups xmm1, [esp+0x88]");
				asm("movups [eax+0x58], xmm1");
				asm("movups [eax+0x68], xmm2");
				asm("movups [eax+0x78], xmm2");
				asm("movsd xmm0, [esp+0xb8]");
				asm("movsd [eax+0x88], xmm0");
				_t149 =  *0x87d91a80; // 0xcc0560
				_v264 = _t149;
				_v280 =  &_v264;
				r8d = 0xf0;
				E00007FF87FF887D45DB0(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "return MONITOREX {:#x}");
				_t160 =  *0x87d91a80; // 0xcc0560
				E00007FF87FF887D606F0(_t112,  &_v264,  &_v80,  *((intOrPtr*)(_t121 + 0x10)));
				_t199 = _v56;
				if (_t199 - 0x10 < 0) goto 0x87d4c37c;
				_t177 = _v80;
				if (_t199 + 1 - 0x1000 < 0) goto 0x87d4c376;
				_t115 = _t177 -  *((intOrPtr*)(_t177 - 8)) + 0xfffffff8 - 0x1f;
				if (_t177 -  *((intOrPtr*)(_t177 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4c376;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_t154 = _t160;
				E00007FF87FF887D606F0(_t115, _t154,  &_v80, _t212);
				_t202 = _v56;
				if (_t202 - 0x10 < 0) goto 0x87d4c3d5;
				if (_t202 + 1 - 0x1000 < 0) goto 0x87d4c3cf;
				if (_v80 -  *((intOrPtr*)(_v80 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4c3cf;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				return E00007FF87FF887D65E20(0, 1, _v16 ^ _t209);
			}





















































                                                            0x7ff887d4bf60
                                                            0x7ff887d4bf60
                                                            0x7ff887d4bf60
                                                            0x7ff887d4bf66
                                                            0x7ff887d4bf6d
                                                            0x7ff887d4bf74
                                                            0x7ff887d4bf77
                                                            0x7ff887d4bf7f
                                                            0x7ff887d4bf89
                                                            0x7ff887d4bf8f
                                                            0x7ff887d4bf9b
                                                            0x7ff887d4bfa7
                                                            0x7ff887d4bfb3
                                                            0x7ff887d4bfb9
                                                            0x7ff887d4bfc7
                                                            0x7ff887d4bfcf
                                                            0x7ff887d4bfd7
                                                            0x7ff887d4bfe3
                                                            0x7ff887d4bfeb
                                                            0x7ff887d4bff4
                                                            0x7ff887d4bffc
                                                            0x7ff887d4c00c
                                                            0x7ff887d4c00e
                                                            0x7ff887d4c017
                                                            0x7ff887d4c027
                                                            0x7ff887d4c034
                                                            0x7ff887d4c03a
                                                            0x7ff887d4c046
                                                            0x7ff887d4c05d
                                                            0x7ff887d4c06a
                                                            0x7ff887d4c072
                                                            0x7ff887d4c074
                                                            0x7ff887d4c07a
                                                            0x7ff887d4c07b
                                                            0x7ff887d4c080
                                                            0x7ff887d4c08c
                                                            0x7ff887d4c098
                                                            0x7ff887d4c0ab
                                                            0x7ff887d4c0b1
                                                            0x7ff887d4c0bd
                                                            0x7ff887d4c0cf
                                                            0x7ff887d4c0d5
                                                            0x7ff887d4c0e1
                                                            0x7ff887d4c0e6
                                                            0x7ff887d4c0f8
                                                            0x7ff887d4c10d
                                                            0x7ff887d4c10f
                                                            0x7ff887d4c115
                                                            0x7ff887d4c116
                                                            0x7ff887d4c11b
                                                            0x7ff887d4c12e
                                                            0x7ff887d4c13a
                                                            0x7ff887d4c140
                                                            0x7ff887d4c14c
                                                            0x7ff887d4c14e
                                                            0x7ff887d4c151
                                                            0x7ff887d4c163
                                                            0x7ff887d4c169
                                                            0x7ff887d4c178
                                                            0x7ff887d4c17a
                                                            0x7ff887d4c180
                                                            0x7ff887d4c181
                                                            0x7ff887d4c1a2
                                                            0x7ff887d4c1a8
                                                            0x7ff887d4c1ae
                                                            0x7ff887d4c1b5
                                                            0x7ff887d4c1ba
                                                            0x7ff887d4c1be
                                                            0x7ff887d4c1c2
                                                            0x7ff887d4c1c6
                                                            0x7ff887d4c1ca
                                                            0x7ff887d4c1ce
                                                            0x7ff887d4c1d2
                                                            0x7ff887d4c1d6
                                                            0x7ff887d4c1da
                                                            0x7ff887d4c1e1
                                                            0x7ff887d4c1e8
                                                            0x7ff887d4c1f5
                                                            0x7ff887d4c201
                                                            0x7ff887d4c20d
                                                            0x7ff887d4c219
                                                            0x7ff887d4c225
                                                            0x7ff887d4c231
                                                            0x7ff887d4c23d
                                                            0x7ff887d4c249
                                                            0x7ff887d4c255
                                                            0x7ff887d4c261
                                                            0x7ff887d4c270
                                                            0x7ff887d4c27f
                                                            0x7ff887d4c287
                                                            0x7ff887d4c28c
                                                            0x7ff887d4c29b
                                                            0x7ff887d4c2a0
                                                            0x7ff887d4c2a4
                                                            0x7ff887d4c2a9
                                                            0x7ff887d4c2ad
                                                            0x7ff887d4c2b2
                                                            0x7ff887d4c2b6
                                                            0x7ff887d4c2bb
                                                            0x7ff887d4c2bf
                                                            0x7ff887d4c2c4
                                                            0x7ff887d4c2c8
                                                            0x7ff887d4c2d0
                                                            0x7ff887d4c2d4
                                                            0x7ff887d4c2d8
                                                            0x7ff887d4c2dc
                                                            0x7ff887d4c2e5
                                                            0x7ff887d4c2ed
                                                            0x7ff887d4c2f4
                                                            0x7ff887d4c2fe
                                                            0x7ff887d4c30a
                                                            0x7ff887d4c31c
                                                            0x7ff887d4c321
                                                            0x7ff887d4c330
                                                            0x7ff887d4c335
                                                            0x7ff887d4c341
                                                            0x7ff887d4c346
                                                            0x7ff887d4c358
                                                            0x7ff887d4c369
                                                            0x7ff887d4c36d
                                                            0x7ff887d4c36f
                                                            0x7ff887d4c375
                                                            0x7ff887d4c376
                                                            0x7ff887d4c37c
                                                            0x7ff887d4c389
                                                            0x7ff887d4c38e
                                                            0x7ff887d4c39a
                                                            0x7ff887d4c3b1
                                                            0x7ff887d4c3c6
                                                            0x7ff887d4c3c8
                                                            0x7ff887d4c3ce
                                                            0x7ff887d4c3cf
                                                            0x7ff887d4c3f7

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$DebugOutputString__tlregdtor
                                                            • String ID: InitializePrintMonitor '{}'$c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$return MONITOREX {:#x}$system$wfaxport.dll initialize
                                                            • API String ID: 4009608328-1001868195
                                                            • Opcode ID: d29b204d750ee2104ba942948662fceb891a18b0ed60b6343b5aa9bbfca1335b
                                                            • Instruction ID: 80c1269a3b70bbf6c8a1d5c14118bbaaeae6cf54efdbf6efd54e3088d7787f37
                                                            • Opcode Fuzzy Hash: d29b204d750ee2104ba942948662fceb891a18b0ed60b6343b5aa9bbfca1335b
                                                            • Instruction Fuzzy Hash: 31D13B22A99BC281EA50CB14E9403BD7370FB997D4F509336DA9E027A9EF6CE5C5C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D50020 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 193COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 432 7ff887d50020-7ff887d50083 call 7ff887d53d90 call 7ff887d53c10 437 7ff887d500f5 432->437 438 7ff887d50085-7ff887d5008e 432->438 439 7ff887d500f7-7ff887d50103 437->439 440 7ff887d500be-7ff887d500f3 438->440 441 7ff887d50090-7ff887d500a2 438->441 442 7ff887d5013e-7ff887d50156 call 7ff887d53b40 439->442 443 7ff887d50105-7ff887d5011a 439->443 440->439 444 7ff887d500b9 call 7ff887d656e4 441->444 445 7ff887d500a4-7ff887d500b7 441->445 455 7ff887d5017f-7ff887d50202 call 7ff887d449b0 call 7ff887d53b40 442->455 456 7ff887d50158-7ff887d5017a call 7ff887d45600 442->456 448 7ff887d5011c-7ff887d5012f 443->448 449 7ff887d50138-7ff887d5013d call 7ff887d656e4 443->449 444->440 445->444 446 7ff887d50131-7ff887d50137 _invalid_parameter_noinfo_noreturn 445->446 446->449 448->446 448->449 449->442 462 7ff887d5022e-7ff887d502b3 call 7ff887d449b0 call 7ff887d53b40 455->462 463 7ff887d50204-7ff887d50229 call 7ff887d45600 455->463 456->455 468 7ff887d502b8-7ff887d502ba 462->468 463->462 469 7ff887d502bc-7ff887d502e1 call 7ff887d45600 468->469 470 7ff887d502e6-7ff887d50325 468->470 469->470 472 7ff887d5035f-7ff887d50384 470->472 473 7ff887d50327-7ff887d5033c 470->473 476 7ff887d503bb-7ff887d503e2 call 7ff887d65e20 472->476 477 7ff887d50386-7ff887d50398 472->477 474 7ff887d5033e-7ff887d50351 473->474 475 7ff887d5035a call 7ff887d656e4 473->475 474->475 478 7ff887d50353-7ff887d50359 _invalid_parameter_noinfo_noreturn 474->478 475->472 480 7ff887d5039a-7ff887d503ad 477->480 481 7ff887d503b6 call 7ff887d656e4 477->481 478->475 480->481 483 7ff887d503af-7ff887d503b5 _invalid_parameter_noinfo_noreturn 480->483 481->476 483->481
                                                            C-Code - Quality: 36%
                                                            			E00007FF87FF887D50020(long long __rbx, long long __rcx, long long __rsi, void* __r8, long long _a16, long long _a24) {
				void* _v8;
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				long long _v64;
				long long _v72;
				char _v88;
				long long _v96;
				char _v104;
				long long _v112;
				long long _v120;
				char _v136;
				long long _v144;
				long long _v152;
				char _v168;
				long long _v176;
				char _v184;
				long long _v208;
				long long _v216;
				long long _v232;
				void* __rdi;
				void* _t77;
				void* _t81;
				void* _t84;
				void* _t87;
				void* _t92;
				signed long long _t118;
				signed long long _t119;
				long long _t170;
				intOrPtr _t173;
				long long _t181;
				intOrPtr _t184;
				long long _t187;
				signed long long _t189;
				void* _t191;
				void* _t192;
				void* _t195;
				void* _t202;

				_t195 = __r8;
				_a16 = __rbx;
				_a24 = __rsi;
				_t193 = _t192 - 0x100;
				_t118 =  *0x87d8ec78; // 0x522936145607
				_t119 = _t118 ^ _t192 - 0x00000100;
				_v24 = _t119;
				_v104 = __rcx;
				_t77 = E00007FF87FF887D53D90(_t92, __rcx,  &_v168, __rsi, _t191, __r8, _t202);
				asm("movups xmm0, [0x2e0a7]");
				asm("movaps [esp+0x30], xmm0");
				E00007FF87FF887D53C10(_t77, _t92, __rcx,  &_v56, _t195, _t202); // executed
				_t189 = _t119;
				if ( &_v168 == _t189) goto 0x87d500f5;
				_t170 = _v144;
				if (_t170 - 0x10 < 0) goto 0x87d500be;
				if (_t170 + 1 - 0x1000 < 0) goto 0x87d500b9;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87d50131;
				E00007FF87FF887D656E4();
				_v152 = _t187;
				_v144 = 0xf;
				_v168 = dil;
				asm("movups xmm0, [esi]");
				asm("movups [esp+0x60], xmm0");
				asm("movups xmm1, [esi+0x10]");
				asm("movups [esp+0x70], xmm1");
				 *((long long*)(_t189 + 0x10)) = _t187;
				 *((long long*)(_t189 + 0x18)) = 0xf;
				 *_t189 = dil;
				goto 0x87d500f7;
				_t173 = _v32;
				if (_t173 - 0x10 < 0) goto 0x87d5013e;
				if (_t173 + 1 - 0x1000 < 0) goto 0x87d50138;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d50138;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_t81 = E00007FF87FF887D53B40( &_v168); // executed
				if (_t81 != 0) goto 0x87d5017f;
				_v232 =  &_v168;
				r8d = 0x1d;
				E00007FF87FF887D45600(_t195 - 0x19, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create ProgramData dir \'{}\'");
				_t129 =  >=  ? _v168 :  &_v168;
				_v104 =  >=  ? _v168 :  &_v168;
				_v96 = _v152;
				_v184 = 0xe;
				_v176 =  &_v104;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x30], xmm0");
				_v184 = "{}\\Wildix";
				_v176 = 9;
				E00007FF87FF887D449B0(_v104,  &_v136, _t187, _t189);
				_t84 = E00007FF87FF887D53B40( &_v136); // executed
				if (_t84 != 0) goto 0x87d5022e;
				_v232 =  &_v136;
				r8d = 0x20;
				E00007FF87FF887D45600( &_v216 - 0x1c, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create Wildix dir \'{}\'");
				_t135 =  >=  ? _v136 :  &_v136;
				_v184 =  >=  ? _v136 :  &_v136;
				_v176 = _v120;
				_v216 = 0xe;
				_v208 =  &_v184;
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0xd0], xmm0");
				_v216 = "{}\\FaxPrinter";
				_v208 = 0xd;
				E00007FF87FF887D449B0(_v104,  &_v88, _t187, _t189);
				_t87 = E00007FF87FF887D53B40( &_v88); // executed
				if (_t87 != 0) goto 0x87d502e6;
				_v232 =  &_v88;
				r8d = 0x23;
				E00007FF87FF887D45600( &_v56 - 0x1f, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create printing dir \'{}\'");
				asm("movups xmm0, [esp+0xb0]");
				asm("movups [ebx], xmm0");
				asm("movups xmm1, [esp+0xc0]");
				asm("movups [ebx+0x10], xmm1");
				_v72 = _t187;
				_v64 = 0xf;
				_v88 = 0;
				_t181 = _v112;
				if (_t181 - 0x10 < 0) goto 0x87d5035f;
				if (_t181 + 1 - 0x1000 < 0) goto 0x87d5035a;
				if (_v136 -  *((intOrPtr*)(_v136 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d5035a;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v120 = _t187;
				_v112 = 0xf;
				_v136 = 0;
				_t184 = _v144;
				if (_t184 - 0x10 < 0) goto 0x87d503bb;
				if (_t184 + 1 - 0x1000 < 0) goto 0x87d503b6;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d503b6;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887D65E20(E00007FF87FF887D656E4(),  &_v56 - 0x1f, _v24 ^ _t193);
			}









































                                                            0x7ff887d50020
                                                            0x7ff887d50020
                                                            0x7ff887d50025
                                                            0x7ff887d5002b
                                                            0x7ff887d50032
                                                            0x7ff887d50039
                                                            0x7ff887d5003c
                                                            0x7ff887d50047
                                                            0x7ff887d50054
                                                            0x7ff887d5005a
                                                            0x7ff887d50061
                                                            0x7ff887d50073
                                                            0x7ff887d50078
                                                            0x7ff887d50083
                                                            0x7ff887d50085
                                                            0x7ff887d5008e
                                                            0x7ff887d500a2
                                                            0x7ff887d500b7
                                                            0x7ff887d500b9
                                                            0x7ff887d500c0
                                                            0x7ff887d500c5
                                                            0x7ff887d500ce
                                                            0x7ff887d500d3
                                                            0x7ff887d500d6
                                                            0x7ff887d500db
                                                            0x7ff887d500df
                                                            0x7ff887d500e4
                                                            0x7ff887d500e8
                                                            0x7ff887d500f0
                                                            0x7ff887d500f3
                                                            0x7ff887d500f7
                                                            0x7ff887d50103
                                                            0x7ff887d5011a
                                                            0x7ff887d5012f
                                                            0x7ff887d50131
                                                            0x7ff887d50137
                                                            0x7ff887d50138
                                                            0x7ff887d5014f
                                                            0x7ff887d50156
                                                            0x7ff887d5015d
                                                            0x7ff887d50169
                                                            0x7ff887d5017a
                                                            0x7ff887d5018a
                                                            0x7ff887d50190
                                                            0x7ff887d5019d
                                                            0x7ff887d501a5
                                                            0x7ff887d501b6
                                                            0x7ff887d501bb
                                                            0x7ff887d501c0
                                                            0x7ff887d501cd
                                                            0x7ff887d501d2
                                                            0x7ff887d501ed
                                                            0x7ff887d501fb
                                                            0x7ff887d50202
                                                            0x7ff887d5020c
                                                            0x7ff887d50218
                                                            0x7ff887d50229
                                                            0x7ff887d5023f
                                                            0x7ff887d50248
                                                            0x7ff887d50255
                                                            0x7ff887d5025a
                                                            0x7ff887d50268
                                                            0x7ff887d5026d
                                                            0x7ff887d50272
                                                            0x7ff887d50282
                                                            0x7ff887d50287
                                                            0x7ff887d502a5
                                                            0x7ff887d502b3
                                                            0x7ff887d502ba
                                                            0x7ff887d502c4
                                                            0x7ff887d502d0
                                                            0x7ff887d502e1
                                                            0x7ff887d502e6
                                                            0x7ff887d502ee
                                                            0x7ff887d502f1
                                                            0x7ff887d502f9
                                                            0x7ff887d502fd
                                                            0x7ff887d50305
                                                            0x7ff887d50311
                                                            0x7ff887d50319
                                                            0x7ff887d50325
                                                            0x7ff887d5033c
                                                            0x7ff887d50351
                                                            0x7ff887d50353
                                                            0x7ff887d50359
                                                            0x7ff887d5035a
                                                            0x7ff887d5035f
                                                            0x7ff887d50367
                                                            0x7ff887d50373
                                                            0x7ff887d5037b
                                                            0x7ff887d50384
                                                            0x7ff887d50398
                                                            0x7ff887d503ad
                                                            0x7ff887d503af
                                                            0x7ff887d503b5
                                                            0x7ff887d503e2

                                                            APIs
                                                              • Part of subcall function 00007FF887D53D90: GetTempPathW.KERNEL32 ref: 00007FF887D53DDA
                                                              • Part of subcall function 00007FF887D53D90: GetLastError.KERNEL32 ref: 00007FF887D53DE4
                                                              • Part of subcall function 00007FF887D53D90: WideCharToMultiByte.KERNEL32 ref: 00007FF887D53E63
                                                              • Part of subcall function 00007FF887D53D90: WideCharToMultiByte.KERNEL32 ref: 00007FF887D53E9C
                                                              • Part of subcall function 00007FF887D53C10: WideCharToMultiByte.KERNEL32 ref: 00007FF887D53CE0
                                                              • Part of subcall function 00007FF887D53C10: WideCharToMultiByte.KERNEL32 ref: 00007FF887D53D19
                                                              • Part of subcall function 00007FF887D53C10: CoTaskMemFree.OLE32 ref: 00007FF887D53D27
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D50131
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide$ErrorFreeLastPathTaskTemp_invalid_parameter_noinfo_noreturn
                                                            • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$couldn't create ProgramData dir '{}'$couldn't create Wildix dir '{}'$couldn't create printing dir '{}'${}\FaxPrinter${}\Wildix
                                                            • API String ID: 965925647-3675253893
                                                            • Opcode ID: a6f98ecfad0aa268efe7e34f36f2384c382b76b59e415cf4abe5ced98e2ce3b4
                                                            • Instruction ID: e05142998d0fcd6cef71a01b3f719e65d971067cafce554296448ae23f330bea
                                                            • Opcode Fuzzy Hash: a6f98ecfad0aa268efe7e34f36f2384c382b76b59e415cf4abe5ced98e2ce3b4
                                                            • Instruction Fuzzy Hash: 01A13F22A59BC586EA20CB24E4403AEB375FB957D4F405331E6DE42AADEF7CE184C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D50140 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 127COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            C-Code - Quality: 45%
                                                            			E00007FF87FF887D50140(long long __rdi, void* __rsi, void* __r8, long long _a32, long long _a48, long long _a56, char _a80, long long _a88, char _a96, long long _a112, intOrPtr _a120, char _a128, long long _a144, long long _a152, char _a160, long long _a168, char _a176, long long _a192, long long _a200, char _a208, signed int _a240, void* _a256) {
				void* _t58;
				void* _t61;
				void* _t64;
				long long _t123;
				intOrPtr _t126;
				long long _t129;
				signed long long _t133;

				_t131 = __rsi;
				_t129 = __rdi;
				_t58 = E00007FF87FF887D53B40( &_a96); // executed
				if (_t58 != 0) goto 0x87d5017f;
				_a32 =  &_a96;
				r8d = 0x1d;
				E00007FF87FF887D45600(__r8 - 0x19, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create ProgramData dir \'{}\'");
				_t87 =  >=  ? _a96 :  &_a96;
				_a160 =  >=  ? _a96 :  &_a96;
				_a168 = _a112;
				_a80 = 0xe;
				_a88 =  &_a160;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x30], xmm0");
				_a80 = "{}\\Wildix";
				_a88 = 9;
				E00007FF87FF887D449B0(_a160,  &_a128, __rdi, __rsi);
				_t61 = E00007FF87FF887D53B40( &_a128); // executed
				if (_t61 != 0) goto 0x87d5022e;
				_a32 =  &_a128;
				r8d = 0x20;
				E00007FF87FF887D45600( &_a48 - 0x1c, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create Wildix dir \'{}\'");
				_t93 =  >=  ? _a128 :  &_a128;
				_a80 =  >=  ? _a128 :  &_a128;
				_a88 = _a144;
				_a48 = 0xe;
				_a56 =  &_a80;
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0xd0], xmm0");
				_a48 = "{}\\FaxPrinter";
				_a56 = 0xd;
				E00007FF87FF887D449B0(_a160,  &_a176, _t129, _t131);
				_t64 = E00007FF87FF887D53B40( &_a176); // executed
				if (_t64 != 0) goto 0x87d502e6;
				_a32 =  &_a176;
				r8d = 0x23;
				E00007FF87FF887D45600( &_a208 - 0x1f, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create printing dir \'{}\'");
				asm("movups xmm0, [esp+0xb0]");
				asm("movups [ebx], xmm0");
				asm("movups xmm1, [esp+0xc0]");
				asm("movups [ebx+0x10], xmm1");
				_a192 = _t129;
				_a200 = 0xf;
				_a176 = 0;
				_t123 = _a152;
				if (_t123 - 0x10 < 0) goto 0x87d5035f;
				if (_t123 + 1 - 0x1000 < 0) goto 0x87d5035a;
				if (_a128 -  *((intOrPtr*)(_a128 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d5035a;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_a144 = _t129;
				_a152 = 0xf;
				_a128 = 0;
				_t126 = _a120;
				if (_t126 - 0x10 < 0) goto 0x87d503bb;
				if (_t126 + 1 - 0x1000 < 0) goto 0x87d503b6;
				if (_a96 -  *((intOrPtr*)(_a96 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d503b6;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887D65E20(E00007FF87FF887D656E4(),  &_a208 - 0x1f, _a240 ^ _t133);
			}










                                                            0x7ff887d50140
                                                            0x7ff887d50140
                                                            0x7ff887d5014f
                                                            0x7ff887d50156
                                                            0x7ff887d5015d
                                                            0x7ff887d50169
                                                            0x7ff887d5017a
                                                            0x7ff887d5018a
                                                            0x7ff887d50190
                                                            0x7ff887d5019d
                                                            0x7ff887d501a5
                                                            0x7ff887d501b6
                                                            0x7ff887d501bb
                                                            0x7ff887d501c0
                                                            0x7ff887d501cd
                                                            0x7ff887d501d2
                                                            0x7ff887d501ed
                                                            0x7ff887d501fb
                                                            0x7ff887d50202
                                                            0x7ff887d5020c
                                                            0x7ff887d50218
                                                            0x7ff887d50229
                                                            0x7ff887d5023f
                                                            0x7ff887d50248
                                                            0x7ff887d50255
                                                            0x7ff887d5025a
                                                            0x7ff887d50268
                                                            0x7ff887d5026d
                                                            0x7ff887d50272
                                                            0x7ff887d50282
                                                            0x7ff887d50287
                                                            0x7ff887d502a5
                                                            0x7ff887d502b3
                                                            0x7ff887d502ba
                                                            0x7ff887d502c4
                                                            0x7ff887d502d0
                                                            0x7ff887d502e1
                                                            0x7ff887d502e6
                                                            0x7ff887d502ee
                                                            0x7ff887d502f1
                                                            0x7ff887d502f9
                                                            0x7ff887d502fd
                                                            0x7ff887d50305
                                                            0x7ff887d50311
                                                            0x7ff887d50319
                                                            0x7ff887d50325
                                                            0x7ff887d5033c
                                                            0x7ff887d50351
                                                            0x7ff887d50353
                                                            0x7ff887d50359
                                                            0x7ff887d5035a
                                                            0x7ff887d5035f
                                                            0x7ff887d50367
                                                            0x7ff887d50373
                                                            0x7ff887d5037b
                                                            0x7ff887d50384
                                                            0x7ff887d50398
                                                            0x7ff887d503ad
                                                            0x7ff887d503af
                                                            0x7ff887d503b5
                                                            0x7ff887d503e2

                                                            APIs
                                                              • Part of subcall function 00007FF887D53B40: CreateDirectoryW.KERNELBASE ref: 00007FF887D53B7F
                                                              • Part of subcall function 00007FF887D53B40: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D53BC0
                                                              • Part of subcall function 00007FF887D53B40: GetLastError.KERNEL32 ref: 00007FF887D53BD0
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D50353
                                                              • Part of subcall function 00007FF887D45600: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4574B
                                                              • Part of subcall function 00007FF887D45600: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D45792
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D503AF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$CreateDirectoryErrorLast
                                                            • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$couldn't create ProgramData dir '{}'$couldn't create Wildix dir '{}'$couldn't create printing dir '{}'${}\FaxPrinter${}\Wildix
                                                            • API String ID: 3337396845-3675253893
                                                            • Opcode ID: bc4d2d5f8bdbedb0a4f703c6c7585547c95cd15cfb6ae6dd60a5954717e37821
                                                            • Instruction ID: 93716e178139b37efcc33edf209cc86e0a9ef1efe5dd7242cdbea8ade6a454fc
                                                            • Opcode Fuzzy Hash: bc4d2d5f8bdbedb0a4f703c6c7585547c95cd15cfb6ae6dd60a5954717e37821
                                                            • Instruction Fuzzy Hash: 57612F32659BC595EA60CB14E4403AEB375FB95394F804236DADE42AADEF7CD184CB00
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D4BD60 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 113threadCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            C-Code - Quality: 60%
                                                            			E00007FF87FF887D4BD60(void* __edx, long long __rbx, long long __rcx, void* __rbp, void* __r14, long long _a16) {
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				long long _v64;
				long long _v72;
				char _v80;
				char _v88;
				char _v104;
				long long _v120;
				signed long long _t64;
				long long _t76;
				long long _t91;
				intOrPtr _t97;
				long long _t100;
				void* _t102;
				void* _t105;

				_t76 = __rbx;
				_a16 = __rbx;
				_t64 =  *0x87d8ec78; // 0x522936145607
				_v24 = _t64 ^ _t102 - 0x00000090;
				_t100 = __rcx;
				_v64 = 0xf;
				_v72 = 8;
				_v88 = 0x5f6c6c64;
				_v80 = 0;
				_v56 = 0;
				asm("movdqa xmm0, [0x305e5]");
				asm("movdqu [esp+0x70], xmm0");
				_v56 = 0;
				E00007FF87FF887D5D640(__rbx, __rcx, _t105);
				if ( &_v56 == 0x5f6c6c64) goto 0x87d4bdf0;
				if ( *0x6E69616D5F6C6C7C - 0x10 < 0) goto 0x87d4bde3;
				E00007FF87FF887D49100(_t76,  &_v56,  *0x5f6c6c64,  *0x6E69616D5F6C6C74, __r14);
				E00007FF87FF887D606F0( *0x6E69616D5F6C6C7C - 0x10,  *0x5f6c6c64,  &_v88,  *0x6E69616D5F6C6C74);
				_t91 = _v64;
				if (_t91 - 0x10 < 0) goto 0x87d4be3b;
				if (_t91 + 1 - 0x1000 < 0) goto 0x87d4be36;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4be36;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v72 = 0;
				_v64 = 0xf;
				_v88 = 0;
				E00007FF87FF887D606D0(0, __edx, _v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f, _v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8,  *((intOrPtr*)(_v88 - 8)), _t91 + 0x28,  *0x6E69616D5F6C6C74); // executed
				if (__edx == 0) goto 0x87d4bebc;
				if (__edx != 1) goto 0x87d4beea;
				_v104 = _t100;
				_v120 =  &_v104;
				r8d = 0xfb;
				E00007FF87FF887D45DB0(__edx, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "process attach, instance {:#x}"); // executed
				if (DisableThreadLibraryCalls(??) != 0) goto 0x87d4beea;
				r8d = 0xfd;
				E00007FF87FF887D452D0(_t76 + 2, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "DisableThreadLibraryCalls() failed");
				goto 0x87d4beea;
				_v104 = _t100;
				_v120 =  &_v104;
				r8d = 0x101;
				E00007FF87FF887D45DB0(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "process detach, instance {:#x}");
				E00007FF87FF887D606F0(DisableThreadLibraryCalls(??),  &_v104,  &_v56,  *0x6E69616D5F6C6C74);
				_t97 = _v32;
				if (_t97 - 0x10 < 0) goto 0x87d4bf35;
				if (_t97 + 1 - 0x1000 < 0) goto 0x87d4bf2f;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4bf2f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				return E00007FF87FF887D65E20(1, 1, _v24 ^ _t102 - 0x00000090);
			}



















                                                            0x7ff887d4bd60
                                                            0x7ff887d4bd60
                                                            0x7ff887d4bd6d
                                                            0x7ff887d4bd77
                                                            0x7ff887d4bd81
                                                            0x7ff887d4bd84
                                                            0x7ff887d4bd8d
                                                            0x7ff887d4bda0
                                                            0x7ff887d4bda5
                                                            0x7ff887d4bdaa
                                                            0x7ff887d4bdb3
                                                            0x7ff887d4bdbb
                                                            0x7ff887d4bdc1
                                                            0x7ff887d4bdc6
                                                            0x7ff887d4bdd3
                                                            0x7ff887d4bdde
                                                            0x7ff887d4bdeb
                                                            0x7ff887d4bdf5
                                                            0x7ff887d4bdfb
                                                            0x7ff887d4be04
                                                            0x7ff887d4be18
                                                            0x7ff887d4be2d
                                                            0x7ff887d4be2f
                                                            0x7ff887d4be35
                                                            0x7ff887d4be36
                                                            0x7ff887d4be3b
                                                            0x7ff887d4be44
                                                            0x7ff887d4be4d
                                                            0x7ff887d4be54
                                                            0x7ff887d4be5c
                                                            0x7ff887d4be61
                                                            0x7ff887d4be67
                                                            0x7ff887d4be71
                                                            0x7ff887d4be7d
                                                            0x7ff887d4be8c
                                                            0x7ff887d4be9c
                                                            0x7ff887d4bea5
                                                            0x7ff887d4beb5
                                                            0x7ff887d4beba
                                                            0x7ff887d4bebc
                                                            0x7ff887d4bec6
                                                            0x7ff887d4bed2
                                                            0x7ff887d4bee4
                                                            0x7ff887d4beef
                                                            0x7ff887d4bef4
                                                            0x7ff887d4befd
                                                            0x7ff887d4bf11
                                                            0x7ff887d4bf26
                                                            0x7ff887d4bf28
                                                            0x7ff887d4bf2e
                                                            0x7ff887d4bf2f
                                                            0x7ff887d4bf5a

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$CallsDisableLibraryThread__tlregdtor
                                                            • String ID: DisableThreadLibraryCalls() failed$c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$dll_main$process attach, instance {:#x}$process detach, instance {:#x}
                                                            • API String ID: 4146258558-105971010
                                                            • Opcode ID: 9852e080176ad4184d1f8a0dc61604868615179f14254849b48dcbae1d6757dd
                                                            • Instruction ID: a0b58efd474eed3bcd1ab3955dd553e7f7d34df37d120a557e97b3fa996a1715
                                                            • Opcode Fuzzy Hash: 9852e080176ad4184d1f8a0dc61604868615179f14254849b48dcbae1d6757dd
                                                            • Instruction Fuzzy Hash: 13519D22A9CB8682EA50DB25E04437E6371FB957D4F400336EA9F06ADDDF6DE044C740
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D661F0 Relevance: 13.7, APIs: 9, Instructions: 230COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 561 7ff887d661f0-7ff887d661f6 562 7ff887d661f8-7ff887d661fb 561->562 563 7ff887d66231-7ff887d6623b 561->563 565 7ff887d661fd-7ff887d66200 562->565 566 7ff887d66225-7ff887d66264 call 7ff887d65868 562->566 564 7ff887d66358-7ff887d6636d 563->564 570 7ff887d6637c-7ff887d66396 call 7ff887d656fc 564->570 571 7ff887d6636f 564->571 568 7ff887d66218 __scrt_dllmain_crt_thread_attach 565->568 569 7ff887d66202-7ff887d66205 565->569 581 7ff887d6626a-7ff887d6627f call 7ff887d656fc 566->581 582 7ff887d66332 566->582 577 7ff887d6621d-7ff887d66224 568->577 573 7ff887d66207-7ff887d66210 569->573 574 7ff887d66211-7ff887d66216 call 7ff887d657ac 569->574 584 7ff887d663cf-7ff887d66400 call 7ff887d66758 570->584 585 7ff887d66398-7ff887d663cd call 7ff887d65824 call 7ff887d66960 call 7ff887d669d4 call 7ff887d659d8 call 7ff887d659fc call 7ff887d65854 570->585 575 7ff887d66371-7ff887d6637b 571->575 574->577 594 7ff887d6634a-7ff887d66357 call 7ff887d66758 581->594 595 7ff887d66285-7ff887d66296 call 7ff887d6576c 581->595 586 7ff887d66334-7ff887d66349 582->586 596 7ff887d66411-7ff887d66417 584->596 597 7ff887d66402-7ff887d66408 584->597 585->575 594->564 613 7ff887d66298-7ff887d662b5 call 7ff887d66998 call 7ff887d66950 call 7ff887d66974 call 7ff887d7718b 595->613 614 7ff887d662e7-7ff887d662f1 call 7ff887d659d8 595->614 598 7ff887d6645e-7ff887d66466 call 7ff887d4bd60 596->598 599 7ff887d66419-7ff887d66423 596->599 597->596 603 7ff887d6640a-7ff887d6640c 597->603 615 7ff887d6646b-7ff887d66474 598->615 605 7ff887d6642f-7ff887d6643d 599->605 606 7ff887d66425-7ff887d6642d 599->606 604 7ff887d664ff-7ff887d6650c 603->604 611 7ff887d66443-7ff887d6644b call 7ff887d661f0 605->611 625 7ff887d664f5-7ff887d664fd 605->625 606->611 627 7ff887d66450-7ff887d66458 611->627 657 7ff887d662ba-7ff887d662bc 613->657 614->582 633 7ff887d662f3-7ff887d662ff call 7ff887d66990 614->633 621 7ff887d664ac-7ff887d664ae 615->621 622 7ff887d66476-7ff887d66478 615->622 623 7ff887d664b5-7ff887d664ca call 7ff887d661f0 621->623 624 7ff887d664b0-7ff887d664b3 621->624 622->621 630 7ff887d6647a-7ff887d6649c call 7ff887d4bd60 call 7ff887d66358 622->630 623->625 643 7ff887d664cc-7ff887d664d6 623->643 624->623 624->625 625->604 627->598 627->625 630->621 655 7ff887d6649e-7ff887d664a3 630->655 652 7ff887d66325-7ff887d66330 633->652 653 7ff887d66301-7ff887d6630b call 7ff887d65940 633->653 649 7ff887d664d8-7ff887d664df 643->649 650 7ff887d664e1-7ff887d664f1 643->650 649->625 650->625 652->586 653->652 660 7ff887d6630d-7ff887d6631b 653->660 655->621 657->614 661 7ff887d662be-7ff887d662c5 __scrt_dllmain_after_initialize_c 657->661 660->652 661->614 662 7ff887d662c7-7ff887d662e4 call 7ff887d77185 661->662 662->614
                                                            C-Code - Quality: 100%
                                                            			E00007FF87FF887D661F0(void* __edx) {
				void* _t5;

				_t5 = __edx;
				if (_t5 == 0) goto 0x87d66231;
				if (_t5 == 0) goto 0x87d66225;
				if (_t5 == 0) goto 0x87d66218;
				if (__edx == 1) goto 0x87d66211;
				return 1;
			}




                                                            0x7ff887d661f4
                                                            0x7ff887d661f6
                                                            0x7ff887d661fb
                                                            0x7ff887d66200
                                                            0x7ff887d66205
                                                            0x7ff887d66210

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                            • String ID:
                                                            • API String ID: 349153199-0
                                                            • Opcode ID: 5215a130fcafb17abb011fae8be36ecb621862199774095c9dff41689b1369c8
                                                            • Instruction ID: 180969391e44b69e7b1c8a6f9c2bea232eb074ae23202867b57250cc37b0474d
                                                            • Opcode Fuzzy Hash: 5215a130fcafb17abb011fae8be36ecb621862199774095c9dff41689b1369c8
                                                            • Instruction Fuzzy Hash: 63817920E8C64786FA50AB2594412BD62B1BF967C0F588335EA4F4779EEE3CF845C780
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D4A1F0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 183COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 665 7ff887d4a1f0-7ff887d4a2ad call 7ff887d5d640 668 7ff887d4a2cd-7ff887d4a2e7 call 7ff887d606f0 665->668 669 7ff887d4a2af-7ff887d4a2b8 665->669 675 7ff887d4a2e9-7ff887d4a2fe 668->675 676 7ff887d4a321-7ff887d4a3cf call 7ff887d54280 call 7ff887d457c0 668->676 670 7ff887d4a2bd-7ff887d4a2c8 call 7ff887d49100 669->670 671 7ff887d4a2ba 669->671 670->668 671->670 678 7ff887d4a31c call 7ff887d656e4 675->678 679 7ff887d4a300-7ff887d4a313 675->679 685 7ff887d4a409-7ff887d4a440 call 7ff887d4e0d0 call 7ff887d54280 call 7ff887d4f010 676->685 686 7ff887d4a3d1-7ff887d4a3e6 676->686 678->676 679->678 682 7ff887d4a315-7ff887d4a31b _invalid_parameter_noinfo_noreturn 679->682 682->678 696 7ff887d4a445-7ff887d4a453 685->696 687 7ff887d4a3e8-7ff887d4a3fb 686->687 688 7ff887d4a404 call 7ff887d656e4 686->688 687->688 690 7ff887d4a3fd-7ff887d4a403 _invalid_parameter_noinfo_noreturn 687->690 688->685 690->688 697 7ff887d4a48e-7ff887d4a4b2 call 7ff887d606f0 696->697 698 7ff887d4a455-7ff887d4a46a 696->698 706 7ff887d4a4ed-7ff887d4a61b call 7ff887d65e20 697->706 707 7ff887d4a4b4-7ff887d4a4c9 697->707 699 7ff887d4a46c-7ff887d4a47f 698->699 700 7ff887d4a488-7ff887d4a48d call 7ff887d656e4 698->700 699->700 702 7ff887d4a481-7ff887d4a487 _invalid_parameter_noinfo_noreturn 699->702 700->697 702->700 709 7ff887d4a4cb-7ff887d4a4de 707->709 710 7ff887d4a4e7-7ff887d4a4ec call 7ff887d656e4 707->710 709->710 712 7ff887d4a4e0-7ff887d4a4e6 _invalid_parameter_noinfo_noreturn 709->712 710->706 712->710
                                                            C-Code - Quality: 34%
                                                            			E00007FF87FF887D4A1F0(char __edx, void* __rcx, void* __rbp, long long __r8, intOrPtr* _a40, intOrPtr* _a48) {
				signed int _v72;
				intOrPtr _v80;
				char _v104;
				long long _v112;
				long long _v120;
				char _v130;
				short _v132;
				char _v136;
				intOrPtr _v144;
				char _v168;
				char _v200;
				char _v208;
				char _v216;
				char _v224;
				char _v232;
				long long _v240;
				char _v248;
				long long _v256;
				long long _v264;
				long long _v272;
				long long _v280;
				long long _v288;
				long long _v296;
				void* __rbx;
				void* __rsi;
				void* __r14;
				char _t71;
				intOrPtr _t82;
				void* _t98;
				signed long long _t124;
				signed long long _t125;
				long long _t129;
				void* _t148;
				long long _t149;
				char _t170;
				long long _t184;
				intOrPtr _t189;
				intOrPtr _t194;
				intOrPtr _t197;
				intOrPtr _t200;
				intOrPtr _t203;
				intOrPtr _t206;
				long long _t209;
				long long _t210;
				void* _t212;
				void* _t213;
				intOrPtr _t217;
				void* _t220;
				intOrPtr* _t221;
				intOrPtr* _t222;
				void* _t223;

				_t212 = __rbp;
				_t220 = _t213;
				_t214 = _t213 - 0x110;
				_t124 =  *0x87d8ec78; // 0x522936145607
				_t125 = _t124 ^ _t213 - 0x00000110;
				_v72 = _t125;
				_t209 = __r8;
				r13d = __edx;
				_t223 = __rcx;
				_v224 = __edx;
				_v232 = r9d;
				_t221 = _a40;
				_v240 = _t221;
				_t222 = _a48;
				 *((long long*)(_t220 - 0x88)) = _t210;
				 *((long long*)(_t220 - 0x70)) = 0xf;
				 *((long long*)(_t220 - 0x78)) = 6;
				_t71 = "system"; // 0x74737973
				_v136 = _t71;
				_v132 =  *0x87d7ba84 & 0x0000ffff;
				_v130 = sil;
				 *((long long*)(_t220 - 0xa8)) = _t210;
				asm("movdqa xmm0, [0x32114]");
				asm("movdqu [esp+0xb0], xmm0");
				_v168 = sil;
				E00007FF87FF887D5D640(_t148, __rcx, __r8);
				if ( &_v168 == _t125) goto 0x87d4a2cd;
				_t217 =  *((intOrPtr*)(_t125 + 0x10));
				if ( *((long long*)(_t125 + 0x18)) - 0x10 < 0) goto 0x87d4a2bd;
				E00007FF87FF887D49100(_t148,  &_v168,  *_t125, _t217, _t222);
				E00007FF87FF887D606F0( *((long long*)(_t125 + 0x18)) - 0x10,  *_t125,  &_v136, _t217);
				_t184 = _v112;
				if (_t184 - 0x10 < 0) goto 0x87d4a321;
				if (_t184 + 1 - 0x1000 < 0) goto 0x87d4a31c;
				_t129 = _v136 -  *((intOrPtr*)(_v136 - 8)) + 0xfffffff8;
				if (_t129 - 0x1f <= 0) goto 0x87d4a31c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v120 = _t210;
				_v112 = 0xf;
				_v136 = 0;
				_v248 = 0;
				 *_t222 = 0;
				 *_t221 = 0;
				_v208 = _t222;
				_v200 = _t209;
				_v216 = _t209;
				E00007FF87FF887D54280(_t98, _t148,  &_v104, _t223, _t210, _t212);
				_v256 =  &_v208;
				_v264 =  &_v200;
				_v272 =  &_v232;
				_v280 =  &_v216;
				_v288 =  &_v224;
				_v296 = _t129;
				r8d = 0x74;
				_t96 = _t217 - 0x73;
				E00007FF87FF887D457C0(_t217 - 0x73, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_enumports \'{}\', {}, {:#x}, {}, {:#x}, {:#x}"); // executed
				_t189 = _v80;
				if (_t189 - 0x10 < 0) goto 0x87d4a409;
				if (_t189 + 1 - 0x1000 < 0) goto 0x87d4a404;
				_t132 = _v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8;
				if (_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4a404;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				E00007FF87FF887D4E0D0( *((intOrPtr*)(_v104 - 8)), _t189 + 0x28);
				_t149 = _t148 + _t209;
				E00007FF87FF887D54280(_t98, _t149,  &_v104, _t223, _v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8, _t212);
				_v288 =  &_v248;
				_v296 = _t149;
				r8d = r13d;
				_t82 = E00007FF87FF887D4F010(0, _t149, _t132, _t209); // executed
				_t194 = _v80;
				if (_t194 - 0x10 < 0) goto 0x87d4a48e;
				if (_t194 + 1 - 0x1000 < 0) goto 0x87d4a488;
				if (_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4a488;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				 *_t221 = _v248;
				 *_t222 = _t82;
				E00007FF87FF887D606F0(_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f, _v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8,  &_v168, _t217);
				_t197 = _v144;
				if (_t197 - 0x10 < 0) goto 0x87d4a4ed;
				_t170 = _v168;
				if (_t197 + 1 - 0x1000 < 0) goto 0x87d4a4e7;
				_t138 = _t170 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8;
				_t113 = _t170 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8 - 0x1f;
				if (_t170 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4a4e7;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				E00007FF87FF887D606F0(_t113, _t138,  &_v168, _t217);
				_t200 = _v144;
				if (_t200 - 0x10 < 0) goto 0x87d4a5f7;
				if (_t200 + 1 - 0x1000 < 0) goto 0x87d4a5f1;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4a5f1;
				__imp___invalid_parameter_noinfo_noreturn();
				E00007FF87FF887D606F0(_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f, _v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8,  &_v168, _t217);
				_t203 = _v144;
				if (_t203 - 0x10 < 0) goto 0x87d4a5f7;
				if (_t203 + 1 - 0x1000 < 0) goto 0x87d4a5f1;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4a5f1;
				__imp___invalid_parameter_noinfo_noreturn();
				E00007FF87FF887D606F0(_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f, _v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8,  &_v168, _t217);
				_t206 = _v144;
				if (_t206 - 0x10 < 0) goto 0x87d4a5f7;
				if (_t206 + 1 - 0x1000 < 0) goto 0x87d4a5f1;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4a5f1;
				__imp___invalid_parameter_noinfo_noreturn();
				E00007FF87FF887D656E4();
				return E00007FF87FF887D65E20(0, _t96, _v72 ^ _t214);
			}






















































                                                            0x7ff887d4a1f0
                                                            0x7ff887d4a1f0
                                                            0x7ff887d4a1fe
                                                            0x7ff887d4a205
                                                            0x7ff887d4a20c
                                                            0x7ff887d4a20f
                                                            0x7ff887d4a21a
                                                            0x7ff887d4a21d
                                                            0x7ff887d4a220
                                                            0x7ff887d4a223
                                                            0x7ff887d4a227
                                                            0x7ff887d4a22b
                                                            0x7ff887d4a233
                                                            0x7ff887d4a238
                                                            0x7ff887d4a242
                                                            0x7ff887d4a249
                                                            0x7ff887d4a251
                                                            0x7ff887d4a259
                                                            0x7ff887d4a25f
                                                            0x7ff887d4a26d
                                                            0x7ff887d4a275
                                                            0x7ff887d4a27d
                                                            0x7ff887d4a284
                                                            0x7ff887d4a28c
                                                            0x7ff887d4a295
                                                            0x7ff887d4a29d
                                                            0x7ff887d4a2ad
                                                            0x7ff887d4a2af
                                                            0x7ff887d4a2b8
                                                            0x7ff887d4a2c8
                                                            0x7ff887d4a2d5
                                                            0x7ff887d4a2db
                                                            0x7ff887d4a2e7
                                                            0x7ff887d4a2fe
                                                            0x7ff887d4a30b
                                                            0x7ff887d4a313
                                                            0x7ff887d4a315
                                                            0x7ff887d4a31b
                                                            0x7ff887d4a31c
                                                            0x7ff887d4a321
                                                            0x7ff887d4a329
                                                            0x7ff887d4a335
                                                            0x7ff887d4a33d
                                                            0x7ff887d4a341
                                                            0x7ff887d4a344
                                                            0x7ff887d4a348
                                                            0x7ff887d4a34d
                                                            0x7ff887d4a355
                                                            0x7ff887d4a365
                                                            0x7ff887d4a370
                                                            0x7ff887d4a37d
                                                            0x7ff887d4a387
                                                            0x7ff887d4a391
                                                            0x7ff887d4a39b
                                                            0x7ff887d4a3a0
                                                            0x7ff887d4a3ac
                                                            0x7ff887d4a3b9
                                                            0x7ff887d4a3bd
                                                            0x7ff887d4a3c3
                                                            0x7ff887d4a3cf
                                                            0x7ff887d4a3e6
                                                            0x7ff887d4a3f3
                                                            0x7ff887d4a3fb
                                                            0x7ff887d4a3fd
                                                            0x7ff887d4a403
                                                            0x7ff887d4a404
                                                            0x7ff887d4a409
                                                            0x7ff887d4a411
                                                            0x7ff887d4a41f
                                                            0x7ff887d4a42a
                                                            0x7ff887d4a42f
                                                            0x7ff887d4a437
                                                            0x7ff887d4a440
                                                            0x7ff887d4a447
                                                            0x7ff887d4a453
                                                            0x7ff887d4a46a
                                                            0x7ff887d4a47f
                                                            0x7ff887d4a481
                                                            0x7ff887d4a487
                                                            0x7ff887d4a488
                                                            0x7ff887d4a492
                                                            0x7ff887d4a496
                                                            0x7ff887d4a4a1
                                                            0x7ff887d4a4a6
                                                            0x7ff887d4a4b2
                                                            0x7ff887d4a4b7
                                                            0x7ff887d4a4c9
                                                            0x7ff887d4a4d6
                                                            0x7ff887d4a4da
                                                            0x7ff887d4a4de
                                                            0x7ff887d4a4e0
                                                            0x7ff887d4a4e6
                                                            0x7ff887d4a4e7
                                                            0x7ff887d4a4ff
                                                            0x7ff887d4a504
                                                            0x7ff887d4a510
                                                            0x7ff887d4a52b
                                                            0x7ff887d4a544
                                                            0x7ff887d4a54a
                                                            0x7ff887d4a559
                                                            0x7ff887d4a55e
                                                            0x7ff887d4a56a
                                                            0x7ff887d4a585
                                                            0x7ff887d4a59a
                                                            0x7ff887d4a59c
                                                            0x7ff887d4a5ab
                                                            0x7ff887d4a5b0
                                                            0x7ff887d4a5bc
                                                            0x7ff887d4a5d3
                                                            0x7ff887d4a5e8
                                                            0x7ff887d4a5ea
                                                            0x7ff887d4a5f1
                                                            0x7ff887d4a61b

                                                            APIs
                                                              • Part of subcall function 00007FF887D5D640: __tlregdtor.LIBCMT ref: 00007FF887D5D690
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4A315
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4A3FD
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4A481
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4A4E0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                            • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_enumports '{}', {}, {:#x}, {}, {:#x}, {:#x}$system
                                                            • API String ID: 333172304-2864149607
                                                            • Opcode ID: 9bf2fde0c874050469056fbb2993a46d0ec429c9a4e55342d40de94e9496e62f
                                                            • Instruction ID: b2aa9ddd6480a4a39ddedeb457f8af3c87acea55b5e06c122c0a94af3905db2f
                                                            • Opcode Fuzzy Hash: 9bf2fde0c874050469056fbb2993a46d0ec429c9a4e55342d40de94e9496e62f
                                                            • Instruction Fuzzy Hash: DC817072A9978181EA60CB55E4443AEB361FB857E0F404336EAAE43AD9DF7CD484C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D4A620 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 147COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 716 7ff887d4a620-7ff887d4a6a1 call 7ff887d5d640 719 7ff887d4a6be-7ff887d4a6d2 call 7ff887d606f0 716->719 720 7ff887d4a6a3-7ff887d4a6ac 716->720 726 7ff887d4a709-7ff887d4a759 call 7ff887d54280 call 7ff887d459e0 719->726 727 7ff887d4a6d4-7ff887d4a6e6 719->727 721 7ff887d4a6ae 720->721 722 7ff887d4a6b1-7ff887d4a6b9 call 7ff887d49100 720->722 721->722 722->719 735 7ff887d4a75e-7ff887d4a76b 726->735 728 7ff887d4a6e8-7ff887d4a6fb 727->728 729 7ff887d4a704 call 7ff887d656e4 727->729 728->729 732 7ff887d4a6fd-7ff887d4a703 _invalid_parameter_noinfo_noreturn 728->732 729->726 732->729 736 7ff887d4a76d-7ff887d4a782 735->736 737 7ff887d4a7a5-7ff887d4a7d9 call 7ff887d4e0d0 call 7ff887d54280 call 7ff887d503f0 735->737 738 7ff887d4a784-7ff887d4a797 736->738 739 7ff887d4a7a0 call 7ff887d656e4 736->739 748 7ff887d4a7db-7ff887d4a7f0 737->748 749 7ff887d4a814-7ff887d4a827 call 7ff887d606f0 737->749 738->739 741 7ff887d4a799-7ff887d4a79f _invalid_parameter_noinfo_noreturn 738->741 739->737 741->739 750 7ff887d4a80e-7ff887d4a813 call 7ff887d656e4 748->750 751 7ff887d4a7f2-7ff887d4a805 748->751 757 7ff887d4a85f-7ff887d4a8d7 call 7ff887d65e20 749->757 758 7ff887d4a829-7ff887d4a83b 749->758 750->749 751->750 753 7ff887d4a807-7ff887d4a80d _invalid_parameter_noinfo_noreturn 751->753 753->750 759 7ff887d4a83d-7ff887d4a850 758->759 760 7ff887d4a859-7ff887d4a85e call 7ff887d656e4 758->760 759->760 762 7ff887d4a852-7ff887d4a858 _invalid_parameter_noinfo_noreturn 759->762 760->757 762->760
                                                            C-Code - Quality: 37%
                                                            			E00007FF87FF887D4A620(long long __rbx, void* __rcx, long long __rdx, long long __rsi, void* __rbp, void* __r14, long long _a24, long long _a32) {
				void* _v8;
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				intOrPtr _v64;
				char _v88;
				long long _v96;
				long long _v104;
				char _v114;
				short _v116;
				char _v120;
				char _v136;
				long long _v144;
				long long _v152;
				char _t48;
				void* _t58;
				void* _t70;
				signed long long _t89;
				signed long long _t90;
				long long _t94;
				long long _t107;
				char _t125;
				long long _t134;
				intOrPtr _t139;
				intOrPtr _t144;
				intOrPtr _t147;
				intOrPtr _t150;
				void* _t153;
				long long _t155;
				void* _t157;
				void* _t158;
				void* _t161;
				intOrPtr _t162;

				_t157 = __rbp;
				_t107 = __rbx;
				_a24 = __rbx;
				_a32 = __rsi;
				_t159 = _t158 - 0xb0;
				_t89 =  *0x87d8ec78; // 0x522936145607
				_t90 = _t89 ^ _t158 - 0x000000b0;
				_v24 = _t90;
				_t155 = __rdx;
				_t153 = __rcx;
				_v120 = __rbx;
				_v96 = 0xf;
				_v104 = 6;
				_t48 = "system"; // 0x74737973
				_v120 = _t48;
				_v116 =  *0x87d7ba84 & 0x0000ffff;
				_v114 = 0;
				_v88 = __rbx;
				asm("movdqa xmm0, [0x31d16]");
				asm("movdqu [esp+0x70], xmm0");
				_v88 = 0;
				E00007FF87FF887D5D640(__rbx, __rcx, _t161);
				if ( &_v88 == _t90) goto 0x87d4a6be;
				_t162 =  *((intOrPtr*)(_t90 + 0x10));
				if ( *((long long*)(_t90 + 0x18)) - 0x10 < 0) goto 0x87d4a6b1;
				E00007FF87FF887D49100(_t107,  &_v88,  *_t90, _t162, __r14);
				E00007FF87FF887D606F0( *((long long*)(_t90 + 0x18)) - 0x10,  *_t90,  &_v120, _t162);
				_t134 = _v96;
				if (_t134 - 0x10 < 0) goto 0x87d4a709;
				if (_t134 + 1 - 0x1000 < 0) goto 0x87d4a704;
				_t94 = _v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8;
				if (_t94 - 0x1f <= 0) goto 0x87d4a704;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v104 = _t107;
				_v96 = 0xf;
				_v120 = 0;
				_v136 = _t155;
				E00007FF87FF887D54280(_t70, _t107,  &_v56, _t153, _t155, _t157);
				_v144 =  &_v136;
				_v152 = _t94;
				r8d = 0x2e;
				_t69 = _t162 - 0x2d;
				E00007FF87FF887D459E0(_t162 - 0x2d, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_openport \'{}\', {:#x}"); // executed
				_t139 = _v32;
				if (_t139 - 0x10 < 0) goto 0x87d4a7a5;
				if (_t139 + 1 - 0x1000 < 0) goto 0x87d4a7a0;
				_t97 = _v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4a7a0;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				E00007FF87FF887D4E0D0( *((intOrPtr*)(_v56 - 8)), _t139 + 0x28);
				_t58 = E00007FF87FF887D54280(_t70, _t97,  &_v56, _t153, _t155, _t157);
				_t163 = _t155;
				E00007FF87FF887D503F0(_t58, _t97, _t97, _t97, _t157, _t155);
				_t144 = _v32;
				if (_t144 - 0x10 < 0) goto 0x87d4a814;
				if (_t144 + 1 - 0x1000 < 0) goto 0x87d4a80e;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4a80e;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				E00007FF87FF887D606F0(_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f, _v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8,  &_v88, _t155);
				_t147 = _v64;
				if (_t147 - 0x10 < 0) goto 0x87d4a85f;
				_t125 = _v88;
				if (_t147 + 1 - 0x1000 < 0) goto 0x87d4a859;
				_t103 = _t125 -  *((intOrPtr*)(_t125 - 8)) + 0xfffffff8;
				_t84 = _t125 -  *((intOrPtr*)(_t125 - 8)) + 0xfffffff8 - 0x1f;
				if (_t125 -  *((intOrPtr*)(_t125 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4a859;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				E00007FF87FF887D606F0(_t84, _t103,  &_v88, _t163);
				_t150 = _v64;
				if (_t150 - 0x10 < 0) goto 0x87d4a8b1;
				if (_t150 + 1 - 0x1000 < 0) goto 0x87d4a8ab;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4a8ab;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				return E00007FF87FF887D65E20(0, _t69, _v24 ^ _t159);
			}




































                                                            0x7ff887d4a620
                                                            0x7ff887d4a620
                                                            0x7ff887d4a620
                                                            0x7ff887d4a625
                                                            0x7ff887d4a62b
                                                            0x7ff887d4a632
                                                            0x7ff887d4a639
                                                            0x7ff887d4a63c
                                                            0x7ff887d4a644
                                                            0x7ff887d4a647
                                                            0x7ff887d4a64c
                                                            0x7ff887d4a651
                                                            0x7ff887d4a65a
                                                            0x7ff887d4a663
                                                            0x7ff887d4a669
                                                            0x7ff887d4a674
                                                            0x7ff887d4a679
                                                            0x7ff887d4a67d
                                                            0x7ff887d4a682
                                                            0x7ff887d4a68a
                                                            0x7ff887d4a690
                                                            0x7ff887d4a694
                                                            0x7ff887d4a6a1
                                                            0x7ff887d4a6a3
                                                            0x7ff887d4a6ac
                                                            0x7ff887d4a6b9
                                                            0x7ff887d4a6c3
                                                            0x7ff887d4a6c9
                                                            0x7ff887d4a6d2
                                                            0x7ff887d4a6e6
                                                            0x7ff887d4a6f3
                                                            0x7ff887d4a6fb
                                                            0x7ff887d4a6fd
                                                            0x7ff887d4a703
                                                            0x7ff887d4a704
                                                            0x7ff887d4a709
                                                            0x7ff887d4a70e
                                                            0x7ff887d4a717
                                                            0x7ff887d4a71c
                                                            0x7ff887d4a72c
                                                            0x7ff887d4a737
                                                            0x7ff887d4a73c
                                                            0x7ff887d4a748
                                                            0x7ff887d4a755
                                                            0x7ff887d4a759
                                                            0x7ff887d4a75f
                                                            0x7ff887d4a76b
                                                            0x7ff887d4a782
                                                            0x7ff887d4a78f
                                                            0x7ff887d4a797
                                                            0x7ff887d4a799
                                                            0x7ff887d4a79f
                                                            0x7ff887d4a7a0
                                                            0x7ff887d4a7a5
                                                            0x7ff887d4a7b8
                                                            0x7ff887d4a7be
                                                            0x7ff887d4a7c7
                                                            0x7ff887d4a7cd
                                                            0x7ff887d4a7d9
                                                            0x7ff887d4a7f0
                                                            0x7ff887d4a805
                                                            0x7ff887d4a807
                                                            0x7ff887d4a80d
                                                            0x7ff887d4a80e
                                                            0x7ff887d4a819
                                                            0x7ff887d4a81e
                                                            0x7ff887d4a827
                                                            0x7ff887d4a82c
                                                            0x7ff887d4a83b
                                                            0x7ff887d4a848
                                                            0x7ff887d4a84c
                                                            0x7ff887d4a850
                                                            0x7ff887d4a852
                                                            0x7ff887d4a858
                                                            0x7ff887d4a859
                                                            0x7ff887d4a86b
                                                            0x7ff887d4a870
                                                            0x7ff887d4a879
                                                            0x7ff887d4a88d
                                                            0x7ff887d4a8a2
                                                            0x7ff887d4a8a4
                                                            0x7ff887d4a8aa
                                                            0x7ff887d4a8ab
                                                            0x7ff887d4a8d7

                                                            APIs
                                                              • Part of subcall function 00007FF887D5D640: __tlregdtor.LIBCMT ref: 00007FF887D5D690
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4A6FD
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4A799
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4A807
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4A852
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                            • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_openport '{}', {:#x}$system
                                                            • API String ID: 333172304-33612538
                                                            • Opcode ID: 6fa6c247fdee1d97a4ab246a2aee9091d9b3f152b3ee41501171ff8f04a6126a
                                                            • Instruction ID: e7ff3d1aabe6d8b187b290dafb3fa13d7840a0dd2df13a8bb408a02cf5d83b41
                                                            • Opcode Fuzzy Hash: 6fa6c247fdee1d97a4ab246a2aee9091d9b3f152b3ee41501171ff8f04a6126a
                                                            • Instruction Fuzzy Hash: 7951A162A9CA8582FA50DB65E44436E6371FB857E0F404335EAAE43BDEDF6CE480C704
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D53C10 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide$FreeTask
                                                            • String ID: c:\design\wiservice\wiservice\ext\win\ext-win-winutil.cpp$couldn't get special folder, error {}
                                                            • API String ID: 1807027773-2105816268
                                                            • Opcode ID: 0aea5c072ffcce53e0958a78cc9f631293463d4cb17f85037c0cb97f6f347947
                                                            • Instruction ID: a51cf9134a6f0743ac213b49b4d3af1880102270488d16b12e08d07c1e231aa0
                                                            • Opcode Fuzzy Hash: 0aea5c072ffcce53e0958a78cc9f631293463d4cb17f85037c0cb97f6f347947
                                                            • Instruction Fuzzy Hash: C4414622609B8586EB218F16F45026AB7B5FB85BD4F584235EB8E03B99DF3CE445CB00
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D59190 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 141COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            C-Code - Quality: 40%
                                                            			E00007FF87FF887D59190(void* __eflags, long long __rbx, intOrPtr* __rcx, long long __rsi, long long _a16, long long _a24) {
				void* _v8;
				signed int _v16;
				long long _v24;
				long long _v32;
				char _v48;
				long long _v56;
				long long _v64;
				char _v80;
				long long _v88;
				long long _v96;
				intOrPtr _v102;
				short _v104;
				char _v112;
				long long _v120;
				void* __rdi;
				void* _t60;
				signed long long _t78;
				char* _t93;
				intOrPtr _t113;
				long long _t116;
				long long _t119;
				intOrPtr _t122;
				void* _t125;
				void* _t129;
				void* _t134;

				_t127 = __rsi;
				_a16 = __rbx;
				_a24 = __rsi;
				_t78 =  *0x87d8ec78; // 0x522936145607
				_v16 = _t78 ^ _t129 - 0x00000090;
				_t93 = __rcx;
				_v120 = __rcx;
				 *((long long*)(__rcx)) = __rsi;
				 *((long long*)(__rcx + 0x10)) = __rsi;
				 *((long long*)(__rcx + 0x18)) = 0xf;
				 *__rcx = sil;
				 *((long long*)(__rcx + 0x38)) = 0xf;
				 *((intOrPtr*)(__rcx + 0x20)) = sil;
				 *((long long*)(__rcx + 0x30)) = 8;
				 *((long long*)(__rcx + 0x20)) = 0x646c6f5f;
				 *((intOrPtr*)(__rcx + 0x28)) = sil;
				 *((long long*)(__rcx + 0x40)) = 0x2710;
				 *((long long*)(__rcx + 0x48)) = __rsi;
				 *((intOrPtr*)(__rcx + 0x50)) = 0;
				 *((intOrPtr*)(__rcx + 0x50)) = 0x3a875d21;
				_v88 = 0xf;
				_v96 = 0xa;
				asm("movsd xmm0, [0x24112]");
				asm("movsd [esp+0x28], xmm0");
				_v104 =  *0x87d7d340 & 0x0000ffff;
				_v102 = sil;
				E00007FF87FF887D5D6B0(0x646c6f5f,  &_v48); // executed
				E00007FF87FF887D53370(__rcx,  &_v80, 0x646c6f5f, _t125,  &_v112);
				if (__rcx == 0x646c6f5f) goto 0x87d592c4;
				_t113 =  *((intOrPtr*)(__rcx + 0x18));
				if (_t113 - 0x10 < 0) goto 0x87d59298;
				if (_t113 + 1 - 0x1000 < 0) goto 0x87d59293;
				if ( *__rcx -  *((intOrPtr*)( *__rcx - 8)) - 8 - 0x1f > 0) goto 0x87d592f8;
				E00007FF87FF887D656E4();
				 *((long long*)(_t93 + 0x10)) = __rsi;
				 *((long long*)(_t93 + 0x18)) = 0xf;
				 *_t93 = 0;
				asm("movups xmm0, [edi]");
				asm("movups [ebx], xmm0");
				asm("movups xmm1, [edi+0x10]");
				asm("movups [ebx+0x10], xmm1");
				 *0x7478742E646C6F6F = __rsi;
				 *0x7478742E646C6F77 = 0xf;
				 *0x646c6f5f = 0;
				_t116 = _v56;
				if (_t116 - 0x10 < 0) goto 0x87d59304;
				if (_t116 + 1 - 0x1000 < 0) goto 0x87d592ff;
				if (_v80 -  *((intOrPtr*)(_v80 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d592ff;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v64 = __rsi;
				_v56 = 0xf;
				_v80 = 0;
				_t119 = _v24;
				if (_t119 - 0x10 < 0) goto 0x87d5935a;
				if (_t119 + 1 - 0x1000 < 0) goto 0x87d59355;
				if (_v48 -  *((intOrPtr*)(_v48 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d59355;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v32 = __rsi;
				_v24 = 0xf;
				_v48 = 0;
				_t122 = _v88;
				if (_t122 - 0x10 < 0) goto 0x87d593b0;
				if (_t122 + 1 - 0x1000 < 0) goto 0x87d593ab;
				if (_v112 -  *((intOrPtr*)(_v112 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d593ab;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				E00007FF87FF887D5DE70(_t60, _t93, _t93, _t122 + 0x28, 0x646c6f5f, __rsi, _t134);
				E00007FF87FF887D5DB70(_v112 -  *((intOrPtr*)(_v112 - 8)) + 0xfffffff8, _t93, _t93, _t122 + 0x28, 0x646c6f5f, _t127, _t134);
				return E00007FF87FF887D65E20(E00007FF87FF887D605F0(0, _v112 -  *((intOrPtr*)(_v112 - 8)) + 0xfffffff8, _t93, _t93, _t127), _t60, _v16 ^ _t129 - 0x00000090);
			}




























                                                            0x7ff887d59190
                                                            0x7ff887d59190
                                                            0x7ff887d59195
                                                            0x7ff887d591a2
                                                            0x7ff887d591ac
                                                            0x7ff887d591b4
                                                            0x7ff887d591b7
                                                            0x7ff887d591be
                                                            0x7ff887d591c1
                                                            0x7ff887d591c5
                                                            0x7ff887d591cd
                                                            0x7ff887d591d0
                                                            0x7ff887d591d8
                                                            0x7ff887d591dc
                                                            0x7ff887d591ee
                                                            0x7ff887d591f2
                                                            0x7ff887d591f6
                                                            0x7ff887d591fe
                                                            0x7ff887d59202
                                                            0x7ff887d59205
                                                            0x7ff887d5920c
                                                            0x7ff887d59215
                                                            0x7ff887d5921e
                                                            0x7ff887d59226
                                                            0x7ff887d59233
                                                            0x7ff887d59238
                                                            0x7ff887d59242
                                                            0x7ff887d59255
                                                            0x7ff887d59260
                                                            0x7ff887d59262
                                                            0x7ff887d5926a
                                                            0x7ff887d59279
                                                            0x7ff887d5928e
                                                            0x7ff887d59293
                                                            0x7ff887d59298
                                                            0x7ff887d5929c
                                                            0x7ff887d592a4
                                                            0x7ff887d592a7
                                                            0x7ff887d592aa
                                                            0x7ff887d592ad
                                                            0x7ff887d592b1
                                                            0x7ff887d592b5
                                                            0x7ff887d592b9
                                                            0x7ff887d592c1
                                                            0x7ff887d592c4
                                                            0x7ff887d592cd
                                                            0x7ff887d592e1
                                                            0x7ff887d592f6
                                                            0x7ff887d592f8
                                                            0x7ff887d592fe
                                                            0x7ff887d592ff
                                                            0x7ff887d59304
                                                            0x7ff887d59309
                                                            0x7ff887d59312
                                                            0x7ff887d59317
                                                            0x7ff887d59323
                                                            0x7ff887d59337
                                                            0x7ff887d5934c
                                                            0x7ff887d5934e
                                                            0x7ff887d59354
                                                            0x7ff887d59355
                                                            0x7ff887d5935a
                                                            0x7ff887d5935f
                                                            0x7ff887d5936b
                                                            0x7ff887d59370
                                                            0x7ff887d59379
                                                            0x7ff887d5938d
                                                            0x7ff887d593a2
                                                            0x7ff887d593a4
                                                            0x7ff887d593aa
                                                            0x7ff887d593ab
                                                            0x7ff887d593b3
                                                            0x7ff887d593bb
                                                            0x7ff887d593f2

                                                            APIs
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D592F8
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D5934E
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D593A4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID: _old.txt
                                                            • API String ID: 3668304517-616907513
                                                            • Opcode ID: 9a96ff971de34a4b58c4abe26f650b06592e0d6a33e0442a0494c68a5f3492f4
                                                            • Instruction ID: 27cc87909da1871f170fd840bce569c5fda30b3e4edc6d6c8e8421a385c79d3f
                                                            • Opcode Fuzzy Hash: 9a96ff971de34a4b58c4abe26f650b06592e0d6a33e0442a0494c68a5f3492f4
                                                            • Instruction Fuzzy Hash: 38616962A59B8182EB14CB28E44436E7771FB55BE4F504335E6AE06AEADF7DE0C1C340
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D56090 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            C-Code - Quality: 35%
                                                            			E00007FF87FF887D56090(long long __rax, long long __rbx, long long __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v32;
				char _v40;
				char _v56;
				void* _t25;
				void* _t32;
				void* _t36;
				long long _t41;
				long long _t44;
				long long _t63;
				void* _t67;
				void* _t78;

				_t41 = __rax;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_a8 = __rcx;
				_t44 = __rcx;
				_t25 = E00007FF87FF887D76670(__rax);
				if (_t41 == 0) goto 0x87d560d1;
				r8d =  *((intOrPtr*)(__rcx + 0x28));
				if ( *_t41 == r8d) goto 0x87d56145;
				_v40 = __rcx + 0x10;
				__imp__AcquireSRWLockShared();
				E00007FF87FF887D656A8(_t25, _t41, __rcx + 0x10);
				_v32 = _t41;
				if (_t41 == 0) goto 0x87d56110;
				E00007FF87FF887D59AD0(_t32,  *((intOrPtr*)(_t44 + 0x28)), _t36, _t44, _t41, _t44 + 0x38, _t44 + 0x30);
				_t63 = _t41;
				goto 0x87d56112;
				__imp__ReleaseSRWLockShared();
				E00007FF87FF887D76670(_t41);
				if (_t41 == _t63) goto 0x87d56145;
				_v56 = 1;
				E00007FF87FF887D76E20( *((intOrPtr*)(_t44 + 0x28)), _t41, _t44, _t44 + 0x48, 0x87d5c340, _t63, __rsi, _t67,  *((intOrPtr*)(_t44 + 0x48)), _t63, _t78);
				_v40 = _t63;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t63 + 0x128))))))();
				__imp__?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ();
				E00007FF87FF887D6DF50(); // executed
				return E00007FF87FF887D5A810(_t44,  &_v40);
			}














                                                            0x7ff887d56090
                                                            0x7ff887d56090
                                                            0x7ff887d56095
                                                            0x7ff887d5609a
                                                            0x7ff887d5609f
                                                            0x7ff887d560b4
                                                            0x7ff887d560bb
                                                            0x7ff887d560c6
                                                            0x7ff887d560c8
                                                            0x7ff887d560cf
                                                            0x7ff887d560d5
                                                            0x7ff887d560dd
                                                            0x7ff887d560e9
                                                            0x7ff887d560ee
                                                            0x7ff887d560f6
                                                            0x7ff887d56106
                                                            0x7ff887d5610b
                                                            0x7ff887d5610e
                                                            0x7ff887d56115
                                                            0x7ff887d5611f
                                                            0x7ff887d56127
                                                            0x7ff887d56129
                                                            0x7ff887d56140
                                                            0x7ff887d56145
                                                            0x7ff887d5615b
                                                            0x7ff887d56164
                                                            0x7ff887d56174
                                                            0x7ff887d5619d

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: LockShared$?flush@?$basic_ostream@AcquireD@std@@@std@@ReleaseU?$char_traits@V12@
                                                            • String ID:
                                                            • API String ID: 2998771425-0
                                                            • Opcode ID: e5e5c596da9bdb092d5d06463e3ff5beb724132a46c9db2d6cb914413f5afd47
                                                            • Instruction ID: 0845a40ba3b5369c7efe722f3983ea07ca5d1c8a76a555acae87bb88a21855f9
                                                            • Opcode Fuzzy Hash: e5e5c596da9bdb092d5d06463e3ff5beb724132a46c9db2d6cb914413f5afd47
                                                            • Instruction Fuzzy Hash: E4214A32659B8692DA04DB26E4004ADA3B0FF85BD4F444632EE8E07B6DDF3CE595C750
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D53B40 Relevance: 4.5, APIs: 3, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 26%
                                                            			E00007FF87FF887D53B40(intOrPtr* __rcx) {
				signed int _v24;
				signed long long _v32;
				char _v56;
				void* __rbx;
				int _t14;
				void* _t19;
				void* _t21;
				signed long long _t31;
				void* _t36;
				void* _t41;
				signed long long _t47;
				void* _t50;
				void* _t51;
				signed long long _t52;

				_t31 =  *0x87d8ec78; // 0x522936145607
				_v24 = _t31 ^ _t52;
				if ( *((long long*)(__rcx + 0x18)) - 0x10 < 0) goto 0x87d53b5f;
				E00007FF87FF887D53FF0(_t19, _t36,  &_v56,  *__rcx, _t50, _t51);
				_t41 =  >=  ? _v56 :  &_v56;
				_t14 = CreateDirectoryW(??, ??); // executed
				_t47 = _v32;
				if (_t47 - 8 < 0) goto 0x87d53bcc;
				if (2 + _t47 * 2 - 0x1000 < 0) goto 0x87d53bc7;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d53bc7;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				if (_t14 != 0) goto 0x87d53bf2;
				if (GetLastError() == 0xb7) goto 0x87d53bf2;
				return E00007FF87FF887D65E20(0, _t21, _v24 ^ _t52);
			}

















                                                            0x7ff887d53b46
                                                            0x7ff887d53b50
                                                            0x7ff887d53b5a
                                                            0x7ff887d53b67
                                                            0x7ff887d53b77
                                                            0x7ff887d53b7f
                                                            0x7ff887d53b85
                                                            0x7ff887d53b90
                                                            0x7ff887d53ba9
                                                            0x7ff887d53bbe
                                                            0x7ff887d53bc0
                                                            0x7ff887d53bc6
                                                            0x7ff887d53bc7
                                                            0x7ff887d53bce
                                                            0x7ff887d53bdb
                                                            0x7ff887d53bf1

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: CreateDirectoryErrorLast_invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 1363081247-0
                                                            • Opcode ID: faef024df2a03db1270b99d93008469492379fdd24af4c472736017e69ee614e
                                                            • Instruction ID: 04b21a9917d783ae90b0f928509cf0b8754113de2f625762616b717178e42956
                                                            • Opcode Fuzzy Hash: faef024df2a03db1270b99d93008469492379fdd24af4c472736017e69ee614e
                                                            • Instruction Fuzzy Hash: DB119462A5968682FF10DB28E48923D3371FF957D8F500731DA6F466EDDE2CD081C600
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D77B10 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 75%
                                                            			E00007FF87FF887D77B10(long long __rdx, void* __r8) {
				void* _t11;
				long long _t15;
				long _t22;
				void* _t25;

				 *((long long*)(_t25 + 0x10)) = __rdx;
				_t15 =  *((intOrPtr*)( *((intOrPtr*)(__rdx + 0x88))));
				 *((intOrPtr*)(_t15 + 8))();
				 *((long long*)(__rdx + 0x70)) = _t15;
				 *((long long*)(_t25 - 0x50 + 0x20)) = __rdx + 0x70;
				r8d = 0x7a;
				_t11 = E00007FF87FF887D45460(__r8 - 0x76, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "\'enum_ports\' method throwed BufferSizeException: {}"); // executed
				SetLastError(_t22);
				 *((intOrPtr*)( *((intOrPtr*)(__rdx + 0x58)))) =  *((intOrPtr*)(__rdx + 0x50));
				return _t11;
			}







                                                            0x7ff887d77b10
                                                            0x7ff887d77b24
                                                            0x7ff887d77b27
                                                            0x7ff887d77b2a
                                                            0x7ff887d77b32
                                                            0x7ff887d77b3e
                                                            0x7ff887d77b4f
                                                            0x7ff887d77b59
                                                            0x7ff887d77b66
                                                            0x7ff887d77b77

                                                            APIs
                                                              • Part of subcall function 00007FF887D45460: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4558E
                                                              • Part of subcall function 00007FF887D45460: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D455D5
                                                            • SetLastError.KERNEL32 ref: 00007FF887D77B59
                                                            Strings
                                                            • 'enum_ports' method throwed BufferSizeException: {}, xrefs: 00007FF887D77B37
                                                            • c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp, xrefs: 00007FF887D77B44
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$ErrorLast
                                                            • String ID: 'enum_ports' method throwed BufferSizeException: {}$c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp
                                                            • API String ID: 3964982034-30933652
                                                            • Opcode ID: 7869ff0d80f280c4edbe0d1ae805a5289204315e6fb73086d8f10c0cbf007131
                                                            • Instruction ID: ba66626cbf5e26a566ec6427aee8168d7f411215ff876b2e941e827bc791c7c9
                                                            • Opcode Fuzzy Hash: 7869ff0d80f280c4edbe0d1ae805a5289204315e6fb73086d8f10c0cbf007131
                                                            • Instruction Fuzzy Hash: 55F0F476A44B448AD700DF24E8403AD33B1FB88B98F408236EA4E07768DF3CD549C740
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D53980 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ?_Xlength_error@std@@YAXPEBD@Z.MSVCP140(?,?,?,?,00007FF887D541C5,?,?,?,?,00000000,?,?,?,00000000,00007FF887D53B6C), ref: 00007FF887D5398B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: Xlength_error@std@@
                                                            • String ID: vector too long
                                                            • API String ID: 1004598685-2873823879
                                                            • Opcode ID: 7facf0b4ce551dd9ebe7992f8db6e7374516873740b80f86a9a3de763a5ba51c
                                                            • Instruction ID: 7c6fdd9029c13150a9d0ff20647546ddd59d17ed6bc7897c7f108446fbb01d27
                                                            • Opcode Fuzzy Hash: 7facf0b4ce551dd9ebe7992f8db6e7374516873740b80f86a9a3de763a5ba51c
                                                            • Instruction Fuzzy Hash: 33A00124AA944695E518FB11D9A60BC12346F64382FA00A72E21F419AAEE18B597CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D457C0 Relevance: 3.1, APIs: 2, Instructions: 120COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 40%
                                                            			E00007FF87FF887D457C0(intOrPtr __ecx, long long __rdx, long long __r9, intOrPtr* _a40, intOrPtr* _a48, intOrPtr* _a56, intOrPtr* _a64, intOrPtr* _a72, intOrPtr* _a80) {
				signed int _v56;
				long long _v72;
				long long _v88;
				intOrPtr _v104;
				long long _v120;
				intOrPtr _v136;
				long long _v144;
				char _v152;
				intOrPtr _v160;
				char _v184;
				long long _v208;
				long long _v216;
				long long _v224;
				long long _v232;
				char _v248;
				long long _v272;
				long long _v280;
				intOrPtr _v288;
				intOrPtr _v296;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t56;
				signed long long _t68;
				intOrPtr* _t70;
				intOrPtr _t105;
				intOrPtr _t108;
				intOrPtr* _t111;
				void* _t112;
				void* _t113;
				signed long long _t114;

				_t68 =  *0x87d8ec78; // 0x522936145607
				_v56 = _t68 ^ _t114;
				_t111 = __rdx;
				_v288 = __ecx;
				_v272 = __rdx;
				_v296 = r14d;
				_v280 = __r9;
				_t70 = _a40;
				if ( *((long long*)(_t70 + 0x18)) - 0x10 < 0) goto 0x87d4580f;
				_v152 =  *_t70;
				_v144 =  *((intOrPtr*)(_t70 + 0x10));
				_v136 =  *_a48;
				_v120 =  *_a56;
				_v104 =  *_a64;
				_v88 =  *_a72;
				_v72 =  *_a80;
				_v216 = 0xa51946e;
				_v208 =  &_v152;
				asm("movaps xmm0, [esp+0x80]");
				asm("movdqa [esp+0x60], xmm0");
				_v216 = __r9;
				asm("o16 nop [eax+eax]");
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x87d458c0;
				_v208 = 0;
				E00007FF87FF887D449B0(0xffffffff,  &_v184, __rdx, _t112);
				_v248 = 0;
				_v232 = 0;
				_v224 = 0xf;
				_v248 = 0;
				if ( *_t111 != 0) goto 0x87d45906;
				E00007FF87FF887D49100(0,  &_v248, _t111, 0, r8d);
				E00007FF87FF887D5E5B0(__ecx, _t56, 0, 0,  &_v248,  &_v248, _t112, _t113, r8d,  &_v184); // executed
				_t105 = _v224;
				if (_t105 - 0x10 < 0) goto 0x87d45978;
				if (_t105 + 1 - 0x1000 < 0) goto 0x87d45972;
				if (_v248 -  *((intOrPtr*)(_v248 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d45972;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_t108 = _v160;
				if (_t108 - 0x10 < 0) goto 0x87d459bf;
				if (_t108 + 1 - 0x1000 < 0) goto 0x87d459b9;
				if (_v184 -  *((intOrPtr*)(_v184 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d459b9;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887D65E20(E00007FF87FF887D656E4(), __ecx, _v56 ^ _t114);
			}



































                                                            0x7ff887d457cd
                                                            0x7ff887d457d7
                                                            0x7ff887d457e2
                                                            0x7ff887d457e7
                                                            0x7ff887d457eb
                                                            0x7ff887d457f0
                                                            0x7ff887d457f5
                                                            0x7ff887d457fa
                                                            0x7ff887d4580a
                                                            0x7ff887d45813
                                                            0x7ff887d4581b
                                                            0x7ff887d4582d
                                                            0x7ff887d4583f
                                                            0x7ff887d45851
                                                            0x7ff887d45863
                                                            0x7ff887d45876
                                                            0x7ff887d4587e
                                                            0x7ff887d45892
                                                            0x7ff887d4589a
                                                            0x7ff887d458a2
                                                            0x7ff887d458a8
                                                            0x7ff887d458ba
                                                            0x7ff887d458c8
                                                            0x7ff887d458ca
                                                            0x7ff887d458e7
                                                            0x7ff887d458ef
                                                            0x7ff887d458f4
                                                            0x7ff887d458f9
                                                            0x7ff887d45902
                                                            0x7ff887d4590c
                                                            0x7ff887d45919
                                                            0x7ff887d45931
                                                            0x7ff887d45937
                                                            0x7ff887d45940
                                                            0x7ff887d45954
                                                            0x7ff887d45969
                                                            0x7ff887d4596b
                                                            0x7ff887d45971
                                                            0x7ff887d45972
                                                            0x7ff887d45978
                                                            0x7ff887d45984
                                                            0x7ff887d4599b
                                                            0x7ff887d459b0
                                                            0x7ff887d459b2
                                                            0x7ff887d459b8
                                                            0x7ff887d459db

                                                            APIs
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4596B
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D459B2
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 3668304517-0
                                                            • Opcode ID: 1981f29843fd0f811de58866de1893ec40f798ca1c83c1463f06fc5a1154a23e
                                                            • Instruction ID: 125dd4bf71886a8632866a8685eac3d7ed59d8fa5e794dc5c639d892d657ae66
                                                            • Opcode Fuzzy Hash: 1981f29843fd0f811de58866de1893ec40f798ca1c83c1463f06fc5a1154a23e
                                                            • Instruction Fuzzy Hash: AD51FA72649BC985EA64DB15F4443AEB761F789BE0F404325DA9E43B99DF3CD084CB00
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D459E0 Relevance: 3.1, APIs: 2, Instructions: 107COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 41%
                                                            			E00007FF87FF887D459E0(intOrPtr __ecx, long long __rdx, long long __r9, intOrPtr* _a40, intOrPtr* _a48) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v104;
				long long _v112;
				char _v120;
				long long _v144;
				long long _v152;
				long long _v160;
				long long _v168;
				char _v184;
				long long _v208;
				long long _v216;
				intOrPtr _v224;
				intOrPtr _v232;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t46;
				signed long long _t58;
				intOrPtr* _t60;
				intOrPtr _t89;
				intOrPtr _t92;
				intOrPtr* _t95;
				void* _t96;
				void* _t97;
				signed long long _t98;

				_t58 =  *0x87d8ec78; // 0x522936145607
				_v56 = _t58 ^ _t98;
				_t95 = __rdx;
				_v224 = __ecx;
				_v208 = __rdx;
				_v232 = r14d;
				_v216 = __r9;
				_t60 = _a40;
				if ( *((long long*)(_t60 + 0x18)) - 0x10 < 0) goto 0x87d45a2f;
				_v120 =  *_t60;
				_v112 =  *((intOrPtr*)(_t60 + 0x10));
				_v104 =  *_a48;
				_v152 = 0xae;
				_v144 =  &_v120;
				asm("movaps xmm0, [esp+0x80]");
				asm("movdqa [esp+0x60], xmm0");
				_v152 = __r9;
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x87d45a92;
				_v144 = 0;
				E00007FF87FF887D449B0(0xffffffff,  &_v88, __rdx, _t96);
				_v184 = 0;
				_v168 = 0;
				_v160 = 0xf;
				_v184 = 0;
				if ( *_t95 != 0) goto 0x87d45ad8;
				E00007FF87FF887D49100(0,  &_v184, _t95, 0, r8d);
				E00007FF87FF887D5E5B0(__ecx, _t46, 0, 0,  &_v184,  &_v184, _t96, _t97, r8d,  &_v88); // executed
				_t89 = _v160;
				if (_t89 - 0x10 < 0) goto 0x87d45b4a;
				if (_t89 + 1 - 0x1000 < 0) goto 0x87d45b44;
				if (_v184 -  *((intOrPtr*)(_v184 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d45b44;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_t92 = _v64;
				if (_t92 - 0x10 < 0) goto 0x87d45b91;
				if (_t92 + 1 - 0x1000 < 0) goto 0x87d45b8b;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d45b8b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887D65E20(E00007FF87FF887D656E4(), __ecx, _v56 ^ _t98);
			}































                                                            0x7ff887d459ed
                                                            0x7ff887d459f7
                                                            0x7ff887d45a02
                                                            0x7ff887d45a07
                                                            0x7ff887d45a0b
                                                            0x7ff887d45a10
                                                            0x7ff887d45a15
                                                            0x7ff887d45a1a
                                                            0x7ff887d45a2a
                                                            0x7ff887d45a33
                                                            0x7ff887d45a3b
                                                            0x7ff887d45a4e
                                                            0x7ff887d45a56
                                                            0x7ff887d45a6a
                                                            0x7ff887d45a72
                                                            0x7ff887d45a7a
                                                            0x7ff887d45a80
                                                            0x7ff887d45a9a
                                                            0x7ff887d45a9c
                                                            0x7ff887d45ab9
                                                            0x7ff887d45ac1
                                                            0x7ff887d45ac6
                                                            0x7ff887d45acb
                                                            0x7ff887d45ad4
                                                            0x7ff887d45ade
                                                            0x7ff887d45aeb
                                                            0x7ff887d45b03
                                                            0x7ff887d45b09
                                                            0x7ff887d45b12
                                                            0x7ff887d45b26
                                                            0x7ff887d45b3b
                                                            0x7ff887d45b3d
                                                            0x7ff887d45b43
                                                            0x7ff887d45b44
                                                            0x7ff887d45b4a
                                                            0x7ff887d45b56
                                                            0x7ff887d45b6d
                                                            0x7ff887d45b82
                                                            0x7ff887d45b84
                                                            0x7ff887d45b8a
                                                            0x7ff887d45bad

                                                            APIs
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D45B3D
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D45B84
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 3668304517-0
                                                            • Opcode ID: 29762b3e575b918b7c6d014bbb7e81ba7728309e426f5e8661c010412e15b857
                                                            • Instruction ID: eee6763a819504d225cf7b12ae40cb8c228239df4cd3faf700d0cbe706daed83
                                                            • Opcode Fuzzy Hash: 29762b3e575b918b7c6d014bbb7e81ba7728309e426f5e8661c010412e15b857
                                                            • Instruction Fuzzy Hash: 0C413A72A89BC985EA60DB19E4443AEA661FB857E0F405335DAAE43BD9DF3CD084C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D45600 Relevance: 3.1, APIs: 2, Instructions: 105COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 41%
                                                            			E00007FF87FF887D45600(intOrPtr __ecx, long long __rdx, long long __r9, intOrPtr* _a40) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v96;
				char _v104;
				long long _v128;
				long long _v136;
				long long _v144;
				long long _v152;
				char _v168;
				long long _v192;
				long long _v200;
				intOrPtr _v208;
				intOrPtr _v216;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t44;
				signed long long _t56;
				intOrPtr* _t58;
				intOrPtr _t85;
				intOrPtr _t88;
				intOrPtr* _t91;
				void* _t92;
				void* _t93;
				signed long long _t94;

				_t56 =  *0x87d8ec78; // 0x522936145607
				_v56 = _t56 ^ _t94;
				_t91 = __rdx;
				_v208 = __ecx;
				_v192 = __rdx;
				_v216 = r14d;
				_v200 = __r9;
				_t58 = _a40;
				if ( *((long long*)(_t58 + 0x18)) - 0x10 < 0) goto 0x87d4564f;
				_v104 =  *_t58;
				_v96 =  *((intOrPtr*)(_t58 + 0x10));
				_v136 = 0xe;
				_v128 =  &_v104;
				asm("movaps xmm0, [esp+0x80]");
				asm("movdqa [esp+0x60], xmm0");
				_v136 = __r9;
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x87d456a0;
				_v128 = 0;
				E00007FF87FF887D449B0(0xffffffff,  &_v88, __rdx, _t92);
				_v168 = 0;
				_v152 = 0;
				_v144 = 0xf;
				_v168 = 0;
				if ( *_t91 != 0) goto 0x87d456e6;
				E00007FF87FF887D49100(0,  &_v168, _t91, 0, r8d);
				E00007FF87FF887D5E5B0(__ecx, _t44, 0, 0,  &_v168,  &_v168, _t92, _t93, r8d,  &_v88); // executed
				_t85 = _v144;
				if (_t85 - 0x10 < 0) goto 0x87d45758;
				if (_t85 + 1 - 0x1000 < 0) goto 0x87d45752;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d45752;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_t88 = _v64;
				if (_t88 - 0x10 < 0) goto 0x87d4579f;
				if (_t88 + 1 - 0x1000 < 0) goto 0x87d45799;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d45799;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887D65E20(E00007FF87FF887D656E4(), __ecx, _v56 ^ _t94);
			}






























                                                            0x7ff887d4560d
                                                            0x7ff887d45617
                                                            0x7ff887d45622
                                                            0x7ff887d45627
                                                            0x7ff887d4562b
                                                            0x7ff887d45630
                                                            0x7ff887d45635
                                                            0x7ff887d4563a
                                                            0x7ff887d4564a
                                                            0x7ff887d45653
                                                            0x7ff887d4565b
                                                            0x7ff887d45663
                                                            0x7ff887d45677
                                                            0x7ff887d4567f
                                                            0x7ff887d45687
                                                            0x7ff887d4568d
                                                            0x7ff887d456a8
                                                            0x7ff887d456aa
                                                            0x7ff887d456c7
                                                            0x7ff887d456cf
                                                            0x7ff887d456d4
                                                            0x7ff887d456d9
                                                            0x7ff887d456e2
                                                            0x7ff887d456ec
                                                            0x7ff887d456f9
                                                            0x7ff887d45711
                                                            0x7ff887d45717
                                                            0x7ff887d45720
                                                            0x7ff887d45734
                                                            0x7ff887d45749
                                                            0x7ff887d4574b
                                                            0x7ff887d45751
                                                            0x7ff887d45752
                                                            0x7ff887d45758
                                                            0x7ff887d45764
                                                            0x7ff887d4577b
                                                            0x7ff887d45790
                                                            0x7ff887d45792
                                                            0x7ff887d45798
                                                            0x7ff887d457bb

                                                            APIs
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4574B
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D45792
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 3668304517-0
                                                            • Opcode ID: 9b71f734a2d08e80426e159237ae319ab05393ace36e9f7cc8abe1b1d6941eb1
                                                            • Instruction ID: 9bf4deea5802398a0b80b2581a6763fbca25085e775e71f3b7b598a6bac38ab2
                                                            • Opcode Fuzzy Hash: 9b71f734a2d08e80426e159237ae319ab05393ace36e9f7cc8abe1b1d6941eb1
                                                            • Instruction Fuzzy Hash: 4B412A72A89BC981EA60DB15E4443AE62A1FB857E0F505735DAEE43BD9DF3CD085C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D45460 Relevance: 3.1, APIs: 2, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 37%
                                                            			E00007FF87FF887D45460(intOrPtr __ecx, long long __rdx, long long __r9, intOrPtr* _a40) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v128;
				long long _v136;
				char _v152;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				intOrPtr _v208;
				intOrPtr _v216;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t41;
				signed long long _t52;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr* _t85;
				void* _t86;
				void* _t87;
				void* _t88;
				void* _t96;

				_t96 = _t88;
				_t52 =  *0x87d8ec78; // 0x522936145607
				_v56 = _t52 ^ _t88 - 0x000000e8;
				_t85 = __rdx;
				_v208 = __ecx;
				_v176 = __rdx;
				_v216 = r14d;
				_v184 = __r9;
				 *((long long*)(_t96 - 0x78)) =  *_a40;
				_v200 = 0xd;
				_v192 = _t96 - 0x78;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x70], xmm0");
				_v200 = __r9;
				asm("o16 nop [eax+eax]");
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x87d454e0;
				_v192 = 0;
				E00007FF87FF887D449B0(0xffffffff,  &_v88, __rdx, _t86);
				_v152 = 0;
				_v136 = 0;
				_v128 = 0xf;
				_v152 = 0;
				if ( *_t85 != 0) goto 0x87d45526;
				E00007FF87FF887D49100(0,  &_v152, _t85, 0, r8d);
				E00007FF87FF887D5E5B0(__ecx, _t41, 0, 0,  &_v152,  &_v152, _t86, _t87, r8d,  &_v88); // executed
				_t79 = _v128;
				if (_t79 - 0x10 < 0) goto 0x87d4559b;
				if (_t79 + 1 - 0x1000 < 0) goto 0x87d45595;
				if (_v152 -  *((intOrPtr*)(_v152 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d45595;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_t82 = _v64;
				if (_t82 - 0x10 < 0) goto 0x87d455e2;
				if (_t82 + 1 - 0x1000 < 0) goto 0x87d455dc;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d455dc;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887D65E20(E00007FF87FF887D656E4(), __ecx, _v56 ^ _t88 - 0x000000e8);
			}




























                                                            0x7ff887d45460
                                                            0x7ff887d4546f
                                                            0x7ff887d45479
                                                            0x7ff887d45484
                                                            0x7ff887d45489
                                                            0x7ff887d4548d
                                                            0x7ff887d45492
                                                            0x7ff887d45497
                                                            0x7ff887d454a7
                                                            0x7ff887d454ab
                                                            0x7ff887d454b8
                                                            0x7ff887d454bd
                                                            0x7ff887d454c2
                                                            0x7ff887d454c8
                                                            0x7ff887d454d7
                                                            0x7ff887d454e8
                                                            0x7ff887d454ea
                                                            0x7ff887d45501
                                                            0x7ff887d45509
                                                            0x7ff887d4550e
                                                            0x7ff887d45516
                                                            0x7ff887d45522
                                                            0x7ff887d4552c
                                                            0x7ff887d45539
                                                            0x7ff887d45551
                                                            0x7ff887d45557
                                                            0x7ff887d45563
                                                            0x7ff887d45577
                                                            0x7ff887d4558c
                                                            0x7ff887d4558e
                                                            0x7ff887d45594
                                                            0x7ff887d45595
                                                            0x7ff887d4559b
                                                            0x7ff887d455a7
                                                            0x7ff887d455be
                                                            0x7ff887d455d3
                                                            0x7ff887d455d5
                                                            0x7ff887d455db
                                                            0x7ff887d455fe

                                                            APIs
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4558E
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D455D5
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 3668304517-0
                                                            • Opcode ID: aae03a3d95e0946a8272b2168d489ddbc761b8d8e3ec7c44dd737b3b500582f4
                                                            • Instruction ID: 66633947441f6f9353227d6087b2832990dfe7510a44e476210c4262e2ffaaed
                                                            • Opcode Fuzzy Hash: aae03a3d95e0946a8272b2168d489ddbc761b8d8e3ec7c44dd737b3b500582f4
                                                            • Instruction Fuzzy Hash: E9416162A48AC581EA50CB28E4443AE63B1FB857E0F505335EBAE43BD9DF3CD485CB00
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D45DB0 Relevance: 3.1, APIs: 2, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 37%
                                                            			E00007FF87FF887D45DB0(intOrPtr __ecx, long long __rdx, long long __r9, intOrPtr* _a40) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v128;
				long long _v136;
				char _v152;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				intOrPtr _v208;
				intOrPtr _v216;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t41;
				signed long long _t52;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr* _t85;
				void* _t86;
				void* _t87;
				void* _t88;
				void* _t96;

				_t96 = _t88;
				_t52 =  *0x87d8ec78; // 0x522936145607
				_v56 = _t52 ^ _t88 - 0x000000e8;
				_t85 = __rdx;
				_v208 = __ecx;
				_v176 = __rdx;
				_v216 = r14d;
				_v184 = __r9;
				 *((long long*)(_t96 - 0x78)) =  *_a40;
				_v200 = 5;
				_v192 = _t96 - 0x78;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x70], xmm0");
				_v200 = __r9;
				asm("o16 nop [eax+eax]");
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x87d45e30;
				_v192 = 0;
				E00007FF87FF887D449B0(0xffffffff,  &_v88, __rdx, _t86);
				_v152 = 0;
				_v136 = 0;
				_v128 = 0xf;
				_v152 = 0;
				if ( *_t85 != 0) goto 0x87d45e76;
				E00007FF87FF887D49100(0,  &_v152, _t85, 0, r8d);
				E00007FF87FF887D5E5B0(__ecx, _t41, 0, 0,  &_v152,  &_v152, _t86, _t87, r8d,  &_v88); // executed
				_t79 = _v128;
				if (_t79 - 0x10 < 0) goto 0x87d45eeb;
				if (_t79 + 1 - 0x1000 < 0) goto 0x87d45ee5;
				if (_v152 -  *((intOrPtr*)(_v152 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d45ee5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_t82 = _v64;
				if (_t82 - 0x10 < 0) goto 0x87d45f32;
				if (_t82 + 1 - 0x1000 < 0) goto 0x87d45f2c;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d45f2c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887D65E20(E00007FF87FF887D656E4(), __ecx, _v56 ^ _t88 - 0x000000e8);
			}




























                                                            0x7ff887d45db0
                                                            0x7ff887d45dbf
                                                            0x7ff887d45dc9
                                                            0x7ff887d45dd4
                                                            0x7ff887d45dd9
                                                            0x7ff887d45ddd
                                                            0x7ff887d45de2
                                                            0x7ff887d45de7
                                                            0x7ff887d45df7
                                                            0x7ff887d45dfb
                                                            0x7ff887d45e08
                                                            0x7ff887d45e0d
                                                            0x7ff887d45e12
                                                            0x7ff887d45e18
                                                            0x7ff887d45e27
                                                            0x7ff887d45e38
                                                            0x7ff887d45e3a
                                                            0x7ff887d45e51
                                                            0x7ff887d45e59
                                                            0x7ff887d45e5e
                                                            0x7ff887d45e66
                                                            0x7ff887d45e72
                                                            0x7ff887d45e7c
                                                            0x7ff887d45e89
                                                            0x7ff887d45ea1
                                                            0x7ff887d45ea7
                                                            0x7ff887d45eb3
                                                            0x7ff887d45ec7
                                                            0x7ff887d45edc
                                                            0x7ff887d45ede
                                                            0x7ff887d45ee4
                                                            0x7ff887d45ee5
                                                            0x7ff887d45eeb
                                                            0x7ff887d45ef7
                                                            0x7ff887d45f0e
                                                            0x7ff887d45f23
                                                            0x7ff887d45f25
                                                            0x7ff887d45f2b
                                                            0x7ff887d45f4e

                                                            APIs
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D45EDE
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D45F25
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 3668304517-0
                                                            • Opcode ID: e18008437c69ac987c1083b57540c6eb0e4324fcdc79bb6acb94207609e365fd
                                                            • Instruction ID: 52be39911fd4450b2eb9c2aa8812ec1b301fb0b92eef56979f94674d2e68f888
                                                            • Opcode Fuzzy Hash: e18008437c69ac987c1083b57540c6eb0e4324fcdc79bb6acb94207609e365fd
                                                            • Instruction Fuzzy Hash: 45416162A58AC581EA50DB29E4443AE62A1FB857E0F505335EBAE437D9DF3CD485C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D4CD20 Relevance: 3.1, APIs: 2, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 40%
                                                            			E00007FF87FF887D4CD20(intOrPtr __ecx, long long __rdx, void* __rbp, long long __r9, intOrPtr* _a40) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v128;
				long long _v136;
				char _v152;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				intOrPtr _v208;
				intOrPtr _v216;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t42;
				signed long long _t53;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr* _t85;
				void* _t86;
				void* _t87;
				void* _t88;
				void* _t96;

				_t87 = __rbp;
				_t96 = _t88;
				_t53 =  *0x87d8ec78; // 0x522936145607
				_v56 = _t53 ^ _t88 - 0x000000e8;
				_t85 = __rdx;
				_v208 = __ecx;
				_v176 = __rdx;
				_v216 = r14d;
				_v184 = __r9;
				 *((intOrPtr*)(_t96 - 0x78)) =  *_a40;
				_v200 = 2;
				_v192 = _t96 - 0x78;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x70], xmm0");
				_v200 = __r9;
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x87d4cd96;
				_v192 = 0;
				E00007FF87FF887D449B0(0xffffffff,  &_v88, __rdx, _t86);
				_v152 = 0;
				_v136 = 0;
				_v128 = 0xf;
				_v152 = 0;
				if ( *_t85 != 0) goto 0x87d4cde0;
				E00007FF87FF887D49100(0,  &_v152, _t85, 0, r8d);
				E00007FF87FF887D5E5B0(__ecx, _t42, 0, 0,  &_v152,  &_v152, _t86, _t87, r8d,  &_v88); // executed
				_t79 = _v128;
				if (_t79 - 0x10 < 0) goto 0x87d4ce55;
				if (_t79 + 1 - 0x1000 < 0) goto 0x87d4ce4f;
				if (_v152 -  *((intOrPtr*)(_v152 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4ce4f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_t82 = _v64;
				if (_t82 - 0x10 < 0) goto 0x87d4ce9c;
				if (_t82 + 1 - 0x1000 < 0) goto 0x87d4ce96;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4ce96;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887D65E20(E00007FF87FF887D656E4(), __ecx, _v56 ^ _t88 - 0x000000e8);
			}




























                                                            0x7ff887d4cd20
                                                            0x7ff887d4cd20
                                                            0x7ff887d4cd2f
                                                            0x7ff887d4cd39
                                                            0x7ff887d4cd44
                                                            0x7ff887d4cd49
                                                            0x7ff887d4cd4d
                                                            0x7ff887d4cd52
                                                            0x7ff887d4cd57
                                                            0x7ff887d4cd66
                                                            0x7ff887d4cd6a
                                                            0x7ff887d4cd77
                                                            0x7ff887d4cd7c
                                                            0x7ff887d4cd81
                                                            0x7ff887d4cd87
                                                            0x7ff887d4cd9e
                                                            0x7ff887d4cda0
                                                            0x7ff887d4cdb7
                                                            0x7ff887d4cdbf
                                                            0x7ff887d4cdc4
                                                            0x7ff887d4cdcc
                                                            0x7ff887d4cdd8
                                                            0x7ff887d4cde6
                                                            0x7ff887d4cdf3
                                                            0x7ff887d4ce0b
                                                            0x7ff887d4ce11
                                                            0x7ff887d4ce1d
                                                            0x7ff887d4ce31
                                                            0x7ff887d4ce46
                                                            0x7ff887d4ce48
                                                            0x7ff887d4ce4e
                                                            0x7ff887d4ce4f
                                                            0x7ff887d4ce55
                                                            0x7ff887d4ce61
                                                            0x7ff887d4ce78
                                                            0x7ff887d4ce8d
                                                            0x7ff887d4ce8f
                                                            0x7ff887d4ce95
                                                            0x7ff887d4ceb8

                                                            APIs
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4CE48
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4CE8F
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 3668304517-0
                                                            • Opcode ID: 402de58a4d92593279dd9034f4693e62950564fd35a04b631d78653cefa4ad41
                                                            • Instruction ID: 65ee01f1b9b069e55d6ec0b610496e544564be44e7ed81baa9d5b7cf2cf6f107
                                                            • Opcode Fuzzy Hash: 402de58a4d92593279dd9034f4693e62950564fd35a04b631d78653cefa4ad41
                                                            • Instruction Fuzzy Hash: 18416362A49BC582EA509B28E44436E77A1F7857E0F505335E7AD437D9DF3CD481CB04
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D58050 Relevance: 3.1, APIs: 2, Instructions: 54threadCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 33%
                                                            			E00007FF87FF887D58050(long long __rax, long long __rbx, long long __rcx, void* __rdx, long long __r8, void* __r9, long long _a8, long long _a16, void* _a24) {
				long long _v40;
				void* __rdi;
				void* __rsi;
				long _t12;
				void* _t21;
				intOrPtr* _t25;

				_a16 = __rbx;
				_a8 = __rcx;
				_t25 = __r8;
				_t12 = GetCurrentThreadId();
				r10d =  *(__r8 + 4);
				_t21 = r10d - _t12;
				if (_t21 != 0) goto 0x87d58082;
				 *((intOrPtr*)(__r8)) =  *((intOrPtr*)(__r8)) + 1;
				goto 0x87d58093;
				asm("lock bts dword [ebx+0x8], 0x1f");
				if (_t21 < 0) goto 0x87d580f6;
				 *(__r8 + 4) = _t12;
				 *((intOrPtr*)(__r8)) = 1;
				_v40 = __r8;
				E00007FF87FF887D56090(__rax, __r8, __rcx, __rdx, __rcx, __r9, __r9); // executed
				 *_t25 =  *_t25 - 1;
				if (_t21 != 0) goto 0x87d580e6;
				 *((intOrPtr*)(_t25 + 4)) = 0;
				asm("lock xadd [ecx], eax");
				asm("bt eax, 0x1e");
				if (_t21 < 0) goto 0x87d580e6;
				if (0x80000000 - 0x80000000 <= 0) goto 0x87d580e6;
				asm("lock bts dword [ecx], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x87d580e6;
				E00007FF87FF887D5D940(_t25 + 8);
				SetEvent(??);
				return 1;
			}









                                                            0x7ff887d58050
                                                            0x7ff887d58055
                                                            0x7ff887d58065
                                                            0x7ff887d5806e
                                                            0x7ff887d58074
                                                            0x7ff887d58079
                                                            0x7ff887d5807c
                                                            0x7ff887d5807e
                                                            0x7ff887d58080
                                                            0x7ff887d58082
                                                            0x7ff887d58088
                                                            0x7ff887d5808a
                                                            0x7ff887d5808d
                                                            0x7ff887d58093
                                                            0x7ff887d580a6
                                                            0x7ff887d580ac
                                                            0x7ff887d580af
                                                            0x7ff887d580b3
                                                            0x7ff887d580bf
                                                            0x7ff887d580c3
                                                            0x7ff887d580c7
                                                            0x7ff887d580ce
                                                            0x7ff887d580d0
                                                            0x7ff887d580d5
                                                            0x7ff887d580d7
                                                            0x7ff887d580df
                                                            0x7ff887d580f5

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: CurrentEventThread
                                                            • String ID:
                                                            • API String ID: 2592414440-0
                                                            • Opcode ID: 834fed51e2728882df6bb9cdc2855ed8d83aedfefd05cddf5e5c8f44ad8cabbe
                                                            • Instruction ID: 45be39feddb7944f5601e4874f18d34e11a3f36a673ff23a31cc8de5ee1d01db
                                                            • Opcode Fuzzy Hash: 834fed51e2728882df6bb9cdc2855ed8d83aedfefd05cddf5e5c8f44ad8cabbe
                                                            • Instruction Fuzzy Hash: 09113D3294A78186E7018F39E48427E67B0FB46BD9F18C230DE6EA7259DE3CD442DB51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D617C0 Relevance: 3.0, APIs: 2, Instructions: 47stringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _localtime64strftime
                                                            • String ID:
                                                            • API String ID: 1396910471-0
                                                            • Opcode ID: 5b3d6727782fdf8fe32fba85827f6283c99371045998f41104964c7c4878100e
                                                            • Instruction ID: 92f412830bdd40d490bfe7f6bc033de62b4ad19ef077c7a80d97c698f061f849
                                                            • Opcode Fuzzy Hash: 5b3d6727782fdf8fe32fba85827f6283c99371045998f41104964c7c4878100e
                                                            • Instruction Fuzzy Hash: C2213E22A08B8586E7208B24E44036E77B0F798BD8F445335EB9D47799DF3CD194CB40
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Non-executed Functions

                                                            Function 00007FF887D64820 Relevance: 21.1, APIs: 14, Instructions: 134COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: Locinfo@std@@$??0_??1_Cvtvec@@Getcvt@_Lockit@std@@$??0facet@locale@std@@?c_str@?$_Bid@locale@std@@D@std@@Facet_Getfalse@_Getgloballocale@locale@std@@Gettrue@_Locimp@12@RegisterYarn@localeconvmallocstd::_
                                                            • String ID:
                                                            • API String ID: 2189335433-0
                                                            • Opcode ID: f33d98d7c94fbf605588ee834dde04b49e0d331855461d2d59b937172c80e46e
                                                            • Instruction ID: bc0d38d116483333df0c53546f6f9603058533a8f3d8220a49717bdcb088e1c7
                                                            • Opcode Fuzzy Hash: f33d98d7c94fbf605588ee834dde04b49e0d331855461d2d59b937172c80e46e
                                                            • Instruction Fuzzy Hash: E3513B22A89B8191EA24DB11E9543BE63B1FF88BC4F444236DA8F07B59DF3CE595C340
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D66758 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                            • String ID:
                                                            • API String ID: 313767242-0
                                                            • Opcode ID: ec673b4035b9770a6a4f4f059dcc0db7cd818e2d541853e018e626a61b69cb06
                                                            • Instruction ID: 5cbe50d73ff1da5303b613c73ad2473f686384aeea768d868f5efece84e1766d
                                                            • Opcode Fuzzy Hash: ec673b4035b9770a6a4f4f059dcc0db7cd818e2d541853e018e626a61b69cb06
                                                            • Instruction Fuzzy Hash: 15314C72649A818AEB608F60E8507FD7371FB84788F44453ADA4F47A98EF3CD548C710
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D414A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54libraryloaderCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 48%
                                                            			E00007FF87FF887D414A0(signed int __ebx) {
				void* __rbx;
				void* _t13;
				void* _t15;
				void* _t28;
				void* _t32;
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t36;

				asm("cpuid");
				r8d = 0;
				if (0 - 1 < 0) goto 0x87d41589;
				asm("cpuid");
				asm("bt ecx, 0x9");
				if (0 - 1 >= 0) goto 0x87d414ff;
				 *0x87d8ecb0 = E00007FF87FF887D714B0;
				 *0x87d8ecb8 = E00007FF87FF887D71B10;
				 *0x87d8ecc0 = E00007FF87FF887D70610;
				 *0x87d8ecc8 = E00007FF87FF887D70C50;
				_t15 = r8d - 7;
				if (_t15 < 0) goto 0x87d41589;
				asm("bt ecx, 0x1b");
				if (_t15 >= 0) goto 0x87d41589;
				GetModuleHandleW(??);
				if (E00007FF87FF887D70C50 == 0) goto 0x87d41589;
				GetProcAddress(??, ??);
				if (E00007FF87FF887D70C50 == 0) goto 0x87d41589;
				E00007FF87FF887D70C50(_t13, E00007FF87FF887D70C50, _t28, E00007FF87FF887D70C50, "GetEnabledExtendedFeatures", _t32, _t33, _t34, _t35, _t36);
				if (E00007FF87FF887D70C50 != 6) goto 0x87d41589;
				asm("cpuid");
				if ((__ebx & 0x00000020) == 0) goto 0x87d41589;
				 *0x87d8ecb0 = 0x87d72ee0;
				 *0x87d8ecb8 = 0x87d73570;
				 *0x87d8ecc0 = 0x87d72150;
				 *0x87d8ecc8 = 0x87d72760;
				return 7;
			}












                                                            0x7ff887d414aa
                                                            0x7ff887d414ac
                                                            0x7ff887d414b2
                                                            0x7ff887d414bf
                                                            0x7ff887d414c1
                                                            0x7ff887d414c5
                                                            0x7ff887d414ce
                                                            0x7ff887d414dc
                                                            0x7ff887d414ea
                                                            0x7ff887d414f8
                                                            0x7ff887d414ff
                                                            0x7ff887d41503
                                                            0x7ff887d41509
                                                            0x7ff887d4150d
                                                            0x7ff887d41516
                                                            0x7ff887d4151f
                                                            0x7ff887d4152b
                                                            0x7ff887d41534
                                                            0x7ff887d4153b
                                                            0x7ff887d41541
                                                            0x7ff887d4154a
                                                            0x7ff887d4154f
                                                            0x7ff887d41558
                                                            0x7ff887d41566
                                                            0x7ff887d41574
                                                            0x7ff887d41582
                                                            0x7ff887d4158e

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: AddressHandleModuleProc
                                                            • String ID: GetEnabledExtendedFeatures$kernel32.dll
                                                            • API String ID: 1646373207-4263775254
                                                            • Opcode ID: 10f3bcb67617dfe9785c86ee06e55d0bd729038df4dad0ba893b2cdb0de9f2b4
                                                            • Instruction ID: db3af4e431c5df05c6a8124938c7ab9cecdae9de6bd4591c70b5a1bb5521634c
                                                            • Opcode Fuzzy Hash: 10f3bcb67617dfe9785c86ee06e55d0bd729038df4dad0ba893b2cdb0de9f2b4
                                                            • Instruction Fuzzy Hash: 42219324ED9B0295FA959B15E8452BD33B9BF853C0F905B3AD84F433B8EE3DA164C604
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D6A560 Relevance: 4.5, APIs: 3, Instructions: 37memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: Heap$AllocProcessstd::bad_alloc::bad_alloc
                                                            • String ID:
                                                            • API String ID: 3165967205-0
                                                            • Opcode ID: 6137eb0d84de8c58bac32c20dca4a166fda0c1580368c1e4be454180153b7d53
                                                            • Instruction ID: faa9c384546cd91639b747d1cea3b87acecdc0a481d411fa980e91b34952f82f
                                                            • Opcode Fuzzy Hash: 6137eb0d84de8c58bac32c20dca4a166fda0c1580368c1e4be454180153b7d53
                                                            • Instruction Fuzzy Hash: 4CF0A762D49B4281EB019B21E40407D2370BF987C4B088134DE4F0336DFE3CE5D4C640
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D4E730 Relevance: 56.5, APIs: 24, Strings: 8, Instructions: 451COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 21%
                                                            			E00007FF87FF887D4E730(void* __eax, void* __esi, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __rbp, void* __r8, long long _a8, long long _a24, long long _a32) {
				void* _v24;
				signed int _v32;
				intOrPtr _v72;
				char _v96;
				long long _v104;
				long long _v112;
				long long _v120;
				char _v128;
				long long _v136;
				long long _v144;
				long long _v152;
				char _v160;
				intOrPtr _v168;
				char _v192;
				intOrPtr _v200;
				char _v224;
				long long _v232;
				long long _v240;
				char _v256;
				long long _v264;
				long long _v272;
				short _v288;
				long long _v296;
				long long _v304;
				char _v320;
				long long _v328;
				long long _v336;
				char _v352;
				long long _v360;
				long long _v368;
				char _v384;
				long long _v392;
				long long _v400;
				char _v416;
				void* _v504;
				void* _v520;
				long long _v544;
				long long _v552;
				long long _v560;
				long long _v568;
				long long _v576;
				long long _v584;
				long long _v592;
				long long _v600;
				long long _v616;
				long long _v624;
				long long _v640;
				char _v656;
				char _v664;
				long long _v672;
				void* _v680;
				char _v688;
				char _v696;
				long long _v704;
				long long _v712;
				long long _v720;
				long long _v728;
				signed long long _t255;
				intOrPtr* _t257;
				intOrPtr _t258;
				long long _t313;
				intOrPtr _t317;
				void* _t340;
				intOrPtr* _t364;
				long long _t368;
				long long _t371;
				long long _t377;
				long long _t380;
				signed long long _t387;
				intOrPtr _t390;
				intOrPtr _t395;
				long long _t400;
				intOrPtr _t403;
				long long _t407;
				long long _t412;
				long long _t413;
				intOrPtr* _t414;
				void* _t416;
				void* _t417;
				long long _t427;

				_t416 = __rbp;
				_a8 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t418 = _t417 - 0x2e0;
				_t255 =  *0x87d8ec78; // 0x522936145607
				_v32 = _t255 ^ _t417 - 0x000002e0;
				asm("xorps xmm0, xmm0");
				asm("movdqu [esp+0x88], xmm0");
				_t407 = __rcx + 0x70;
				_v672 = _t407;
				0x87d65430();
				if (__eax != 0) goto 0x87d4ef5b;
				_t364 =  *((intOrPtr*)(__rcx + 0x60));
				_t257 =  *_t364;
				if (_t257 == _t364) goto 0x87d4ef63;
				if ( *((intOrPtr*)(_t257 + 0x10)) == __rdx) goto 0x87d4e7b7;
				_t317 =  *_t257;
				_t258 = _t317;
				if (_t317 == _t364) goto 0x87d4ef63;
				goto 0x87d4e7a0;
				_t412 =  *((intOrPtr*)(_t258 + 0x18));
				_v680 = _t412;
				if (_t412 == 0) goto 0x87d4e7d7;
				asm("lock inc dword [esi+0x8]");
				_t413 =  *((intOrPtr*)(_t258 + 0x18));
				_v680 = _t413;
				_t313 = _v672;
				_t427 =  *((intOrPtr*)(_t258 + 0x10));
				_v624 = _t427;
				_v616 = _t413;
				0x87d65436();
				_v640 = _t407;
				0x87d65430();
				if (__eax != 0) goto 0x87d4efad;
				if ( *((intOrPtr*)(_t427 + 0xf0)) == 0) goto 0x87d4eef3;
				FlushFileBuffers(??);
				CloseHandle(??);
				E00007FF87FF887D4D4C0(_t258, _t313,  &_v384, _t427 + 0x40, _t413);
				E00007FF87FF887D4D4C0(_t258, _t313,  &_v416, _t427 + 0x60, _t413);
				_t260 =  >=  ? _v416 :  &_v416;
				_v160 =  >=  ? _v416 :  &_v416;
				_v152 = _v400;
				_t263 =  >=  ? _v384 :  &_v384;
				_v144 =  >=  ? _v384 :  &_v384;
				_v136 = _v368;
				_v600 = 0x1ce;
				_v592 =  &_v160;
				asm("movaps xmm0, [esp+0xa0]");
				asm("movdqa [esp+0xf0], xmm0");
				_v584 = "{}\\temp_{}";
				_v576 = 0xa;
				E00007FF87FF887D449B0(_t313,  &_v192, _t407, _t413);
				_t368 = _v392;
				if (_t368 - 0x10 < 0) goto 0x87d4e95f;
				if (_t368 + 1 - 0x1000 < 0) goto 0x87d4e95a;
				if (_v416 -  *((intOrPtr*)(_v416 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4e95a;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v400 = _t313;
				_v392 = 0xf;
				_v416 = 0;
				_t371 = _v360;
				if (_t371 - 0x10 < 0) goto 0x87d4e9c2;
				if (_t371 + 1 - 0x1000 < 0) goto 0x87d4e9bd;
				if (_v384 -  *((intOrPtr*)(_v384 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4e9bd;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v368 = _t313;
				_v360 = 0xf;
				_v384 = 0;
				E00007FF87FF887D4D4C0(_v384 -  *((intOrPtr*)(_v384 - 8)) + 0xfffffff8, _t313,  &_v320, _t427 + 0x40, _t413);
				E00007FF87FF887D4D4C0(_v384 -  *((intOrPtr*)(_v384 - 8)) + 0xfffffff8, _t313,  &_v352, _t427 + 0x60, _t413);
				_t274 =  >=  ? _v352 :  &_v352;
				_v128 =  >=  ? _v352 :  &_v352;
				_v120 = _v336;
				_t277 =  >=  ? _v320 :  &_v320;
				_v112 =  >=  ? _v320 :  &_v320;
				_v104 = _v304;
				_v568 = 0x1ce;
				_v560 =  &_v128;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movdqa [esp+0x100], xmm0");
				_v552 = "{}\\{}";
				_v544 = 5;
				E00007FF87FF887D449B0(_t313,  &_v256, _t407, _t413);
				_t377 = _v328;
				if (_t377 - 0x10 < 0) goto 0x87d4eb12;
				if (_t377 + 1 - 0x1000 < 0) goto 0x87d4eb0d;
				if (_v352 -  *((intOrPtr*)(_v352 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4eb0d;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v336 = _t313;
				_v328 = 0xf;
				_v352 = 0;
				_t380 = _v296;
				if (_t380 - 0x10 < 0) goto 0x87d4eb74;
				if (_t380 + 1 - 0x1000 < 0) goto 0x87d4eb6f;
				if (_v320 -  *((intOrPtr*)(_v320 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4eb6f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v304 = _t313;
				_v296 = 0xf;
				_v320 = 0;
				if ( *((intOrPtr*)(_t427 + 0x100)) == 0) goto 0x87d4eba2;
				DeleteDC(??);
				 *((long long*)(_t427 + 0xf0)) = _t313;
				 *((long long*)(_t427 + 0x100)) = _t313;
				 *((char*)(_t427 + 0xa1)) = 0;
				_v688 = _t313;
				E00007FF87FF887D4D4C0(_v320 -  *((intOrPtr*)(_v320 - 8)) + 0xfffffff8, _t313,  &_v224, _t427 + 0x80, _t413);
				_t385 =  >=  ? _v224 :  &_v224;
				E00007FF87FF887D53FF0(0, _t313,  &_v288,  >=  ? _v224 :  &_v224, _t413, _t416);
				_t340 =  >=  ? _v288 :  &_v288;
				r8d = 0;
				r15b = OpenPrinterW(??, ??, ??) > 0;
				_v696 = r15b;
				_t387 = _v264;
				if (_t387 - 8 < 0) goto 0x87d4ec76;
				if (2 + _t387 * 2 - 0x1000 < 0) goto 0x87d4ec71;
				if (_v288 -  *((intOrPtr*)(_v288 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4ec71;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v272 = _t313;
				_v264 = 7;
				_v288 = 0;
				_t390 = _v200;
				if (_t390 - 0x10 < 0) goto 0x87d4ecd8;
				if (_t390 + 1 - 0x1000 < 0) goto 0x87d4ecd3;
				if (_v224 -  *((intOrPtr*)(_v224 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4ecd3;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v664 = _v688;
				_v656 =  &_v688;
				E00007FF87FF887D4D4C0( &_v688, _t313,  &_v96, _t427 + 0x80, _t413);
				_v704 =  &_v696;
				_v712 =  &_v664;
				_v720 =  &_v656;
				_v728 =  &_v96;
				r8d = 0x210;
				E00007FF87FF887D4D2C0(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", _t416, "OpenPrinterW (\'{}\', {:#x} -> {:#x}, NULL) -> {}");
				_t395 = _v72;
				if (_t395 - 0x10 < 0) goto 0x87d4ed91;
				if (_t395 + 1 - 0x1000 < 0) goto 0x87d4ed8c;
				if (_v96 -  *((intOrPtr*)(_v96 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4ed8c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				if (r15b == 0) goto 0x87d4edc1;
				_v728 = 5;
				r9d = 0;
				r8d = 0;
				0x87d65406();
				CloseHandle(??);
				_v728 =  &_v192;
				r8d = 0x24d;
				E00007FF87FF887D45600(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "finalizing PCL \'{}\'");
				if (E00007FF87FF887D53F10( &_v192) == 0) goto 0x87d4efb5;
				if (E00007FF87FF887D53F10( &_v256) == 0) goto 0x87d4ee1f;
				E00007FF87FF887D52D50( &_v256);
				if (E00007FF87FF887D52DE0(0, _t313,  &_v192,  &_v256) == 0) goto 0x87d4efdd;
				_t414 = _v680;
				_t400 = _v232;
				if (_t400 - 0x10 < 0) goto 0x87d4ee90;
				if (_t400 + 1 - 0x1000 < 0) goto 0x87d4ee8b;
				if (_v256 -  *((intOrPtr*)(_v256 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4ee8b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v240 = _t313;
				_v232 = 0xf;
				_v256 = 0;
				_t403 = _v168;
				if (_t403 - 0x10 < 0) goto 0x87d4eef3;
				if (_t403 + 1 - 0x1000 < 0) goto 0x87d4eeed;
				if (_v192 -  *((intOrPtr*)(_v192 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4eeed;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				0x87d65436();
				if (_t414 == 0) goto 0x87d4ef2d;
				asm("lock xadd [esi+0x8], eax");
				if (0xffffffff != 1) goto 0x87d4ef2d;
				 *((intOrPtr*)( *_t414))();
				asm("lock xadd [esi+0xc], ebx");
				if (0xffffffff != 1) goto 0x87d4ef2d;
				return E00007FF87FF887D65E20( *((intOrPtr*)( *_t414 + 8))(), 1, _v32 ^ _t418);
			}



















































































                                                            0x7ff887d4e730
                                                            0x7ff887d4e730
                                                            0x7ff887d4e735
                                                            0x7ff887d4e73a
                                                            0x7ff887d4e745
                                                            0x7ff887d4e74c
                                                            0x7ff887d4e756
                                                            0x7ff887d4e764
                                                            0x7ff887d4e767
                                                            0x7ff887d4e770
                                                            0x7ff887d4e777
                                                            0x7ff887d4e77f
                                                            0x7ff887d4e786
                                                            0x7ff887d4e78c
                                                            0x7ff887d4e790
                                                            0x7ff887d4e796
                                                            0x7ff887d4e7a4
                                                            0x7ff887d4e7a6
                                                            0x7ff887d4e7a9
                                                            0x7ff887d4e7af
                                                            0x7ff887d4e7b5
                                                            0x7ff887d4e7b7
                                                            0x7ff887d4e7bb
                                                            0x7ff887d4e7c3
                                                            0x7ff887d4e7c5
                                                            0x7ff887d4e7c9
                                                            0x7ff887d4e7cd
                                                            0x7ff887d4e7d2
                                                            0x7ff887d4e7d7
                                                            0x7ff887d4e7db
                                                            0x7ff887d4e7e3
                                                            0x7ff887d4e7ee
                                                            0x7ff887d4e7f3
                                                            0x7ff887d4e7fb
                                                            0x7ff887d4e802
                                                            0x7ff887d4e812
                                                            0x7ff887d4e818
                                                            0x7ff887d4e825
                                                            0x7ff887d4e837
                                                            0x7ff887d4e849
                                                            0x7ff887d4e860
                                                            0x7ff887d4e869
                                                            0x7ff887d4e879
                                                            0x7ff887d4e892
                                                            0x7ff887d4e89b
                                                            0x7ff887d4e8ab
                                                            0x7ff887d4e8b3
                                                            0x7ff887d4e8c7
                                                            0x7ff887d4e8cf
                                                            0x7ff887d4e8d7
                                                            0x7ff887d4e8e7
                                                            0x7ff887d4e8ef
                                                            0x7ff887d4e913
                                                            0x7ff887d4e919
                                                            0x7ff887d4e925
                                                            0x7ff887d4e93c
                                                            0x7ff887d4e951
                                                            0x7ff887d4e953
                                                            0x7ff887d4e959
                                                            0x7ff887d4e95a
                                                            0x7ff887d4e961
                                                            0x7ff887d4e969
                                                            0x7ff887d4e975
                                                            0x7ff887d4e97c
                                                            0x7ff887d4e988
                                                            0x7ff887d4e99f
                                                            0x7ff887d4e9b4
                                                            0x7ff887d4e9b6
                                                            0x7ff887d4e9bc
                                                            0x7ff887d4e9bd
                                                            0x7ff887d4e9c2
                                                            0x7ff887d4e9ca
                                                            0x7ff887d4e9d6
                                                            0x7ff887d4e9ea
                                                            0x7ff887d4e9fc
                                                            0x7ff887d4ea13
                                                            0x7ff887d4ea1c
                                                            0x7ff887d4ea2c
                                                            0x7ff887d4ea45
                                                            0x7ff887d4ea4e
                                                            0x7ff887d4ea5e
                                                            0x7ff887d4ea66
                                                            0x7ff887d4ea7a
                                                            0x7ff887d4ea82
                                                            0x7ff887d4ea8a
                                                            0x7ff887d4ea9a
                                                            0x7ff887d4eaa2
                                                            0x7ff887d4eac6
                                                            0x7ff887d4eacc
                                                            0x7ff887d4ead8
                                                            0x7ff887d4eaef
                                                            0x7ff887d4eb04
                                                            0x7ff887d4eb06
                                                            0x7ff887d4eb0c
                                                            0x7ff887d4eb0d
                                                            0x7ff887d4eb12
                                                            0x7ff887d4eb1a
                                                            0x7ff887d4eb26
                                                            0x7ff887d4eb2e
                                                            0x7ff887d4eb3a
                                                            0x7ff887d4eb51
                                                            0x7ff887d4eb66
                                                            0x7ff887d4eb68
                                                            0x7ff887d4eb6e
                                                            0x7ff887d4eb6f
                                                            0x7ff887d4eb74
                                                            0x7ff887d4eb7c
                                                            0x7ff887d4eb88
                                                            0x7ff887d4eb9a
                                                            0x7ff887d4eb9c
                                                            0x7ff887d4eba2
                                                            0x7ff887d4eba9
                                                            0x7ff887d4ebb0
                                                            0x7ff887d4ebb8
                                                            0x7ff887d4ebcc
                                                            0x7ff887d4ebe3
                                                            0x7ff887d4ebf4
                                                            0x7ff887d4ec0a
                                                            0x7ff887d4ec13
                                                            0x7ff887d4ec22
                                                            0x7ff887d4ec26
                                                            0x7ff887d4ec2b
                                                            0x7ff887d4ec37
                                                            0x7ff887d4ec53
                                                            0x7ff887d4ec68
                                                            0x7ff887d4ec6a
                                                            0x7ff887d4ec70
                                                            0x7ff887d4ec71
                                                            0x7ff887d4ec76
                                                            0x7ff887d4ec7e
                                                            0x7ff887d4ec8a
                                                            0x7ff887d4ec92
                                                            0x7ff887d4ec9e
                                                            0x7ff887d4ecb5
                                                            0x7ff887d4ecca
                                                            0x7ff887d4eccc
                                                            0x7ff887d4ecd2
                                                            0x7ff887d4ecd3
                                                            0x7ff887d4ecdd
                                                            0x7ff887d4ece7
                                                            0x7ff887d4ecfb
                                                            0x7ff887d4ed06
                                                            0x7ff887d4ed10
                                                            0x7ff887d4ed1a
                                                            0x7ff887d4ed27
                                                            0x7ff887d4ed33
                                                            0x7ff887d4ed45
                                                            0x7ff887d4ed4b
                                                            0x7ff887d4ed57
                                                            0x7ff887d4ed6e
                                                            0x7ff887d4ed83
                                                            0x7ff887d4ed85
                                                            0x7ff887d4ed8b
                                                            0x7ff887d4ed8c
                                                            0x7ff887d4ed94
                                                            0x7ff887d4ed96
                                                            0x7ff887d4ed9e
                                                            0x7ff887d4eda1
                                                            0x7ff887d4edb0
                                                            0x7ff887d4edba
                                                            0x7ff887d4edc9
                                                            0x7ff887d4edd5
                                                            0x7ff887d4ede7
                                                            0x7ff887d4edfb
                                                            0x7ff887d4ee10
                                                            0x7ff887d4ee1a
                                                            0x7ff887d4ee36
                                                            0x7ff887d4ee45
                                                            0x7ff887d4ee4a
                                                            0x7ff887d4ee56
                                                            0x7ff887d4ee6d
                                                            0x7ff887d4ee82
                                                            0x7ff887d4ee84
                                                            0x7ff887d4ee8a
                                                            0x7ff887d4ee8b
                                                            0x7ff887d4ee90
                                                            0x7ff887d4ee98
                                                            0x7ff887d4eea4
                                                            0x7ff887d4eeac
                                                            0x7ff887d4eeb8
                                                            0x7ff887d4eecf
                                                            0x7ff887d4eee4
                                                            0x7ff887d4eee6
                                                            0x7ff887d4eeec
                                                            0x7ff887d4eeed
                                                            0x7ff887d4eef6
                                                            0x7ff887d4eeff
                                                            0x7ff887d4ef08
                                                            0x7ff887d4ef10
                                                            0x7ff887d4ef18
                                                            0x7ff887d4ef1a
                                                            0x7ff887d4ef22
                                                            0x7ff887d4ef5a

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$ExceptionThrow$C_error@std@@CloseHandleMtx_lockMtx_unlockThrow_$BuffersConcurrency::cancel_current_taskDeleteFileFlushOpenPrinter__std_exception_copymemmove
                                                            • String ID: OpenPrinterW ('{}', {:#x} -> {:#x}, NULL) -> {}$c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$couldn't rename file$file not found$finalizing PCL '{}'$port object {:#x} is not present in the list${}\temp_{}${}\{}
                                                            • API String ID: 2160768893-1265162037
                                                            • Opcode ID: d0ce80fdc264c9fdcbf34c2ca5b6d14abbee6b4f20cec9eca8de9f38f3b8e00d
                                                            • Instruction ID: 1d8c3eb8438c12be32cf5d70e8ae720c422f4d54c9458c3b87a248df8d3c112d
                                                            • Opcode Fuzzy Hash: d0ce80fdc264c9fdcbf34c2ca5b6d14abbee6b4f20cec9eca8de9f38f3b8e00d
                                                            • Instruction Fuzzy Hash: 55221972689BC691EAA0DB14E4843EE6375FB857A4F404332DA9E43AADDF7CD085C740
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D52420 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 260fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$C_error@std@@Mtx_lockMtx_unlockThrow_$ExceptionThrow$CloseFileHandleOpenPrinterWrite
                                                            • String ID: OpenPrinterW ('{}', {:#x} -> {:#x}, NULL) -> {}$c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$no file handle to write$port object {:#x} is not present in the list
                                                            • API String ID: 2224752147-625230079
                                                            • Opcode ID: bec96de1d5c64782ee2e06c121ecddc0c74bbb1cfe5fca5b33dcac675fce2d95
                                                            • Instruction ID: 7ba9794e4b94d1f640d1c6103c7b13b3f6acfa8f6c941f2f76d1931150f103bc
                                                            • Opcode Fuzzy Hash: bec96de1d5c64782ee2e06c121ecddc0c74bbb1cfe5fca5b33dcac675fce2d95
                                                            • Instruction Fuzzy Hash: 81B17D72B49A8286EB10DB65E4403AD6771FB447E8F504236EE9E07BADDF38E485C740
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D75590 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 250COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 25%
                                                            			E00007FF87FF887D75590(void* __ecx, void* __edx, long long __rbx, long long* __rcx, long long __rsi, long long __rbp, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed int _v56;
				char _v144;
				long long _v152;
				void* _t78;
				void* _t83;
				void* _t95;
				char _t100;
				signed long long _t109;
				intOrPtr* _t119;
				intOrPtr* _t121;
				intOrPtr* _t122;
				long long _t138;
				intOrPtr _t144;
				intOrPtr _t156;
				intOrPtr* _t157;
				intOrPtr _t160;
				intOrPtr* _t162;
				intOrPtr _t167;
				void* _t169;
				long long* _t174;
				long long _t175;
				intOrPtr _t176;
				intOrPtr _t177;

				_t78 = __ecx;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t109 =  *0x87d8ec78; // 0x522936145607
				_v56 = _t109 ^ _t169 - 0x00000090;
				_t174 = __rcx;
				 *__rcx = 0x87d7ef28;
				_t162 =  *((intOrPtr*)(__rcx + 0x38));
				_t167 =  *((intOrPtr*)(__rcx + 0x40));
				r13d = 0;
				_t83 = _t162 - _t167;
				if (_t83 == 0) goto 0x87d75744;
				asm("lock xadd [ecx], eax");
				asm("bt eax, 0x1e");
				if (_t83 < 0) goto 0x87d75611;
				if (0x80000000 - 0x80000000 <= 0) goto 0x87d75611;
				asm("lock bts dword [ecx], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x87d75611;
				E00007FF87FF887D5D940( *((intOrPtr*)(_t162 + 8)));
				SetEvent(??);
				_t176 =  *_t162;
				if ( *((intOrPtr*)(_t176 + 0x10)) == 0) goto 0x87d75737;
				E00007FF87FF887D76690( *((intOrPtr*)(_t176 + 0x10)), 0x87d7ef28, __rbx, _t176, _t162);
				if ( *((intOrPtr*)(_t176 + 0x10)) != 0) goto 0x87d75635;
				goto 0x87d75706;
				 *((intOrPtr*)(_t176 + 0x10)) = r13d;
				r8d = 0;
				ReleaseSemaphore(??, ??, ??);
				_t119 =  *((intOrPtr*)(_t176 + 0x18));
				_t156 =  *((intOrPtr*)(_t176 + 0x20));
				if (_t119 == _t156) goto 0x87d7567f;
				asm("o16 nop [eax+eax]");
				 *((char*)( *_t119 + 0x14)) = 1;
				r8d = 0;
				ReleaseSemaphore(??, ??, ??);
				if (_t119 + 8 != _t156) goto 0x87d75660;
				_t177 =  *((intOrPtr*)(_t176 + 0x20));
				_t157 =  *((intOrPtr*)(_t176 + 0x18));
				if (_t157 == _t177) goto 0x87d756ea;
				_t121 =  *_t157;
				if (_t121 == 0) goto 0x87d756dd;
				asm("lock xadd [ebx+0x18], eax");
				if (0xffffffff != 1) goto 0x87d756dd;
				if ( *((intOrPtr*)(_t121 + 8)) - 1 - 0xfffffffd > 0) goto 0x87d756bc;
				CloseHandle(??);
				if ( *_t121 - 1 - 0xfffffffd > 0) goto 0x87d756d0;
				CloseHandle(??);
				E00007FF87FF887D656E4();
				if (_t157 + 8 != _t177) goto 0x87d75690;
				 *((long long*)(_t176 + 0x20)) =  *((intOrPtr*)(_t176 + 0x18));
				_t95 =  *((intOrPtr*)(_t176 + 0x30)) - 1 - 0xfffffffd;
				if (_t95 > 0) goto 0x87d75702;
				CloseHandle(??);
				 *((long long*)(_t176 + 0x30)) = _t175;
				asm("lock inc ecx");
				asm("bt eax, 0x1e");
				if (_t95 < 0) goto 0x87d75737;
				if (0x80000000 - 0x80000000 <= 0) goto 0x87d75737;
				asm("lock inc ecx");
				if (0x80000000 - 0x80000000 < 0) goto 0x87d75737;
				E00007FF87FF887D5D940(_t176);
				SetEvent(??);
				if (_t162 + 0x10 != _t167) goto 0x87d755e2;
				_t122 =  *((intOrPtr*)(_t174 + 0x50));
				_t160 =  *((intOrPtr*)(_t174 + 0x58));
				if (_t122 == _t160) goto 0x87d757c6;
				_t138 =  *_t122 + 0x30;
				_v152 = _t138;
				_v144 = 0;
				if (_t138 == 0) goto 0x87d7588b;
				E00007FF87FF887D76690(_t138,  *((intOrPtr*)(_t176 + 0x30)) - 1, _t122, _t138,  *_t122);
				_v144 = 1;
				E00007FF87FF887D767A0();
				_t100 = _v144;
				if (_t100 == 0) goto 0x87d757bd;
				asm("lock xadd [ecx], eax");
				asm("bt eax, 0x1e");
				if (_t100 < 0) goto 0x87d757bd;
				if (0x80000000 - 0x80000000 <= 0) goto 0x87d757bd;
				asm("lock bts dword [ecx], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x87d757bd;
				E00007FF87FF887D5D940(_v152);
				SetEvent(??);
				if (_t122 + 0x10 != _t160) goto 0x87d75753;
				if ( *((intOrPtr*)(_t174 + 0x68)) - 1 - 0xfffffffd > 0) goto 0x87d757dc;
				CloseHandle(??);
				E00007FF87FF887D693E0(_t174 + 0x50);
				_t144 =  *((intOrPtr*)(_t174 + 0x38));
				if (_t144 == 0) goto 0x87d75832;
				if (( *((intOrPtr*)(_t174 + 0x48)) - _t144 & 0xfffffff0) - 0x1000 < 0) goto 0x87d7581d;
				if (_t144 -  *((intOrPtr*)(_t144 - 8)) - 8 - 0x1f > 0) goto 0x87d75884;
				E00007FF87FF887D656E4();
				 *((long long*)(_t174 + 0x38)) = _t175;
				 *((long long*)(_t174 + 0x40)) = _t175;
				 *((long long*)(_t174 + 0x48)) = _t175;
				E00007FF87FF887D752C0(0x20, _t122 + 0x10, _t174 + 0x28);
				if ( *((intOrPtr*)(_t174 + 0x10)) - 1 - 0xfffffffd > 0) goto 0x87d75853;
				return E00007FF87FF887D65E20(CloseHandle(??), _t78, _v56 ^ _t169 - 0x00000090);
			}



























                                                            0x7ff887d75590
                                                            0x7ff887d75590
                                                            0x7ff887d75595
                                                            0x7ff887d7559a
                                                            0x7ff887d755af
                                                            0x7ff887d755b9
                                                            0x7ff887d755c1
                                                            0x7ff887d755cb
                                                            0x7ff887d755ce
                                                            0x7ff887d755d2
                                                            0x7ff887d755d6
                                                            0x7ff887d755d9
                                                            0x7ff887d755dc
                                                            0x7ff887d755eb
                                                            0x7ff887d755ef
                                                            0x7ff887d755f3
                                                            0x7ff887d755fa
                                                            0x7ff887d755fc
                                                            0x7ff887d75601
                                                            0x7ff887d75603
                                                            0x7ff887d7560b
                                                            0x7ff887d75611
                                                            0x7ff887d7561a
                                                            0x7ff887d75623
                                                            0x7ff887d7562e
                                                            0x7ff887d75630
                                                            0x7ff887d75635
                                                            0x7ff887d75639
                                                            0x7ff887d75640
                                                            0x7ff887d75646
                                                            0x7ff887d7564a
                                                            0x7ff887d75651
                                                            0x7ff887d75657
                                                            0x7ff887d75666
                                                            0x7ff887d7566a
                                                            0x7ff887d75670
                                                            0x7ff887d7567d
                                                            0x7ff887d7567f
                                                            0x7ff887d75683
                                                            0x7ff887d7568a
                                                            0x7ff887d75690
                                                            0x7ff887d75696
                                                            0x7ff887d7569d
                                                            0x7ff887d756a5
                                                            0x7ff887d756b3
                                                            0x7ff887d756b5
                                                            0x7ff887d756c7
                                                            0x7ff887d756c9
                                                            0x7ff887d756d8
                                                            0x7ff887d756e4
                                                            0x7ff887d756ea
                                                            0x7ff887d756f6
                                                            0x7ff887d756fa
                                                            0x7ff887d756fc
                                                            0x7ff887d75702
                                                            0x7ff887d7570b
                                                            0x7ff887d75710
                                                            0x7ff887d75714
                                                            0x7ff887d7571b
                                                            0x7ff887d7571d
                                                            0x7ff887d75723
                                                            0x7ff887d75728
                                                            0x7ff887d75730
                                                            0x7ff887d7573e
                                                            0x7ff887d75744
                                                            0x7ff887d75749
                                                            0x7ff887d75751
                                                            0x7ff887d75756
                                                            0x7ff887d7575a
                                                            0x7ff887d7575f
                                                            0x7ff887d75767
                                                            0x7ff887d7576d
                                                            0x7ff887d75772
                                                            0x7ff887d7577f
                                                            0x7ff887d75785
                                                            0x7ff887d7578a
                                                            0x7ff887d75796
                                                            0x7ff887d7579a
                                                            0x7ff887d7579e
                                                            0x7ff887d757a5
                                                            0x7ff887d757a7
                                                            0x7ff887d757ac
                                                            0x7ff887d757ae
                                                            0x7ff887d757b6
                                                            0x7ff887d757c4
                                                            0x7ff887d757d3
                                                            0x7ff887d757d5
                                                            0x7ff887d757e1
                                                            0x7ff887d757e6
                                                            0x7ff887d757ee
                                                            0x7ff887d75803
                                                            0x7ff887d75818
                                                            0x7ff887d7581d
                                                            0x7ff887d75823
                                                            0x7ff887d75828
                                                            0x7ff887d7582d
                                                            0x7ff887d75837
                                                            0x7ff887d7584a
                                                            0x7ff887d75883

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: CloseHandle$Event$ReleaseSemaphore$Create__std_exception_destroy_invalid_parameter_noinfo_noreturnstd::bad_exception::bad_exception
                                                            • String ID: boost unique_lock has no mutex
                                                            • API String ID: 1979981141-1332336223
                                                            • Opcode ID: b1e33c968da0e301f0dc29320e21d6ab030312b58868281888e10f00e01fd81a
                                                            • Instruction ID: c14043d47e1595e68943faab442b77ff7c71e90b42883c37144b8ab63bd9889e
                                                            • Opcode Fuzzy Hash: b1e33c968da0e301f0dc29320e21d6ab030312b58868281888e10f00e01fd81a
                                                            • Instruction Fuzzy Hash: E8B1AC22A89A8286EA50DB25E44877D23B4FB45BE8F544331CA6F477E9DF3CE485C341
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D492D0 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 266COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 72%
                                                            			E00007FF87FF887D492D0(long long __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi) {
				void* _t20;
				void* _t21;
				intOrPtr _t38;
				long long _t55;
				long long _t62;
				unsigned long long _t63;
				void* _t66;
				void* _t70;
				void* _t71;

				_t34 = __rax;
				 *((long long*)(_t66 + 8)) = __rbx;
				 *((long long*)(_t66 + 0x10)) = _t62;
				 *((long long*)(_t66 + 0x18)) = __rsi;
				 *((long long*)(_t66 + 0x20)) = __rdi;
				_t63 =  *((intOrPtr*)(__rcx + 0x18));
				_t71 = __rcx;
				_t38 =  *((intOrPtr*)(__rcx + 8));
				_t55 =  >  ? __rdx : (_t63 >> 1) + _t63;
				if (_t55 - 0x1000 < 0) goto 0x87d49337;
				if (_t55 + 0x27 - _t55 <= 0) goto 0x87d493b9;
				_t21 = E00007FF87FF887D656A8(_t20, __rax, _t55 + 0x27);
				if (__rax == 0) goto 0x87d493b2;
				_t8 = _t34 + 0x27; // 0x27
				 *((long long*)((_t8 & 0xffffffe0) - 8)) = __rax;
				goto 0x87d4934b;
				if (_t55 == 0) goto 0x87d49349;
				E00007FF87FF887D656A8(_t21, __rax, _t55);
				goto 0x87d4934b;
				memmove(_t70, ??);
				 *((long long*)(_t71 + 8)) = __rax;
				 *((long long*)(_t71 + 0x18)) = _t55;
				if (_t38 == _t71 + 0x20) goto 0x87d49397;
				if (_t63 - 0x1000 < 0) goto 0x87d4938c;
				if (_t38 -  *((intOrPtr*)(_t38 - 8)) - 8 - 0x1f > 0) goto 0x87d493b2;
				return E00007FF87FF887D656E4();
			}












                                                            0x7ff887d492d0
                                                            0x7ff887d492d0
                                                            0x7ff887d492d5
                                                            0x7ff887d492da
                                                            0x7ff887d492df
                                                            0x7ff887d492ea
                                                            0x7ff887d492ee
                                                            0x7ff887d492f1
                                                            0x7ff887d49301
                                                            0x7ff887d4930c
                                                            0x7ff887d49315
                                                            0x7ff887d4931b
                                                            0x7ff887d49323
                                                            0x7ff887d49329
                                                            0x7ff887d49331
                                                            0x7ff887d49335
                                                            0x7ff887d4933a
                                                            0x7ff887d4933f
                                                            0x7ff887d49347
                                                            0x7ff887d49355
                                                            0x7ff887d4935e
                                                            0x7ff887d49362
                                                            0x7ff887d49369
                                                            0x7ff887d49372
                                                            0x7ff887d49387
                                                            0x7ff887d493b1

                                                            APIs
                                                            • memmove.VCRUNTIME140 ref: 00007FF887D49355
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D493B2
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887D493B9
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D494A6
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D49554
                                                              • Part of subcall function 00007FF887D656A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887D48F4E), ref: 00007FF887D656C2
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D495B3
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4962E
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4968D
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D496E1
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskmallocmemmove
                                                            • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_addport '{}', {:#x}, '{}'$system
                                                            • API String ID: 2599383951-1193261317
                                                            • Opcode ID: 4935a0c16d97e0630a2bf55e0609a616481e8775f26f51872745fbdf5378563e
                                                            • Instruction ID: cb91d838c714662381cded782c6de434a1c5c0f48f5f6158dc61bfbcaf789b17
                                                            • Opcode Fuzzy Hash: 4935a0c16d97e0630a2bf55e0609a616481e8775f26f51872745fbdf5378563e
                                                            • Instruction Fuzzy Hash: 11B1B462A8968181EA50DB66E44837E6371FB95BE0F504731EAAE17BDDDF7CE480C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D507D0 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 168registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 23%
                                                            			E00007FF87FF887D507D0(long long __rbx, long long __rcx, long long __rdi, long long __rsi, long long _a16, long long _a24, long long _a32) {
				void* _v8;
				signed int _v16;
				signed long long _v24;
				intOrPtr _v32;
				char _v48;
				long long _v56;
				long long _v64;
				char _v80;
				char _v88;
				intOrPtr _v96;
				long long _v104;
				void* __rbp;
				long _t58;
				void* _t74;
				signed long long _t100;
				void* _t143;
				signed long long _t144;
				long long _t150;
				long long _t156;
				signed long long _t161;
				long long _t165;
				intOrPtr* _t166;
				long long _t168;
				void* _t171;

				_t168 = __rsi;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t100 =  *0x87d8ec78; // 0x522936145607
				_v16 = _t100 ^ _t171 - 0x00000080;
				_t165 = __rcx;
				_v88 = __rsi;
				if ( *((long long*)(__rcx + 0x18)) - 0x10 < 0) goto 0x87d5080e;
				E00007FF87FF887D53FF0(_t74, __rbx,  &_v48,  *((intOrPtr*)(__rcx)), __rsi, _t171);
				_t143 =  >=  ? _v48 :  &_v48;
				_v104 =  &_v88;
				r9d = 0x2001b;
				r8d = 0;
				_t58 = RegOpenKeyExW(??, ??, ??, ??, ??);
				_t144 = _v24;
				if (_t144 - 8 < 0) goto 0x87d50889;
				if (2 + _t144 * 2 - 0x1000 < 0) goto 0x87d50884;
				if (_v48 -  *((intOrPtr*)(_v48 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d50884;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				if (_t58 == 0) goto 0x87d508b5;
				_v104 = _t165;
				r8d = 0x229;
				E00007FF87FF887D45600(4, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t open registry key \'HKLM\\{}\'");
				goto 0x87d50a63;
				_t166 =  *((intOrPtr*)(_t165 + 0x60));
				_t117 =  *_t166;
				if ( *_t166 == _t166) goto 0x87d50a59;
				E00007FF87FF887D4D4C0(_v48 -  *((intOrPtr*)(_v48 - 8)) + 0xfffffff8,  *_t166,  &_v80,  *((intOrPtr*)( *_t166 + 0x10)), _t168);
				_v104 =  &_v80;
				r8d = 0x22d;
				E00007FF87FF887D45600(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "set \'name\' value to \'{}\'");
				_t150 = _v56;
				if (_t150 - 0x10 < 0) goto 0x87d50936;
				if (_t150 + 1 - 0x1000 < 0) goto 0x87d50931;
				if (_v80 -  *((intOrPtr*)(_v80 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87d50a44;
				E00007FF87FF887D656E4();
				E00007FF87FF887D4D4C0(_v80 -  *((intOrPtr*)(_v80 - 8)) + 0xfffffff8,  *_t166,  &_v80,  *((intOrPtr*)( *_t166 + 0x10)), _t168);
				_t155 =  >=  ? _v80 :  &_v80;
				E00007FF87FF887D53FF0(_t58, _t117,  &_v48,  >=  ? _v80 :  &_v80, _t168, _t171);
				_t156 = _v56;
				if (_t156 - 0x10 < 0) goto 0x87d50997;
				if (_t156 + 1 - 0x1000 < 0) goto 0x87d50992;
				if (_v80 -  *((intOrPtr*)(_v80 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87d50a4b;
				E00007FF87FF887D656E4();
				_v64 = _t168;
				_v56 = 0xf;
				_v80 = 0;
				_t133 =  >=  ? _v48 :  &_v48;
				_v96 = _v32 + _v32;
				_v104 =  >=  ? _v48 :  &_v48;
				r9d = 1;
				r8d = 0;
				if (RegSetValueExW(??, ??, ??, ??, ??, ??) == 0) goto 0x87d50a00;
				r8d = 0x232;
				E00007FF87FF887D452D0(4, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t set \'name\' value for key");
				_t161 = _v24;
				if (_t161 - 8 < 0) goto 0x87d50a3c;
				if (2 + _t161 * 2 - 0x1000 < 0) goto 0x87d50a37;
				if (_v48 -  *((intOrPtr*)(_v48 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87d50a52;
				E00007FF87FF887D656E4();
				goto 0x87d508bc;
				__imp___invalid_parameter_noinfo_noreturn();
				__imp___invalid_parameter_noinfo_noreturn();
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887D65E20(RegCloseKey(??), 4, _v16 ^ _t171 - 0x00000080);
			}



























                                                            0x7ff887d507d0
                                                            0x7ff887d507d0
                                                            0x7ff887d507d5
                                                            0x7ff887d507da
                                                            0x7ff887d507ea
                                                            0x7ff887d507f4
                                                            0x7ff887d507f8
                                                            0x7ff887d507fd
                                                            0x7ff887d50809
                                                            0x7ff887d50812
                                                            0x7ff887d50820
                                                            0x7ff887d50829
                                                            0x7ff887d5082e
                                                            0x7ff887d50834
                                                            0x7ff887d5083e
                                                            0x7ff887d50846
                                                            0x7ff887d5084e
                                                            0x7ff887d50866
                                                            0x7ff887d5087b
                                                            0x7ff887d5087d
                                                            0x7ff887d50883
                                                            0x7ff887d50884
                                                            0x7ff887d5088b
                                                            0x7ff887d5088d
                                                            0x7ff887d50899
                                                            0x7ff887d508ab
                                                            0x7ff887d508b0
                                                            0x7ff887d508b5
                                                            0x7ff887d508b9
                                                            0x7ff887d508bf
                                                            0x7ff887d508cd
                                                            0x7ff887d508d7
                                                            0x7ff887d508e3
                                                            0x7ff887d508f5
                                                            0x7ff887d508fb
                                                            0x7ff887d50903
                                                            0x7ff887d50916
                                                            0x7ff887d5092b
                                                            0x7ff887d50931
                                                            0x7ff887d5093e
                                                            0x7ff887d5094d
                                                            0x7ff887d50956
                                                            0x7ff887d5095c
                                                            0x7ff887d50964
                                                            0x7ff887d50977
                                                            0x7ff887d5098c
                                                            0x7ff887d50992
                                                            0x7ff887d50997
                                                            0x7ff887d5099b
                                                            0x7ff887d509a3
                                                            0x7ff887d509b5
                                                            0x7ff887d509ba
                                                            0x7ff887d509be
                                                            0x7ff887d509c3
                                                            0x7ff887d509c9
                                                            0x7ff887d509df
                                                            0x7ff887d509e8
                                                            0x7ff887d509fa
                                                            0x7ff887d50a00
                                                            0x7ff887d50a08
                                                            0x7ff887d50a20
                                                            0x7ff887d50a35
                                                            0x7ff887d50a37
                                                            0x7ff887d50a3f
                                                            0x7ff887d50a44
                                                            0x7ff887d50a4b
                                                            0x7ff887d50a52
                                                            0x7ff887d50a58
                                                            0x7ff887d50a87

                                                            APIs
                                                            • RegOpenKeyExW.ADVAPI32 ref: 00007FF887D5083E
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D5087D
                                                            • RegCloseKey.ADVAPI32 ref: 00007FF887D50A5D
                                                              • Part of subcall function 00007FF887D45600: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4574B
                                                              • Part of subcall function 00007FF887D45600: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D45792
                                                            • RegSetValueExW.ADVAPI32 ref: 00007FF887D509D7
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D50A44
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D50A4B
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D50A52
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$CloseOpenValue
                                                            • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$couldn't open registry key 'HKLM\{}'$couldn't set 'name' value for key$name$set 'name' value to '{}'
                                                            • API String ID: 31251203-1549987888
                                                            • Opcode ID: f213333980d3473a6b08d39c654d3b2c1dc675a5dbd0e615af430c2f992845d7
                                                            • Instruction ID: 83176a228cae025c1da8f707d63d0c285823f2bb2bdf1db5be712958d2006c2a
                                                            • Opcode Fuzzy Hash: f213333980d3473a6b08d39c654d3b2c1dc675a5dbd0e615af430c2f992845d7
                                                            • Instruction Fuzzy Hash: B8714662B95A8289FB10DBA5D4447AC2371FB48BE8F445332DA6E13ADDDF78E085C340
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D4F6B0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 277COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 31%
                                                            			E00007FF87FF887D4F6B0(void* __edi, void* __esi, long long __rbx, signed int __rcx, long long __rdx, intOrPtr* __r8) {
				void* __rsi;
				void* __rbp;
				void* __r14;
				void* _t89;
				signed char _t110;
				void* _t115;
				signed long long _t146;
				intOrPtr _t149;
				long long _t163;
				intOrPtr _t183;
				intOrPtr _t217;
				intOrPtr _t220;
				void* _t229;
				void* _t233;
				int _t236;
				long long _t238;
				int _t240;
				void* _t241;
				void* _t243;
				signed long long _t244;
				intOrPtr _t249;
				void* _t251;
				void* _t257;
				void* _t258;
				char* _t259;
				int _t261;
				intOrPtr _t262;
				int _t265;
				void* _t267;
				intOrPtr _t268;
				long long _t269;

				 *((long long*)(_t243 + 8)) = __rbx;
				_t241 = _t243 - 0xb0;
				_t244 = _t243 - 0x1b0;
				_t146 =  *0x87d8ec78; // 0x522936145607
				 *(_t241 + 0xa0) = _t146 ^ _t244;
				_t179 = __r8;
				_t259 = __rdx;
				 *((long long*)(_t244 + 0x30)) = __rdx;
				r15d = 0;
				 *(_t244 + 0x20) = r15d;
				_t149 =  *((intOrPtr*)( *[gs:0x58] + __rcx * 8));
				_t115 =  *0x87d91ac4 -  *((intOrPtr*)(__rdx + _t149)); // 0x0
				if (_t115 > 0) goto 0x87d4fabc;
				if ( *((long long*)(__r8 + 0x18)) - 0x10 < 0) goto 0x87d4f72b;
				if ( *((intOrPtr*)(__r8 + 0x10)) == 0) goto 0x87d4f763;
				_t89 = memchr(_t267, _t265, _t261);
				if (_t149 == 0) goto 0x87d4f763;
				_t150 = _t149 -  *__r8;
				if (_t149 -  *__r8 == 0xffffffff) goto 0x87d4f763;
				E00007FF87FF887D53170(_t89, __r8, _t241 + 0x80, __r8, _t236, _t258);
				r14d = 1;
				goto 0x87d4f776;
				E00007FF87FF887D4D4C0(_t149 -  *__r8, __r8, _t241 + 0x40, __r8, _t236);
				r14d = 2;
				 *(_t244 + 0x20) = r14d;
				E00007FF87FF887D4D4C0(_t150, _t179, _t241 + 0x60, _t150, _t236);
				if ((r14b & 0x00000002) == 0) goto 0x87d4f7e0;
				r14d = r14d & 0xfffffffd;
				_t217 =  *((intOrPtr*)(_t241 + 0x58));
				if (_t217 - 0x10 < 0) goto 0x87d4f7d0;
				if (_t217 + 1 - 0x1000 < 0) goto 0x87d4f7cb;
				if ( *((intOrPtr*)(_t241 + 0x40)) -  *((intOrPtr*)( *((intOrPtr*)(_t241 + 0x40)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4f7cb;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				 *(_t241 + 0x50) = _t267;
				 *((long long*)(_t241 + 0x58)) = 0xf;
				 *((char*)(_t241 + 0x40)) = 0;
				if ((r14b & 0x00000001) == 0) goto 0x87d4f847;
				r14d = r14d & 0xfffffffe;
				_t220 =  *((intOrPtr*)(_t241 + 0x98));
				if (_t220 - 0x10 < 0) goto 0x87d4f82e;
				if (_t220 + 1 - 0x1000 < 0) goto 0x87d4f829;
				if ( *((intOrPtr*)(_t241 + 0x80)) -  *((intOrPtr*)( *((intOrPtr*)(_t241 + 0x80)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4f829;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				 *(_t241 + 0x90) = _t267;
				 *((long long*)(_t241 + 0x98)) = 0xf;
				 *((char*)(_t241 + 0x80)) = 0;
				 *((long long*)(_t244 + 0x40)) = 0x87d7c490;
				 *((long long*)(_t244 + 0x50)) = 0x87d7c498;
				__imp__??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ();
				r14d = r14d | 0x00000008;
				 *(_t244 + 0x20) = r14d;
				r8d = 0;
				__imp__??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z();
				 *((long long*)(_t244 +  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) + 0x40)) = 0x87d7c488;
				 *((intOrPtr*)(_t244 +  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) + 0x3c)) =  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) - 0x98;
				__imp__??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ();
				 *((long long*)(_t244 + 0x58)) = 0x87d7c408;
				 *(_t241 - 0x40) = _t267;
				 *(_t241 - 0x38) = r15d;
				_t262 =  *((intOrPtr*)(_t241 + 0x60));
				_t233 =  >=  ? _t262 : _t241 + 0x60;
				_t200 =  >=  ? _t262 : _t241 + 0x60;
				_t238 =  *((intOrPtr*)(_t241 + 0x70)) + ( >=  ? _t262 : _t241 + 0x60);
				 *((long long*)(_t244 + 0x28)) = _t238;
				if (_t233 == _t238) goto 0x87d4f980;
				_t268 =  *0x87d8e010; // 0x9
				_t163 = _t238;
				if (sil - 0x20 < 0) goto 0x87d4f96a;
				_t182 =  >=  ?  *0x87d8e000 : 0x87d8e000;
				if (_t268 == 0) goto 0x87d4f950;
				memchr(_t229, _t236, _t240);
				if (_t163 == 0) goto 0x87d4f950;
				if (_t163 - 0x87d8e000 != 0xffffffff) goto 0x87d4f965;
				E00007FF87FF887D4C670(sil & 0xffffffff,  >=  ?  *0x87d8e000 : 0x87d8e000, _t244 + 0x50);
				_t269 =  *0x87d8e010; // 0x9
				if (_t233 + 1 !=  *((intOrPtr*)(_t244 + 0x28))) goto 0x87d4f910;
				_t110 =  *(_t241 - 0x38);
				_t257 =  *(_t241 - 0x40);
				_t183 =  *((intOrPtr*)(_t241 + 0x78));
				r15d = 0;
				 *_t259 = _t269;
				 *((long long*)(_t259 + 0x10)) = _t269;
				 *((long long*)(_t259 + 0x18)) = 0xf;
				 *_t259 = 0;
				r14d = r14d | 0x00000020;
				 *(_t244 + 0x20) = r14d;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp+0x40], xmm0");
				if ((_t110 & 0x00000022) == 2) goto 0x87d4f9cf;
				_t249 =  *((intOrPtr*)( *((intOrPtr*)(_t241 - 0x68))));
				if (_t249 == 0) goto 0x87d4f9cf;
				_t250 =  <  ? _t257 : _t249;
				_t251 = ( <  ? _t257 : _t249) -  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x78))));
				goto 0x87d4f9ff;
				if ((_t110 & 0x00000004) != 0) goto 0x87d4f9f7;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t241 - 0x70)))) == 0) goto 0x87d4f9f7;
				goto 0x87d4f9ff;
				if ( *((intOrPtr*)(_t241 + 0x40)) == 0) goto 0x87d4fa0d;
				E00007FF87FF887D49100(_t183, _t259,  *((intOrPtr*)(_t241 + 0x40)),  *((intOrPtr*)(_t241 + 0x48)), _t265);
				 *((long long*)(_t244 +  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) + 0x40)) = 0x87d7c488;
				 *((intOrPtr*)(_t244 +  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) + 0x3c)) =  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) - 0x98;
				E00007FF87FF887D4D8F0();
				__imp__??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ();
				__imp__??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ();
				if (_t183 - 0x10 < 0) goto 0x87d4fa8f;
				if (_t183 + 1 - 0x1000 < 0) goto 0x87d4fa87;
				if (_t262 -  *((intOrPtr*)(_t262 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4fa87;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887D65E20(E00007FF87FF887D656E4(), _t103,  *(_t241 + 0xa0) ^ _t244);
			}


































                                                            0x7ff887d4f6b0
                                                            0x7ff887d4f6c0
                                                            0x7ff887d4f6c8
                                                            0x7ff887d4f6cf
                                                            0x7ff887d4f6d9
                                                            0x7ff887d4f6e0
                                                            0x7ff887d4f6e3
                                                            0x7ff887d4f6e6
                                                            0x7ff887d4f6eb
                                                            0x7ff887d4f6ee
                                                            0x7ff887d4f707
                                                            0x7ff887d4f70e
                                                            0x7ff887d4f714
                                                            0x7ff887d4f726
                                                            0x7ff887d4f72e
                                                            0x7ff887d4f738
                                                            0x7ff887d4f740
                                                            0x7ff887d4f742
                                                            0x7ff887d4f749
                                                            0x7ff887d4f755
                                                            0x7ff887d4f75b
                                                            0x7ff887d4f761
                                                            0x7ff887d4f76a
                                                            0x7ff887d4f770
                                                            0x7ff887d4f776
                                                            0x7ff887d4f782
                                                            0x7ff887d4f78c
                                                            0x7ff887d4f78e
                                                            0x7ff887d4f792
                                                            0x7ff887d4f79a
                                                            0x7ff887d4f7ad
                                                            0x7ff887d4f7c2
                                                            0x7ff887d4f7c4
                                                            0x7ff887d4f7ca
                                                            0x7ff887d4f7cb
                                                            0x7ff887d4f7d0
                                                            0x7ff887d4f7d4
                                                            0x7ff887d4f7dc
                                                            0x7ff887d4f7e4
                                                            0x7ff887d4f7e6
                                                            0x7ff887d4f7ea
                                                            0x7ff887d4f7f5
                                                            0x7ff887d4f80b
                                                            0x7ff887d4f820
                                                            0x7ff887d4f822
                                                            0x7ff887d4f828
                                                            0x7ff887d4f829
                                                            0x7ff887d4f82e
                                                            0x7ff887d4f835
                                                            0x7ff887d4f840
                                                            0x7ff887d4f84e
                                                            0x7ff887d4f85a
                                                            0x7ff887d4f863
                                                            0x7ff887d4f86a
                                                            0x7ff887d4f86e
                                                            0x7ff887d4f873
                                                            0x7ff887d4f880
                                                            0x7ff887d4f897
                                                            0x7ff887d4f8ab
                                                            0x7ff887d4f8b4
                                                            0x7ff887d4f8c1
                                                            0x7ff887d4f8c9
                                                            0x7ff887d4f8d0
                                                            0x7ff887d4f8d7
                                                            0x7ff887d4f8e3
                                                            0x7ff887d4f8eb
                                                            0x7ff887d4f8f3
                                                            0x7ff887d4f8f6
                                                            0x7ff887d4f8fe
                                                            0x7ff887d4f904
                                                            0x7ff887d4f90b
                                                            0x7ff887d4f917
                                                            0x7ff887d4f928
                                                            0x7ff887d4f933
                                                            0x7ff887d4f93d
                                                            0x7ff887d4f945
                                                            0x7ff887d4f94e
                                                            0x7ff887d4f959
                                                            0x7ff887d4f95e
                                                            0x7ff887d4f970
                                                            0x7ff887d4f972
                                                            0x7ff887d4f975
                                                            0x7ff887d4f979
                                                            0x7ff887d4f97d
                                                            0x7ff887d4f980
                                                            0x7ff887d4f984
                                                            0x7ff887d4f989
                                                            0x7ff887d4f992
                                                            0x7ff887d4f997
                                                            0x7ff887d4f99b
                                                            0x7ff887d4f9a0
                                                            0x7ff887d4f9a3
                                                            0x7ff887d4f9ad
                                                            0x7ff887d4f9b3
                                                            0x7ff887d4f9b9
                                                            0x7ff887d4f9c6
                                                            0x7ff887d4f9ca
                                                            0x7ff887d4f9cd
                                                            0x7ff887d4f9d2
                                                            0x7ff887d4f9de
                                                            0x7ff887d4f9f5
                                                            0x7ff887d4fa02
                                                            0x7ff887d4fa07
                                                            0x7ff887d4fa1d
                                                            0x7ff887d4fa31
                                                            0x7ff887d4fa3a
                                                            0x7ff887d4fa44
                                                            0x7ff887d4fa4e
                                                            0x7ff887d4fa59
                                                            0x7ff887d4fa69
                                                            0x7ff887d4fa7e
                                                            0x7ff887d4fa80
                                                            0x7ff887d4fa86
                                                            0x7ff887d4fabb

                                                            APIs
                                                            • memchr.VCRUNTIME140 ref: 00007FF887D4F738
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4F7C4
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4F822
                                                            • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF887D4F863
                                                            • ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140 ref: 00007FF887D4F880
                                                            • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF887D4F8B4
                                                            • memchr.VCRUNTIME140 ref: 00007FF887D4F93D
                                                            • ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF887D4FA44
                                                            • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF887D4FA4E
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4FA80
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: U?$char_traits@$D@std@@@std@@$_invalid_parameter_noinfo_noreturn$memchr$??0?$basic_ios@??0?$basic_iostream@??0?$basic_streambuf@??1?$basic_ios@??1?$basic_iostream@D@std@@@1@@V?$basic_streambuf@
                                                            • String ID: monitor_closeport {:#x}
                                                            • API String ID: 4289661960-2839211239
                                                            • Opcode ID: c82c8cd502e6721fab7b8271672f7f60528b4d1c490a7fec126fe6135d168e8b
                                                            • Instruction ID: e6cec3ba16c96555d26697ea710bf98befde1be293f679e945f17c008a787175
                                                            • Opcode Fuzzy Hash: c82c8cd502e6721fab7b8271672f7f60528b4d1c490a7fec126fe6135d168e8b
                                                            • Instruction Fuzzy Hash: 34C15D62A88A8285EB508F25E8443AD3771FB45BE8F544731DA9E17BADDF3CE485C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D43FD0 Relevance: 18.4, APIs: 5, Strings: 7, Instructions: 418COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 21%
                                                            			E00007FF87FF887D43FD0() {
				void* _t109;
				signed int _t119;
				void* _t120;
				signed int _t123;
				void* _t127;
				signed int _t129;
				signed int _t138;
				void* _t172;
				signed long long _t186;
				signed long long _t187;
				long long _t188;
				intOrPtr* _t189;
				long long _t190;
				long long _t192;
				intOrPtr* _t195;
				intOrPtr* _t196;
				long long _t200;
				intOrPtr* _t203;
				long long _t204;
				long long _t206;
				signed long long _t208;
				signed long long _t209;
				long long* _t211;
				signed long long _t212;
				signed char* _t216;
				signed char* _t217;
				void* _t218;
				long long* _t219;
				intOrPtr* _t221;
				void* _t235;
				intOrPtr _t239;
				void* _t252;
				long long _t254;
				long long _t275;
				char* _t277;
				void* _t280;
				signed char* _t281;
				signed char* _t282;
				signed char* _t283;
				int _t285;
				long long* _t286;
				void* _t287;
				void* _t289;
				signed long long _t290;
				void* _t300;
				void* _t303;
				long long _t304;
				long long _t306;
				long long _t307;
				intOrPtr _t309;
				long long _t310;
				signed long long _t312;
				int _t313;
				char* _t314;
				long long _t316;
				void* _t317;
				long long _t319;
				void* _t321;
				intOrPtr _t323;

				_t303 = _t289;
				_t290 = _t289 - 0x118;
				_t186 =  *0x87d8ec78; // 0x522936145607
				_t187 = _t186 ^ _t290;
				 *(_t303 - 0x30) = _t187;
				_t314 =  *_t221;
				_t286 = _t254;
				_t319 =  *((intOrPtr*)(_t221 + 8)) + _t314;
				 *((long long*)(_t290 + 0x58)) = _t254;
				 *((long long*)(_t290 + 0x50)) = _t319;
				if (_t314 == _t319) goto 0x87d44608;
				 *((long long*)(_t303 + 0x18)) = _t206;
				 *((long long*)(_t303 - 0x28)) = _t275;
				 *((long long*)(_t303 - 0x30)) = _t304;
				 *((long long*)(_t303 - 0x38)) = _t310;
				if ( *_t314 == 0x7b) goto 0x87d4405c;
				memchr(_t317, _t313, _t285);
				_t312 = _t187;
				if (_t187 == 0) goto 0x87d445be;
				if (_t314 == _t312) goto 0x87d44160;
				memchr(_t287, ??);
				if (_t187 == 0) goto 0x87d44106;
				_t277 = _t187 + 1;
				if (_t277 == _t312) goto 0x87d4418b;
				if ( *_t277 != 0x7d) goto 0x87d4418b;
				_t208 =  *(_t286 + 0x18);
				_t321 = _t277 - _t314;
				_t188 =  *((intOrPtr*)(_t208 + 0x10));
				 *((long long*)(_t290 + 0x20)) = _t188;
				_t306 = _t188 + _t321;
				if (_t306 -  *((intOrPtr*)(_t208 + 0x18)) <= 0) goto 0x87d440c1;
				_t189 =  *_t208;
				 *_t189();
				 *((long long*)(_t208 + 0x10)) = _t306;
				if (_t321 == 0) goto 0x87d440de;
				memmove(??, ??, ??);
				_t20 = _t277 + 1; // 0x2
				 *(_t286 + 0x18) = _t208;
				memchr(??, ??, ??);
				if (_t189 != 0) goto 0x87d44084;
				_t209 =  *(_t286 + 0x18);
				_t280 = _t312 - _t20;
				_t190 =  *((intOrPtr*)(_t209 + 0x10));
				 *((long long*)(_t290 + 0x20)) = _t190;
				_t307 = _t190 + _t280;
				if (_t307 -  *((intOrPtr*)(_t209 + 0x18)) <= 0) goto 0x87d4412e;
				 *((intOrPtr*)( *_t209))();
				 *((long long*)(_t209 + 0x10)) = _t307;
				if (_t280 == 0) goto 0x87d4414b;
				memmove(??, ??, ??);
				 *(_t286 + 0x18) = _t209;
				_t33 = _t312 + 1; // 0x1
				_t281 = _t33;
				if (_t281 ==  *((intOrPtr*)(_t290 + 0x50))) goto 0x87d445d9;
				_t138 =  *_t281 & 0x000000ff;
				if (_t138 != 0x7d) goto 0x87d4422a;
				r8d =  *((intOrPtr*)(_t286 + 0x10));
				if (r8d < 0) goto 0x87d441a1;
				 *((intOrPtr*)(_t286 + 0x10)) = _t280 + 1;
				goto 0x87d441b3;
				E00007FF87FF887D650C0(0x43ffffff, "unmatched \'}\' in format string");
				_t323 =  *((intOrPtr*)(_t290 + 0x50));
				goto 0x87d4414f;
				_t109 = E00007FF87FF887D650C0(0x43ffffff, "cannot switch from manual to automatic argument indexing");
				r8d = 0;
				_t211 = _t286 + 0x18;
				E00007FF87FF887D42960(_t109, _t290 + 0x28, _t211, _t280);
				asm("movups xmm0, [eax]");
				asm("inc ecx");
				asm("movsd xmm1, [eax+0x10]");
				asm("repne inc ecx");
				_t192 =  *_t286;
				_t235 = _t281 - _t192;
				 *((long long*)(_t290 + 0x38)) = 0;
				 *((long long*)(_t290 + 0x40)) = _t211;
				 *_t286 = _t192 + _t235;
				 *((intOrPtr*)(_t286 + 8)) =  *((intOrPtr*)(_t286 + 8)) - _t235;
				 *((long long*)(_t290 + 0x28)) =  *_t211;
				_t195 =  *((intOrPtr*)(_t211 + 0x28));
				 *((long long*)(_t290 + 0x30)) = _t195;
				 *((long long*)(_t290 + 0x48)) = _t286;
				E00007FF87FF887D44AF0();
				 *_t211 =  *_t195;
				goto 0x87d445b0;
				if (_t138 != 0x7b) goto 0x87d44265;
				_t212 =  *(_t286 + 0x18);
				_t309 =  *((intOrPtr*)(_t212 + 0x10));
				_t316 = _t309 + 1;
				if (_t316 -  *((intOrPtr*)(_t212 + 0x18)) <= 0) goto 0x87d4424d;
				_t196 =  *_t212;
				 *_t196();
				_t239 =  *((intOrPtr*)(_t212 + 8));
				 *((long long*)(_t212 + 0x10)) = _t316;
				 *((char*)(_t309 + _t239)) =  *_t281 & 0x000000ff;
				 *(_t286 + 0x18) = _t212;
				goto 0x87d445b0;
				if (_t138 == 0x3a) goto 0x87d443e0;
				if (_t239 - 0x30 - 9 > 0) goto 0x87d44342;
				if (_t138 == 0x30) goto 0x87d442d4;
				if (0 - 0xccccccc > 0) goto 0x87d442be;
				_t282 =  &(_t281[1]);
				if (_t282 == _t323) goto 0x87d442a5;
				if (( *_t282 & 0x000000ff) - 0x30 - 9 <= 0) goto 0x87d44280;
				if (_t196 + _t212 * 2 - 0x7fffffff <= 0) goto 0x87d442d7;
				E00007FF87FF887D650C0(_t212, "number is too big");
				goto 0x87d442d7;
				E00007FF87FF887D650C0(_t212, "number is too big");
				goto 0x87d442d7;
				_t283 =  &(_t282[1]);
				if (_t283 == _t323) goto 0x87d4432e;
				_t119 =  *_t283 & 0x000000ff;
				if (_t119 == 0x7d) goto 0x87d442e7;
				if (_t119 != 0x3a) goto 0x87d4432e;
				if ( *((intOrPtr*)(_t286 + 0x10)) <= 0) goto 0x87d442fe;
				_t120 = E00007FF87FF887D650C0(_t212, "cannot switch from automatic to manual argument indexing");
				goto 0x87d44305;
				 *((intOrPtr*)(_t286 + 0x10)) = 0xffffffff;
				r8d = 0x80000000;
				E00007FF87FF887D42960(_t120, _t303 - 0xffffffffffffffe8, _t286 + 0x18, _t286 + 0x48);
				asm("movups xmm0, [eax]");
				asm("movups [esi+0x48], xmm0");
				asm("movsd xmm1, [eax+0x10]");
				asm("movsd [esi+0x58], xmm1");
				goto 0x87d443bb;
				E00007FF87FF887D650C0(_t283, "invalid format string");
				goto 0x87d443bb;
				_t172 = _t138 - 0x41 - 0x39;
				if (_t172 > 0) goto 0x87d443cf;
				asm("dec eax");
				if (_t172 >= 0) goto 0x87d443cf;
				_t216 =  &(_t283[1]);
				if (_t216 == _t323) goto 0x87d44387;
				_t123 =  *_t216 & 0x000000ff;
				if (_t123 - 0x61 < 0) goto 0x87d44373;
				if (_t123 - 0x7a <= 0) goto 0x87d44360;
				if (_t123 - 0x41 < 0) goto 0x87d4437b;
				if (_t123 - 0x5a <= 0) goto 0x87d44360;
				if (_t123 == 0x5f) goto 0x87d44360;
				if (_t123 - 0x30 < 0) goto 0x87d44387;
				if (_t123 - 0x39 <= 0) goto 0x87d44360;
				 *(_t290 + 0x60) = _t283;
				_t300 = _t290 + 0x60;
				 *((long long*)(_t290 + 0x68)) = _t216 - _t283;
				E00007FF87FF887D48EE0(_t216, _t286 + 0x18, _t290 + 0x28, _t303 - 0x38, _t300);
				asm("movups xmm0, [eax]");
				asm("movups [esi+0x48], xmm0");
				asm("movsd xmm1, [eax+0x10]");
				asm("movsd [esi+0x58], xmm1");
				if (_t216 != _t323) goto 0x87d44425;
				goto 0x87d445e0;
				E00007FF87FF887D650C0(_t216, "invalid format string");
				goto 0x87d44422;
				r8d =  *((intOrPtr*)(_t286 + 0x10));
				if (r8d < 0) goto 0x87d443f2;
				 *((intOrPtr*)(_t286 + 0x10)) = _t300 + 1;
				goto 0x87d44404;
				_t127 = E00007FF87FF887D650C0(_t216, "cannot switch from manual to automatic argument indexing");
				r8d = 0;
				E00007FF87FF887D42960(_t127, _t303, _t286 + 0x18, _t300);
				asm("movups xmm0, [eax]");
				asm("movups [esi+0x48], xmm0");
				asm("movsd xmm1, [eax+0x10]");
				asm("movsd [esi+0x58], xmm1");
				_t217 = _t216;
				_t129 =  *_t217 & 0x000000ff;
				if (_t129 != 0x7d) goto 0x87d44482;
				_t200 =  *_t286;
				_t218 = _t217 - _t200;
				 *((long long*)(_t290 + 0x38)) = 0;
				 *((long long*)(_t290 + 0x48)) = _t286;
				 *_t286 = _t200 + _t218;
				 *((intOrPtr*)(_t286 + 8)) =  *((intOrPtr*)(_t286 + 8)) - _t218;
				_t219 = _t286 + 0x18;
				 *((long long*)(_t290 + 0x28)) =  *(_t286 + 0x18);
				_t203 =  *((intOrPtr*)(_t219 + 0x28));
				 *((long long*)(_t290 + 0x30)) = _t203;
				 *((long long*)(_t290 + 0x40)) = _t219;
				E00007FF87FF887D44AF0();
				 *_t219 =  *_t203;
				goto 0x87d445b0;
				if (_t129 != 0x3a) goto 0x87d443c3;
				_t204 =  *_t286;
				_t252 = _t219 + 1 - _t204;
				 *_t286 = _t204 + _t252;
				 *((intOrPtr*)(_t286 + 8)) =  *((intOrPtr*)(_t286 + 8)) - _t252;
				if ( *((intOrPtr*)(_t286 + 0x58)) + 0xfffffffe - 0xe > 0) goto 0x87d444e2;
				goto __rcx;
			}






























































                                                            0x7ff887d43fd0
                                                            0x7ff887d43fdd
                                                            0x7ff887d43fe4
                                                            0x7ff887d43feb
                                                            0x7ff887d43fee
                                                            0x7ff887d43ff2
                                                            0x7ff887d43ff5
                                                            0x7ff887d43ffc
                                                            0x7ff887d43fff
                                                            0x7ff887d44004
                                                            0x7ff887d4400c
                                                            0x7ff887d44012
                                                            0x7ff887d44016
                                                            0x7ff887d4401a
                                                            0x7ff887d4401e
                                                            0x7ff887d4403a
                                                            0x7ff887d4404b
                                                            0x7ff887d44050
                                                            0x7ff887d44056
                                                            0x7ff887d4405f
                                                            0x7ff887d44073
                                                            0x7ff887d4407e
                                                            0x7ff887d44084
                                                            0x7ff887d4408a
                                                            0x7ff887d44093
                                                            0x7ff887d44099
                                                            0x7ff887d440a0
                                                            0x7ff887d440a3
                                                            0x7ff887d440a7
                                                            0x7ff887d440ac
                                                            0x7ff887d440b4
                                                            0x7ff887d440b6
                                                            0x7ff887d440bf
                                                            0x7ff887d440ca
                                                            0x7ff887d440d1
                                                            0x7ff887d440d9
                                                            0x7ff887d440de
                                                            0x7ff887d440e2
                                                            0x7ff887d440f4
                                                            0x7ff887d440ff
                                                            0x7ff887d44106
                                                            0x7ff887d4410d
                                                            0x7ff887d44110
                                                            0x7ff887d44114
                                                            0x7ff887d44119
                                                            0x7ff887d44121
                                                            0x7ff887d4412c
                                                            0x7ff887d44137
                                                            0x7ff887d4413e
                                                            0x7ff887d44146
                                                            0x7ff887d4414b
                                                            0x7ff887d44160
                                                            0x7ff887d44160
                                                            0x7ff887d44167
                                                            0x7ff887d4416d
                                                            0x7ff887d44173
                                                            0x7ff887d44179
                                                            0x7ff887d44180
                                                            0x7ff887d44186
                                                            0x7ff887d44189
                                                            0x7ff887d44195
                                                            0x7ff887d4419a
                                                            0x7ff887d4419f
                                                            0x7ff887d441ab
                                                            0x7ff887d441b0
                                                            0x7ff887d441b3
                                                            0x7ff887d441bf
                                                            0x7ff887d441d0
                                                            0x7ff887d441d3
                                                            0x7ff887d441d7
                                                            0x7ff887d441dc
                                                            0x7ff887d441e2
                                                            0x7ff887d441e5
                                                            0x7ff887d441e8
                                                            0x7ff887d441f4
                                                            0x7ff887d441f9
                                                            0x7ff887d441fc
                                                            0x7ff887d44207
                                                            0x7ff887d4420c
                                                            0x7ff887d44210
                                                            0x7ff887d44215
                                                            0x7ff887d4421a
                                                            0x7ff887d44222
                                                            0x7ff887d44225
                                                            0x7ff887d4422d
                                                            0x7ff887d4422f
                                                            0x7ff887d44233
                                                            0x7ff887d44237
                                                            0x7ff887d44240
                                                            0x7ff887d44242
                                                            0x7ff887d4424b
                                                            0x7ff887d4424d
                                                            0x7ff887d44251
                                                            0x7ff887d44258
                                                            0x7ff887d4425c
                                                            0x7ff887d44260
                                                            0x7ff887d44268
                                                            0x7ff887d44273
                                                            0x7ff887d4427e
                                                            0x7ff887d44286
                                                            0x7ff887d4428e
                                                            0x7ff887d4429a
                                                            0x7ff887d442a3
                                                            0x7ff887d442ab
                                                            0x7ff887d442b7
                                                            0x7ff887d442bc
                                                            0x7ff887d442cd
                                                            0x7ff887d442d2
                                                            0x7ff887d442d4
                                                            0x7ff887d442da
                                                            0x7ff887d442dc
                                                            0x7ff887d442e1
                                                            0x7ff887d442e5
                                                            0x7ff887d442eb
                                                            0x7ff887d442f7
                                                            0x7ff887d442fc
                                                            0x7ff887d442fe
                                                            0x7ff887d44309
                                                            0x7ff887d44310
                                                            0x7ff887d44318
                                                            0x7ff887d4431b
                                                            0x7ff887d4431f
                                                            0x7ff887d44324
                                                            0x7ff887d44329
                                                            0x7ff887d44338
                                                            0x7ff887d44340
                                                            0x7ff887d44345
                                                            0x7ff887d44348
                                                            0x7ff887d44352
                                                            0x7ff887d44356
                                                            0x7ff887d44360
                                                            0x7ff887d44366
                                                            0x7ff887d44368
                                                            0x7ff887d4436d
                                                            0x7ff887d44371
                                                            0x7ff887d44375
                                                            0x7ff887d44379
                                                            0x7ff887d4437d
                                                            0x7ff887d44381
                                                            0x7ff887d44385
                                                            0x7ff887d4438a
                                                            0x7ff887d44396
                                                            0x7ff887d4439b
                                                            0x7ff887d443a5
                                                            0x7ff887d443aa
                                                            0x7ff887d443ad
                                                            0x7ff887d443b1
                                                            0x7ff887d443b6
                                                            0x7ff887d443c1
                                                            0x7ff887d443ca
                                                            0x7ff887d443d9
                                                            0x7ff887d443de
                                                            0x7ff887d443e0
                                                            0x7ff887d443e7
                                                            0x7ff887d443ed
                                                            0x7ff887d443f0
                                                            0x7ff887d443fc
                                                            0x7ff887d44401
                                                            0x7ff887d4440c
                                                            0x7ff887d44411
                                                            0x7ff887d44414
                                                            0x7ff887d44418
                                                            0x7ff887d4441d
                                                            0x7ff887d44422
                                                            0x7ff887d44425
                                                            0x7ff887d4442a
                                                            0x7ff887d4442c
                                                            0x7ff887d44433
                                                            0x7ff887d44436
                                                            0x7ff887d44442
                                                            0x7ff887d44447
                                                            0x7ff887d4444f
                                                            0x7ff887d4445b
                                                            0x7ff887d4445f
                                                            0x7ff887d44464
                                                            0x7ff887d44468
                                                            0x7ff887d4446d
                                                            0x7ff887d44472
                                                            0x7ff887d4447a
                                                            0x7ff887d4447d
                                                            0x7ff887d44484
                                                            0x7ff887d4448a
                                                            0x7ff887d44498
                                                            0x7ff887d4449e
                                                            0x7ff887d444a1
                                                            0x7ff887d444ae
                                                            0x7ff887d444bd

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memchr$memmove$ExceptionThrow
                                                            • String ID: cannot switch from automatic to manual argument indexing$cannot switch from manual to automatic argument indexing$invalid format string$missing '}' in format string$number is too big$unknown format specifier$unmatched '}' in format string
                                                            • API String ID: 2627924257-2192562433
                                                            • Opcode ID: b96c33d5ff3ea411e7be1b182a251db825c6e0ec77769b07ecf12c77f270e386
                                                            • Instruction ID: d597a06e956589089f6b38a4d454ae21f9d6963053773a0da4fc776ceb8fd0f1
                                                            • Opcode Fuzzy Hash: b96c33d5ff3ea411e7be1b182a251db825c6e0ec77769b07ecf12c77f270e386
                                                            • Instruction Fuzzy Hash: EB128062A88B8685EB60CF25E4402AD77B1FB45BD4F544232DB8E17B9ADF3CE185C340
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D677F0 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 311COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 31%
                                                            			E00007FF87FF887D677F0(void* __esi, void* __eflags, intOrPtr* __rax, void* __rbx, signed char* __rcx, void* __rdx, void* __r8, void* __r9) {
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t102;
				void* _t106;
				void* _t111;
				void* _t112;
				signed int _t118;
				signed int _t119;
				signed int _t123;
				void* _t128;
				void* _t129;
				void* _t134;
				signed int _t136;
				void* _t137;
				intOrPtr* _t163;
				signed long long _t164;
				intOrPtr* _t166;
				signed char* _t167;
				signed char* _t169;
				intOrPtr* _t171;
				signed char* _t172;
				signed long long _t179;
				signed char* _t191;
				long long _t192;
				long long _t194;
				long long* _t214;
				signed long long _t224;
				signed int _t237;
				intOrPtr _t239;
				signed long long _t243;
				void* _t245;
				signed long long _t248;
				void* _t250;
				signed int* _t251;
				void* _t253;
				void* _t254;
				void* _t256;
				void* _t258;
				signed long long _t259;
				intOrPtr _t264;
				long long _t268;
				intOrPtr* _t276;
				intOrPtr _t283;
				void* _t284;
				void* _t287;
				signed int* _t288;
				void* _t290;
				signed char* _t291;
				signed int _t292;
				long long _t294;

				_t163 = __rax;
				_t128 = __eflags;
				_push(__rbx);
				_t191 = __rcx;
				_t102 = E00007FF87FF887D675D0(__rcx, __rdx, __r8, __r9);
				_t258 = _t256 - 0x20 + 0x20;
				_pop(_t192);
				goto 0x87d67810;
				asm("int3");
				asm("int3");
				 *((long long*)(_t258 + 0x18)) = _t192;
				_t254 = _t258 - 0x27;
				_t259 = _t258 - 0xe0;
				_t164 =  *0x87d8ec78; // 0x522936145607
				 *(_t254 + 0x17) = _t164 ^ _t259;
				_t291 = _t191;
				_t288 =  *_t163;
				__imp__AcquireSRWLockShared(_t250, _t253);
				_t251 =  &(_t288[0xc]);
				_t263 =  *_t251 & 0xfffffffe;
				if (_t128 == 0) goto 0x87d678ed;
				asm("o16 nop [eax+eax]");
				_t5 = _t263 + 0x20; // 0x20
				_t166 = _t5;
				_t129 =  *((long long*)(_t166 + 0x18)) - 0x10;
				if (_t129 < 0) goto 0x87d6786e;
				_t167 =  *_t166;
				_t118 = _t167[_t291 - _t167] & 0x000000ff;
				if (_t129 != 0) goto 0x87d67887;
				if (_t118 != 0) goto 0x87d67874;
				if (( *_t167 & 0x000000ff) - _t118 >= 0) goto 0x87d67891;
				_t264 =  *((intOrPtr*)(( *_t251 & 0xfffffffe) + 0x10));
				goto 0x87d67898;
				_t283 = _t264;
				if ( *((intOrPtr*)(_t264 + 8)) != 0) goto 0x87d67860;
				if (_t283 == _t251) goto 0x87d678ed;
				_t10 = _t283 + 0x20; // 0x20
				_t276 = _t10;
				_t134 =  *((long long*)(_t276 + 0x18)) - 0x10;
				if (_t134 < 0) goto 0x87d678b0;
				_t169 = _t291;
				asm("o16 nop [eax+eax]");
				r8d =  *_t169 & 0x000000ff;
				_t123 = _t169[ *_t276 - _t291] & 0x000000ff;
				r8d = r8d - _t123;
				if (_t134 != 0) goto 0x87d678d5;
				if (_t123 != 0) goto 0x87d678c0;
				_t136 = r8d;
				if (_t136 < 0) goto 0x87d678ed;
				__imp__ReleaseSRWLockShared();
				goto 0x87d67bd5;
				__imp__ReleaseSRWLockShared();
				 *(_t254 - 0x79) = _t288;
				__imp__AcquireSRWLockExclusive();
				_t267 =  *_t251 & 0xfffffffe;
				if (_t136 == 0) goto 0x87d67959;
				_t15 = _t267 + 0x20; // 0x20
				_t171 = _t15;
				_t137 =  *((long long*)(_t171 + 0x18)) - 0x10;
				if (_t137 < 0) goto 0x87d6791f;
				_t172 =  *_t171;
				asm("o16 nop [eax+eax]");
				_t119 = _t172[_t291 - _t172] & 0x000000ff;
				if (_t137 != 0) goto 0x87d67943;
				if (_t119 != 0) goto 0x87d67930;
				if (( *_t172 & 0x000000ff) - _t119 >= 0) goto 0x87d6794d;
				_t268 =  *((intOrPtr*)(( *_t251 & 0xfffffffe) + 0x10));
				goto 0x87d67954;
				_t194 = _t268;
				if ( *((intOrPtr*)(_t268 + 8)) != 0) goto 0x87d67911;
				if (_t194 == _t251) goto 0x87d679a2;
				if (_t291[0xffffffffffffffff] != 0) goto 0x87d67970;
				if ( *((long long*)(_t194 + 0x38)) - 0x10 < 0) goto 0x87d67989;
				if ( *((intOrPtr*)(_t194 + 0x30)) != 0xffffffff) goto 0x87d679a2;
				0x87d77101();
				if (_t102 == 0) goto 0x87d67bc8;
				if (_t288[0xa] >= 0) goto 0x87d67bfe;
				r15d = 0;
				 *((long long*)(_t254 - 0x39)) = _t294;
				 *((long long*)(_t254 - 0x31)) = 0xf;
				 *((intOrPtr*)(_t254 - 0x49)) = r15b;
				if (_t291[0xffffffffffffffff] != r15b) goto 0x87d679c7;
				E00007FF87FF887D49100(_t194, _t254 - 0x49, _t291, 0xffffffff, _t291);
				asm("xorps xmm0, xmm0");
				asm("movdqa [ebp-0x29], xmm0");
				 *((long long*)(_t254 - 0x19)) = _t294;
				 *((intOrPtr*)(_t254 - 0x11)) = r12d;
				E00007FF87FF887D4D4C0(0, _t194, _t254 - 9, _t254 - 0x49, _t251);
				if (_t288[6] - _t288[0xa] + 1 > 0) goto 0x87d67a25;
				_t106 = E00007FF87FF887D672E0(_t288[0xa] + 1, _t194,  &(_t288[2]), _t288[6], 0, _t251, _t254, _t294, _t290);
				_t237 = _t288[6];
				_t288[8] = _t288[8] & _t237 - 0x00000001;
				_t179 = _t237 - 0x00000001 & _t288[0xa] + _t288[8];
				_t292 = _t179 * 8;
				if ( *((long long*)(_t288[4] + _t292)) != 0) goto 0x87d67a61;
				E00007FF87FF887D656A8(_t106, _t179, _t288[4]);
				 *(_t292 + _t288[4]) = _t179;
				_t214 =  *((intOrPtr*)(_t288[4] + _t292));
				 *_t214 = _t294;
				 *((long long*)(_t214 + 8)) = _t294;
				 *((long long*)(_t214 + 0x10)) = _t294;
				 *((intOrPtr*)(_t214 + 0x18)) =  *((intOrPtr*)(_t254 - 0x11));
				E00007FF87FF887D4D4C0(_t179, _t194, _t214 + 0x20, _t254 - 9, _t251);
				_t288[0xa] = _t288[0xa] + 1;
				E00007FF87FF887D48A60(_t254 - 9);
				_t239 =  *((intOrPtr*)(_t254 - 0x31));
				if (_t239 - 0x10 < 0) goto 0x87d67ad0;
				if (_t239 + 1 - 0x1000 < 0) goto 0x87d67aca;
				if ( *((intOrPtr*)(_t254 - 0x49)) -  *((intOrPtr*)( *((intOrPtr*)(_t254 - 0x49)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d67aca;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t111 = E00007FF87FF887D656E4();
				_t248 =  *((intOrPtr*)(_t288[4] + (_t288[6] - 0x00000001 & _t288[0xa] - 0x00000001 + _t288[8]) * 8));
				 *(_t254 - 0x61) = 0;
				 *((long long*)(_t254 - 0x59)) = _t294;
				 *((long long*)(_t254 - 0x69)) = _t194;
				 *(_t254 - 0x79) = _t251;
				 *(_t254 - 0x71) = _t251;
				 *((long long*)(_t259 + 0x30)) = _t294;
				 *((long long*)(_t259 + 0x28)) = _t254 - 0x61;
				 *((long long*)(_t259 + 0x20)) = _t254 - 0x71;
				_t112 = E00007FF87FF887D66B00(_t111, _t194, _t254 - 0x49, _t254 - 0x79, _t248, _t251, _t254, _t254 - 0x69, _t248, _t287, _t284, _t245);
				if ( *((char*)(_t254 - 0x41)) == 0) goto 0x87d67bc4;
				_t243 =  *((intOrPtr*)(_t254 - 0x59));
				r8d =  *(_t254 - 0x61) & 0x000000ff;
				if (r8b != 0) goto 0x87d67b70;
				if ( *(_t243 + 0x10) != 0) goto 0x87d67b70;
				_t224 =  *_t243 & 0xfffffffe;
				if (_t243 !=  *((intOrPtr*)(_t224 + 0x10))) goto 0x87d67b70;
				if (_t224 ==  *((intOrPtr*)(( *_t224 & 0xfffffffe) + 0x10))) goto 0x87d67b60;
				if (_t243 != _t251) goto 0x87d67b82;
				 *_t251 =  *_t251 & 0x00000001;
				 *_t251 =  *_t251 | _t248;
				_t251[2] = _t248;
				goto 0x87d67ba1;
				if (r8b == 0) goto 0x87d67b97;
				 *(_t243 + 8) = _t248;
				if (_t243 != _t251[2]) goto 0x87d67ba5;
				_t251[2] = _t248;
				goto 0x87d67ba5;
				 *(_t243 + 0x10) = _t248;
				if (_t243 != _t251[4]) goto 0x87d67ba5;
				_t251[4] = _t248;
				 *_t248 =  *_t248 & 0x00000001;
				 *_t248 =  *_t248 | _t243;
				 *((long long*)(_t248 + 0x10)) = _t294;
				 *((long long*)(_t248 + 8)) = _t294;
				E00007FF87FF887D67CF0(_t112, 0x40, _t251, _t248);
				goto 0x87d67bc8;
				__imp__ReleaseSRWLockExclusive();
				return E00007FF87FF887D65E20( *((intOrPtr*)( *((intOrPtr*)(_t254 - 0x49)) + 0x18)), 0x40,  *(_t254 + 0x17) ^ _t259);
			}






















































                                                            0x7ff887d677f0
                                                            0x7ff887d677f0
                                                            0x7ff887d677f0
                                                            0x7ff887d677f6
                                                            0x7ff887d677f9
                                                            0x7ff887d67804
                                                            0x7ff887d67808
                                                            0x7ff887d67809
                                                            0x7ff887d6780e
                                                            0x7ff887d6780f
                                                            0x7ff887d67810
                                                            0x7ff887d67820
                                                            0x7ff887d67825
                                                            0x7ff887d6782c
                                                            0x7ff887d67836
                                                            0x7ff887d6783a
                                                            0x7ff887d6783d
                                                            0x7ff887d67840
                                                            0x7ff887d67846
                                                            0x7ff887d67850
                                                            0x7ff887d67854
                                                            0x7ff887d6785a
                                                            0x7ff887d67860
                                                            0x7ff887d67860
                                                            0x7ff887d67864
                                                            0x7ff887d67869
                                                            0x7ff887d6786b
                                                            0x7ff887d67877
                                                            0x7ff887d6787e
                                                            0x7ff887d67885
                                                            0x7ff887d67889
                                                            0x7ff887d6788b
                                                            0x7ff887d6788f
                                                            0x7ff887d67891
                                                            0x7ff887d6789b
                                                            0x7ff887d678a0
                                                            0x7ff887d678a2
                                                            0x7ff887d678a2
                                                            0x7ff887d678a6
                                                            0x7ff887d678ab
                                                            0x7ff887d678b0
                                                            0x7ff887d678b6
                                                            0x7ff887d678c0
                                                            0x7ff887d678c4
                                                            0x7ff887d678c9
                                                            0x7ff887d678cc
                                                            0x7ff887d678d3
                                                            0x7ff887d678d5
                                                            0x7ff887d678d8
                                                            0x7ff887d678e1
                                                            0x7ff887d678e8
                                                            0x7ff887d678f0
                                                            0x7ff887d678f7
                                                            0x7ff887d678fe
                                                            0x7ff887d6790b
                                                            0x7ff887d6790f
                                                            0x7ff887d67911
                                                            0x7ff887d67911
                                                            0x7ff887d67915
                                                            0x7ff887d6791a
                                                            0x7ff887d6791c
                                                            0x7ff887d67925
                                                            0x7ff887d67933
                                                            0x7ff887d6793a
                                                            0x7ff887d67941
                                                            0x7ff887d67945
                                                            0x7ff887d67947
                                                            0x7ff887d6794b
                                                            0x7ff887d6794d
                                                            0x7ff887d67957
                                                            0x7ff887d67963
                                                            0x7ff887d67978
                                                            0x7ff887d67983
                                                            0x7ff887d67990
                                                            0x7ff887d67995
                                                            0x7ff887d6799c
                                                            0x7ff887d679ae
                                                            0x7ff887d679b4
                                                            0x7ff887d679b7
                                                            0x7ff887d679bb
                                                            0x7ff887d679c3
                                                            0x7ff887d679ce
                                                            0x7ff887d679da
                                                            0x7ff887d679e0
                                                            0x7ff887d679e3
                                                            0x7ff887d679e8
                                                            0x7ff887d679ec
                                                            0x7ff887d679f8
                                                            0x7ff887d67a0d
                                                            0x7ff887d67a18
                                                            0x7ff887d67a1d
                                                            0x7ff887d67a29
                                                            0x7ff887d67a35
                                                            0x7ff887d67a38
                                                            0x7ff887d67a49
                                                            0x7ff887d67a50
                                                            0x7ff887d67a59
                                                            0x7ff887d67a61
                                                            0x7ff887d67a65
                                                            0x7ff887d67a68
                                                            0x7ff887d67a6c
                                                            0x7ff887d67a73
                                                            0x7ff887d67a7e
                                                            0x7ff887d67a83
                                                            0x7ff887d67a8b
                                                            0x7ff887d67a91
                                                            0x7ff887d67a99
                                                            0x7ff887d67aac
                                                            0x7ff887d67ac1
                                                            0x7ff887d67ac3
                                                            0x7ff887d67ac9
                                                            0x7ff887d67aca
                                                            0x7ff887d67ae9
                                                            0x7ff887d67aed
                                                            0x7ff887d67af1
                                                            0x7ff887d67af5
                                                            0x7ff887d67af9
                                                            0x7ff887d67afd
                                                            0x7ff887d67b01
                                                            0x7ff887d67b0a
                                                            0x7ff887d67b13
                                                            0x7ff887d67b27
                                                            0x7ff887d67b30
                                                            0x7ff887d67b36
                                                            0x7ff887d67b3a
                                                            0x7ff887d67b42
                                                            0x7ff887d67b49
                                                            0x7ff887d67b4e
                                                            0x7ff887d67b56
                                                            0x7ff887d67b6e
                                                            0x7ff887d67b73
                                                            0x7ff887d67b75
                                                            0x7ff887d67b79
                                                            0x7ff887d67b7c
                                                            0x7ff887d67b80
                                                            0x7ff887d67b85
                                                            0x7ff887d67b87
                                                            0x7ff887d67b8f
                                                            0x7ff887d67b91
                                                            0x7ff887d67b95
                                                            0x7ff887d67b97
                                                            0x7ff887d67b9f
                                                            0x7ff887d67ba1
                                                            0x7ff887d67ba5
                                                            0x7ff887d67ba9
                                                            0x7ff887d67bac
                                                            0x7ff887d67bb0
                                                            0x7ff887d67bba
                                                            0x7ff887d67bc2
                                                            0x7ff887d67bce
                                                            0x7ff887d67bfd

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: Lock$ReleaseShared$AcquireExclusive$Initialize_invalid_parameter_noinfo_noreturnmemcmp
                                                            • String ID: Too many log attribute names$libs\log\src\attribute_name.cpp$unsigned int __cdecl boost::log::v2s_mt_nt6::attribute_name::repository::get_id_from_string(const char *)
                                                            • API String ID: 37642638-4205034697
                                                            • Opcode ID: f2e996f03ceaece648ea7f80ab3622e4507e75226b30919e8351a5e2205849c6
                                                            • Instruction ID: 53a139aecdc77426a39e2d0bc5303dd092b5fee946e8073c12bd8d489af5a48b
                                                            • Opcode Fuzzy Hash: f2e996f03ceaece648ea7f80ab3622e4507e75226b30919e8351a5e2205849c6
                                                            • Instruction Fuzzy Hash: 77D1DEA2B58B4A85EB108B65D4406AC27B5FB45BE4F144732EE6E0B7D8DF38E551C380
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D672E0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 130COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,Severity,?,00007FF887D67A1D), ref: 00007FF887D67395
                                                            • memmove.VCRUNTIME140(00000000,Severity,?,00007FF887D67A1D), ref: 00007FF887D673D3
                                                            • memmove.VCRUNTIME140(00000000,Severity,?,00007FF887D67A1D), ref: 00007FF887D673EA
                                                            • memset.VCRUNTIME140(00000000,Severity,?,00007FF887D67A1D), ref: 00007FF887D673FF
                                                            • memmove.VCRUNTIME140(00000000,Severity,?,00007FF887D67A1D), ref: 00007FF887D67417
                                                            • memmove.VCRUNTIME140(00000000,Severity,?,00007FF887D67A1D), ref: 00007FF887D67431
                                                            • memset.VCRUNTIME140(00000000,Severity,?,00007FF887D67A1D), ref: 00007FF887D6743F
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,Severity,?,00007FF887D67A1D), ref: 00007FF887D674A7
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887D674AE
                                                              • Part of subcall function 00007FF887D656A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887D48F4E), ref: 00007FF887D656C2
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memmove$_invalid_parameter_noinfo_noreturnmemset$Concurrency::cancel_current_taskmalloc
                                                            • String ID: Severity
                                                            • API String ID: 851562609-253145917
                                                            • Opcode ID: 7b03311ce28347fc951801e34c8f2264ffcee07e6eb34c493ea4c24e23c17c92
                                                            • Instruction ID: d9b637b37f175253a8caf991b5ed276fd9b6f0c2cccad7da6cbd4763b74ea089
                                                            • Opcode Fuzzy Hash: 7b03311ce28347fc951801e34c8f2264ffcee07e6eb34c493ea4c24e23c17c92
                                                            • Instruction Fuzzy Hash: DE41C2A1A59B8A95EA04DB65D4442BC2731FB44BF4F584B31EE2E1BB9DDE3CE141C380
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D44660 Relevance: 16.8, APIs: 10, Strings: 1, Instructions: 254COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 00007FF887D44709
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memmove$memset
                                                            • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
                                                            • API String ID: 3790616698-2272463933
                                                            • Opcode ID: 0796b21e98d85cc1bbbf4d138e3ca6c1e9572e6ebb6caef51cc878d98f77fec9
                                                            • Instruction ID: 79af3d6a1e86ffe879b2f61230eb0e7312454b262b065e22f5f13d84027fc565
                                                            • Opcode Fuzzy Hash: 0796b21e98d85cc1bbbf4d138e3ca6c1e9572e6ebb6caef51cc878d98f77fec9
                                                            • Instruction Fuzzy Hash: 53A1EA627892C646EB758E16DA5027DBBA1FB15BC0F084235CBCF47A9BCA2CE551C740
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D56680 Relevance: 16.7, APIs: 11, Instructions: 204COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 23%
                                                            			E00007FF87FF887D56680(void* __rcx, signed int __rdx, void* __r10) {
				signed int _t46;
				void* _t58;
				intOrPtr _t71;
				intOrPtr _t72;
				intOrPtr _t73;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr _t76;
				intOrPtr _t77;

				r9b = 0x20;
				_t71 =  *((intOrPtr*)(__rcx + 8));
				r8d = 2;
				goto 0x87d6e730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				r9b = 0x30;
				_t72 =  *((intOrPtr*)(_t71 + 8));
				r8d = 2;
				goto 0x87d6e730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				r9b = 0x20;
				_t73 =  *((intOrPtr*)(_t72 + 8));
				r8d = 2;
				r10d =  *((intOrPtr*)( *((intOrPtr*)(_t72 + 0x10)) + 0xc));
				r10d = r10d - (__rdx + __rdx * 2 << 2);
				goto 0x87d6e730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				r9b = 0x30;
				_t74 =  *((intOrPtr*)(_t73 + 8));
				r8d = 2;
				r10d =  *((intOrPtr*)( *((intOrPtr*)(_t73 + 0x10)) + 0xc));
				_t46 = __rdx + __rdx * 2 << 2;
				r10d = r10d - _t46;
				goto 0x87d6e730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				r9b = 0x20;
				_t75 =  *((intOrPtr*)(_t74 + 8));
				r8d = 2;
				goto 0x87d6e730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				r9b = 0x30;
				_t76 =  *((intOrPtr*)(_t75 + 8));
				r8d = 2;
				goto 0x87d6e730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t77 =  *((intOrPtr*)(_t76 + 8));
				r8d = 0x2b;
				_t58 =  ==  ? r8d : 0x2d;
				if ( *((char*)( *((intOrPtr*)(_t77 + 0x10)) + 0x1c)) == 0) goto 0x87d567b5;
				goto E00007FF87FF887D603C0;
				return _t46;
			}












                                                            0x7ff887d56684
                                                            0x7ff887d56687
                                                            0x7ff887d5668b
                                                            0x7ff887d56694
                                                            0x7ff887d56699
                                                            0x7ff887d5669a
                                                            0x7ff887d5669b
                                                            0x7ff887d5669c
                                                            0x7ff887d5669d
                                                            0x7ff887d5669e
                                                            0x7ff887d5669f
                                                            0x7ff887d566a4
                                                            0x7ff887d566a7
                                                            0x7ff887d566ab
                                                            0x7ff887d566b4
                                                            0x7ff887d566b9
                                                            0x7ff887d566ba
                                                            0x7ff887d566bb
                                                            0x7ff887d566bc
                                                            0x7ff887d566bd
                                                            0x7ff887d566be
                                                            0x7ff887d566bf
                                                            0x7ff887d566c4
                                                            0x7ff887d566c7
                                                            0x7ff887d566cb
                                                            0x7ff887d566d1
                                                            0x7ff887d566e6
                                                            0x7ff887d566ed
                                                            0x7ff887d566f2
                                                            0x7ff887d566f3
                                                            0x7ff887d566f4
                                                            0x7ff887d566f5
                                                            0x7ff887d566f6
                                                            0x7ff887d566f7
                                                            0x7ff887d566f8
                                                            0x7ff887d566f9
                                                            0x7ff887d566fa
                                                            0x7ff887d566fb
                                                            0x7ff887d566fc
                                                            0x7ff887d566fd
                                                            0x7ff887d566fe
                                                            0x7ff887d566ff
                                                            0x7ff887d56704
                                                            0x7ff887d56707
                                                            0x7ff887d5670b
                                                            0x7ff887d56711
                                                            0x7ff887d56723
                                                            0x7ff887d56726
                                                            0x7ff887d5672d
                                                            0x7ff887d56732
                                                            0x7ff887d56733
                                                            0x7ff887d56734
                                                            0x7ff887d56735
                                                            0x7ff887d56736
                                                            0x7ff887d56737
                                                            0x7ff887d56738
                                                            0x7ff887d56739
                                                            0x7ff887d5673a
                                                            0x7ff887d5673b
                                                            0x7ff887d5673c
                                                            0x7ff887d5673d
                                                            0x7ff887d5673e
                                                            0x7ff887d5673f
                                                            0x7ff887d56744
                                                            0x7ff887d56747
                                                            0x7ff887d5674b
                                                            0x7ff887d56754
                                                            0x7ff887d56759
                                                            0x7ff887d5675a
                                                            0x7ff887d5675b
                                                            0x7ff887d5675c
                                                            0x7ff887d5675d
                                                            0x7ff887d5675e
                                                            0x7ff887d5675f
                                                            0x7ff887d56764
                                                            0x7ff887d56767
                                                            0x7ff887d5676b
                                                            0x7ff887d56774
                                                            0x7ff887d56779
                                                            0x7ff887d5677a
                                                            0x7ff887d5677b
                                                            0x7ff887d5677c
                                                            0x7ff887d5677d
                                                            0x7ff887d5677e
                                                            0x7ff887d5677f
                                                            0x7ff887d56789
                                                            0x7ff887d5678d
                                                            0x7ff887d56797
                                                            0x7ff887d567a8
                                                            0x7ff887d567b0
                                                            0x7ff887d567b5

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: Lockit@std@@Mbstatet@@@std@@memmove$??0_??1_?getloc@?$basic_streambuf@?length@?$codecvt@_Bid@locale@std@@Concurrency::cancel_current_taskD@std@@@std@@Facet_Getcat@?$codecvt@_Getgloballocale@locale@std@@Locimp@12@Mbstatet@@RegisterU?$char_traits@V42@@Vfacet@locale@2@Vlocale@2@memsetstd::_
                                                            • String ID:
                                                            • API String ID: 3249132129-0
                                                            • Opcode ID: a689512fd0de5063ab9b5e905ad6ac7c447a73a5c18569776a42001a620bdc49
                                                            • Instruction ID: b122e8b70b13ee2958d59c7f746b335a19e5cef0e76d1e78136ab0de158eacd8
                                                            • Opcode Fuzzy Hash: a689512fd0de5063ab9b5e905ad6ac7c447a73a5c18569776a42001a620bdc49
                                                            • Instruction Fuzzy Hash: AC81AD62B48A8586EF10CF69E4442AD63B1FB44BD8B544632EE5F07BADEF38E145C340
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D468C0 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 243COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 31%
                                                            			E00007FF87FF887D468C0(signed int __eax, void* __rcx, intOrPtr* __r8) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r15;
				signed int _t53;
				intOrPtr _t57;
				void* _t64;
				signed int _t66;
				signed int _t68;
				signed int _t69;
				signed int _t77;
				void* _t79;
				signed long long _t97;
				char* _t100;
				void* _t108;
				intOrPtr _t117;
				intOrPtr* _t126;
				signed int _t127;
				void* _t129;
				void* _t130;
				signed long long _t131;
				void* _t139;
				void* _t141;
				void* _t142;

				_t129 = _t130 - 0x1d0;
				_t131 = _t130 - 0x2d0;
				asm("movaps [esp+0x2c0], xmm6");
				_t97 =  *0x87d8ec78; // 0x522936145607
				 *(_t129 + 0x1b0) = _t97 ^ _t131;
				_t126 = __r8;
				asm("movaps xmm6, xmm1");
				_t141 = __rcx;
				 *((char*)(_t131 + 0x30)) = 0;
				E00007FF87FF887D43B30();
				asm("movups xmm0, [eax]");
				asm("movaps [esp+0x40], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				_t66 = ( *(__r8 + 0xc) << 0x00000019 >> 0x0000001d ^ __eax) & 0x000000ff ^ __eax;
				 *(_t131 + 0x48) = _t66;
				asm("movaps xmm0, xmm6");
				__imp___dsign();
				if (__eax == 0) goto 0x87d46957;
				_t68 = _t66 & 0xffffff01 | 0x00000001;
				asm("xorps xmm6, [0x35a5b]");
				goto 0x87d46962;
				if (_t68 != 1) goto 0x87d46966;
				_t69 = _t68 & 0xffffff00;
				 *(_t131 + 0x48) = _t69;
				asm("movaps xmm0, xmm6");
				0x87d77131();
				if (__eax <= 0) goto 0x87d469c3;
				if (__eax != 1) goto 0x87d46989;
				goto 0x87d46997;
				_t100 = "NAN";
				_t113 =  !=  ? _t100 : "nan";
				 *((intOrPtr*)(_t131 + 0x40)) =  *(_t131 + 0x48);
				 *(_t131 + 0x48) =  !=  ? _t100 : "nan";
				_t122 = __r8;
				E00007FF87FF887D471A0(_t79, _t100, _t108, __rcx, __r8, _t131 + 0x40, _t142);
				goto 0x87d46aee;
				_t53 =  *(_t126 + 0xc);
				_t77 = _t53 << 0x1c >> 0x1c;
				if (_t77 != 0) goto 0x87d469e4;
				 *(_t126 + 0xc) = _t53 & 0xfffffff2 | 0x00000002;
				goto 0x87d46a22;
				if (_t77 != 4) goto 0x87d46a22;
				_t127 =  *(_t131 + 0x48);
				if (sil == 0) goto 0x87d46a1a;
				E00007FF87FF887D4BAB0(_t108, _t141, _t122, _t127);
				 *_t100 =  *(_t127 + 0x87d7e0a4) & 0x000000ff;
				 *(_t131 + 0x48) = _t69 & 0xffffff00;
				_t57 =  *_t126;
				if (_t57 == 0) goto 0x87d46a1a;
				 *_t126 = _t57 - 1;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) & 0xfffffff2;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) | 0x00000002;
				 *((long long*)(_t129 - 0x60)) = 0;
				 *((long long*)(_t129 - 0x70)) = 0x87d7baa8;
				 *((long long*)(_t129 - 0x68)) = _t129 - 0x50;
				 *((long long*)(_t129 - 0x58)) = 0x1f4;
				if (( *(_t131 + 0x44) & 0x000000ff) != 3) goto 0x87d46b17;
				if (sil == 0) goto 0x87d46a6d;
				 *((char*)(_t129 - 0x50)) =  *( *(_t131 + 0x48) + 0x87d7e0a4) & 0x000000ff;
				 *((long long*)(_t129 - 0x60)) = 1;
				asm("movaps xmm1, [esp+0x40]");
				asm("movdqa [esp+0x50], xmm1");
				asm("movaps xmm0, xmm6");
				E00007FF87FF887D64200( *(_t127 + 0x87d7e0a4) & 0x000000ff,  *((intOrPtr*)(_t126 + 4)), _t108, _t131 + 0x50, _t129 - 0x70, _t139);
				 *((long long*)(_t131 + 0x40)) =  *((intOrPtr*)(_t129 - 0x68));
				 *(_t131 + 0x48) =  *((intOrPtr*)(_t129 - 0x60));
				E00007FF87FF887D48330(_t108, _t141, _t126, _t126, _t131 + 0x40, _t129 - 0x70, _t139, 0x87d7e0a4);
				 *((long long*)(_t129 - 0x70)) = 0x87d7baa8;
				_t117 =  *((intOrPtr*)(_t129 - 0x68));
				if (_t117 == _t129 - 0x50) goto 0x87d46aee;
				if ( *((intOrPtr*)(_t129 - 0x58)) - 0x1000 < 0) goto 0x87d46ae9;
				if (_t117 -  *((intOrPtr*)(_t117 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87d46c50;
				_t64 = E00007FF87FF887D65E20(E00007FF87FF887D656E4(),  *(_t127 + 0x87d7e0a4) & 0x000000ff,  *(_t129 + 0x1b0) ^ _t131);
				asm("movaps xmm6, [esp+0x2c0]");
				return _t64;
			}




























                                                            0x7ff887d468cb
                                                            0x7ff887d468d3
                                                            0x7ff887d468da
                                                            0x7ff887d468e2
                                                            0x7ff887d468ec
                                                            0x7ff887d468f3
                                                            0x7ff887d468f6
                                                            0x7ff887d468f9
                                                            0x7ff887d468fc
                                                            0x7ff887d4690e
                                                            0x7ff887d46913
                                                            0x7ff887d46916
                                                            0x7ff887d46924
                                                            0x7ff887d46929
                                                            0x7ff887d46932
                                                            0x7ff887d46934
                                                            0x7ff887d46938
                                                            0x7ff887d4693b
                                                            0x7ff887d46943
                                                            0x7ff887d4694b
                                                            0x7ff887d4694e
                                                            0x7ff887d46955
                                                            0x7ff887d4695a
                                                            0x7ff887d4695c
                                                            0x7ff887d46962
                                                            0x7ff887d46966
                                                            0x7ff887d46969
                                                            0x7ff887d46971
                                                            0x7ff887d46977
                                                            0x7ff887d46987
                                                            0x7ff887d46989
                                                            0x7ff887d4699c
                                                            0x7ff887d469a5
                                                            0x7ff887d469a9
                                                            0x7ff887d469b3
                                                            0x7ff887d469b9
                                                            0x7ff887d469be
                                                            0x7ff887d469c3
                                                            0x7ff887d469cb
                                                            0x7ff887d469d7
                                                            0x7ff887d469df
                                                            0x7ff887d469e2
                                                            0x7ff887d469e7
                                                            0x7ff887d469e9
                                                            0x7ff887d469f2
                                                            0x7ff887d469fa
                                                            0x7ff887d46a04
                                                            0x7ff887d46a0c
                                                            0x7ff887d46a10
                                                            0x7ff887d46a14
                                                            0x7ff887d46a18
                                                            0x7ff887d46a1a
                                                            0x7ff887d46a1e
                                                            0x7ff887d46a22
                                                            0x7ff887d46a31
                                                            0x7ff887d46a39
                                                            0x7ff887d46a3d
                                                            0x7ff887d46a4c
                                                            0x7ff887d46a5b
                                                            0x7ff887d46a62
                                                            0x7ff887d46a65
                                                            0x7ff887d46a6d
                                                            0x7ff887d46a72
                                                            0x7ff887d46a84
                                                            0x7ff887d46a87
                                                            0x7ff887d46a90
                                                            0x7ff887d46a99
                                                            0x7ff887d46aa9
                                                            0x7ff887d46aaf
                                                            0x7ff887d46ab7
                                                            0x7ff887d46abe
                                                            0x7ff887d46ace
                                                            0x7ff887d46ae3
                                                            0x7ff887d46af8
                                                            0x7ff887d46afd
                                                            0x7ff887d46b16

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: __std_exception_copy_dclass_dsign_invalid_parameter_noinfo_noreturn
                                                            • String ID: INF$NAN$inf$nan$number is too big
                                                            • API String ID: 3571884167-1812383209
                                                            • Opcode ID: e989a04ac9d643e88f4f7596637f0954a79c4252fcc9246e51ff4c0d95f8c880
                                                            • Instruction ID: 3a622bccb64877eff6fca1d0bc7345799bf0753a325dbd320d1d1d78a1f9c8cb
                                                            • Opcode Fuzzy Hash: e989a04ac9d643e88f4f7596637f0954a79c4252fcc9246e51ff4c0d95f8c880
                                                            • Instruction Fuzzy Hash: 7AB1D622A88B8185EB508B65E4413BDB770FB463E4F544336EA9E17A9DDF7CE584C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D46C60 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 243COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 31%
                                                            			E00007FF87FF887D46C60(signed int __eax, void* __rcx, intOrPtr* __r8) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r15;
				signed int _t53;
				intOrPtr _t57;
				void* _t64;
				signed int _t66;
				signed int _t68;
				signed int _t69;
				signed int _t77;
				void* _t79;
				signed long long _t97;
				char* _t100;
				void* _t108;
				intOrPtr _t117;
				intOrPtr* _t126;
				signed int _t127;
				void* _t129;
				void* _t130;
				signed long long _t131;
				void* _t139;
				void* _t141;
				void* _t142;

				_t129 = _t130 - 0x1d0;
				_t131 = _t130 - 0x2d0;
				asm("movaps [esp+0x2c0], xmm6");
				_t97 =  *0x87d8ec78; // 0x522936145607
				 *(_t129 + 0x1b0) = _t97 ^ _t131;
				_t126 = __r8;
				asm("movaps xmm6, xmm1");
				_t141 = __rcx;
				 *((char*)(_t131 + 0x30)) = 0;
				E00007FF87FF887D43B30();
				asm("movups xmm0, [eax]");
				asm("movaps [esp+0x40], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				_t66 = ( *(__r8 + 0xc) << 0x00000019 >> 0x0000001d ^ __eax) & 0x000000ff ^ __eax;
				 *(_t131 + 0x48) = _t66;
				asm("movaps xmm0, xmm6");
				__imp___ldsign();
				if (__eax == 0) goto 0x87d46cf7;
				_t68 = _t66 & 0xffffff01 | 0x00000001;
				asm("xorps xmm6, [0x356bb]");
				goto 0x87d46d02;
				if (_t68 != 1) goto 0x87d46d06;
				_t69 = _t68 & 0xffffff00;
				 *(_t131 + 0x48) = _t69;
				asm("movaps xmm0, xmm6");
				0x87d7713d();
				if (__eax <= 0) goto 0x87d46d63;
				if (__eax != 1) goto 0x87d46d29;
				goto 0x87d46d37;
				_t100 = "NAN";
				_t113 =  !=  ? _t100 : "nan";
				 *((intOrPtr*)(_t131 + 0x40)) =  *(_t131 + 0x48);
				 *(_t131 + 0x48) =  !=  ? _t100 : "nan";
				_t122 = __r8;
				E00007FF87FF887D471A0(_t79, _t100, _t108, __rcx, __r8, _t131 + 0x40, _t142);
				goto 0x87d46e8e;
				_t53 =  *(_t126 + 0xc);
				_t77 = _t53 << 0x1c >> 0x1c;
				if (_t77 != 0) goto 0x87d46d84;
				 *(_t126 + 0xc) = _t53 & 0xfffffff2 | 0x00000002;
				goto 0x87d46dc2;
				if (_t77 != 4) goto 0x87d46dc2;
				_t127 =  *(_t131 + 0x48);
				if (sil == 0) goto 0x87d46dba;
				E00007FF87FF887D4BAB0(_t108, _t141, _t122, _t127);
				 *_t100 =  *(_t127 + 0x87d7e0a4) & 0x000000ff;
				 *(_t131 + 0x48) = _t69 & 0xffffff00;
				_t57 =  *_t126;
				if (_t57 == 0) goto 0x87d46dba;
				 *_t126 = _t57 - 1;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) & 0xfffffff2;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) | 0x00000002;
				 *((long long*)(_t129 - 0x60)) = 0;
				 *((long long*)(_t129 - 0x70)) = 0x87d7baa8;
				 *((long long*)(_t129 - 0x68)) = _t129 - 0x50;
				 *((long long*)(_t129 - 0x58)) = 0x1f4;
				if (( *(_t131 + 0x44) & 0x000000ff) != 3) goto 0x87d46eb7;
				if (sil == 0) goto 0x87d46e0d;
				 *((char*)(_t129 - 0x50)) =  *( *(_t131 + 0x48) + 0x87d7e0a4) & 0x000000ff;
				 *((long long*)(_t129 - 0x60)) = 1;
				asm("movaps xmm1, [esp+0x40]");
				asm("movdqa [esp+0x50], xmm1");
				asm("movaps xmm0, xmm6");
				E00007FF87FF887D64470( *((intOrPtr*)(_t126 + 4)), _t108, _t131 + 0x50, _t129 - 0x70, _t139);
				 *((long long*)(_t131 + 0x40)) =  *((intOrPtr*)(_t129 - 0x68));
				 *(_t131 + 0x48) =  *((intOrPtr*)(_t129 - 0x60));
				E00007FF87FF887D48330(_t108, _t141, _t126, _t126, _t131 + 0x40, _t129 - 0x70, _t139, 0x87d7e0a4);
				 *((long long*)(_t129 - 0x70)) = 0x87d7baa8;
				_t117 =  *((intOrPtr*)(_t129 - 0x68));
				if (_t117 == _t129 - 0x50) goto 0x87d46e8e;
				if ( *((intOrPtr*)(_t129 - 0x58)) - 0x1000 < 0) goto 0x87d46e89;
				if (_t117 -  *((intOrPtr*)(_t117 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87d46ff0;
				_t64 = E00007FF87FF887D65E20(E00007FF87FF887D656E4(),  *(_t127 + 0x87d7e0a4) & 0x000000ff,  *(_t129 + 0x1b0) ^ _t131);
				asm("movaps xmm6, [esp+0x2c0]");
				return _t64;
			}




























                                                            0x7ff887d46c6b
                                                            0x7ff887d46c73
                                                            0x7ff887d46c7a
                                                            0x7ff887d46c82
                                                            0x7ff887d46c8c
                                                            0x7ff887d46c93
                                                            0x7ff887d46c96
                                                            0x7ff887d46c99
                                                            0x7ff887d46c9c
                                                            0x7ff887d46cae
                                                            0x7ff887d46cb3
                                                            0x7ff887d46cb6
                                                            0x7ff887d46cc4
                                                            0x7ff887d46cc9
                                                            0x7ff887d46cd2
                                                            0x7ff887d46cd4
                                                            0x7ff887d46cd8
                                                            0x7ff887d46cdb
                                                            0x7ff887d46ce3
                                                            0x7ff887d46ceb
                                                            0x7ff887d46cee
                                                            0x7ff887d46cf5
                                                            0x7ff887d46cfa
                                                            0x7ff887d46cfc
                                                            0x7ff887d46d02
                                                            0x7ff887d46d06
                                                            0x7ff887d46d09
                                                            0x7ff887d46d11
                                                            0x7ff887d46d17
                                                            0x7ff887d46d27
                                                            0x7ff887d46d29
                                                            0x7ff887d46d3c
                                                            0x7ff887d46d45
                                                            0x7ff887d46d49
                                                            0x7ff887d46d53
                                                            0x7ff887d46d59
                                                            0x7ff887d46d5e
                                                            0x7ff887d46d63
                                                            0x7ff887d46d6b
                                                            0x7ff887d46d77
                                                            0x7ff887d46d7f
                                                            0x7ff887d46d82
                                                            0x7ff887d46d87
                                                            0x7ff887d46d89
                                                            0x7ff887d46d92
                                                            0x7ff887d46d9a
                                                            0x7ff887d46da4
                                                            0x7ff887d46dac
                                                            0x7ff887d46db0
                                                            0x7ff887d46db4
                                                            0x7ff887d46db8
                                                            0x7ff887d46dba
                                                            0x7ff887d46dbe
                                                            0x7ff887d46dc2
                                                            0x7ff887d46dd1
                                                            0x7ff887d46dd9
                                                            0x7ff887d46ddd
                                                            0x7ff887d46dec
                                                            0x7ff887d46dfb
                                                            0x7ff887d46e02
                                                            0x7ff887d46e05
                                                            0x7ff887d46e0d
                                                            0x7ff887d46e12
                                                            0x7ff887d46e24
                                                            0x7ff887d46e27
                                                            0x7ff887d46e30
                                                            0x7ff887d46e39
                                                            0x7ff887d46e49
                                                            0x7ff887d46e4f
                                                            0x7ff887d46e57
                                                            0x7ff887d46e5e
                                                            0x7ff887d46e6e
                                                            0x7ff887d46e83
                                                            0x7ff887d46e98
                                                            0x7ff887d46e9d
                                                            0x7ff887d46eb6

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: __std_exception_copy_dclass_dsign_invalid_parameter_noinfo_noreturn
                                                            • String ID: INF$NAN$inf$nan$number is too big
                                                            • API String ID: 3571884167-1812383209
                                                            • Opcode ID: 6d6d9d6f3e28e98993cdf34eb98fdccd9669dd75bd9f3e8f34f56f9762267f41
                                                            • Instruction ID: 8dcac2cfdc1df313f330443635e61830dbefc0e2dbd18f1d95ad3d6498811f6f
                                                            • Opcode Fuzzy Hash: 6d6d9d6f3e28e98993cdf34eb98fdccd9669dd75bd9f3e8f34f56f9762267f41
                                                            • Instruction Fuzzy Hash: D5B1C422A88B8185EB508B64D4403BDB7B0FB563E4F544336EA9E17A9DDF7CE485C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D46520 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 237COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 30%
                                                            			E00007FF87FF887D46520(signed int __eax, void* __rcx, intOrPtr* __r8) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r15;
				signed int _t53;
				intOrPtr _t57;
				void* _t64;
				signed int _t66;
				signed int _t68;
				signed int _t69;
				signed int _t77;
				void* _t79;
				signed long long _t97;
				char* _t100;
				void* _t108;
				intOrPtr _t117;
				intOrPtr* _t126;
				signed int _t127;
				void* _t129;
				void* _t130;
				signed long long _t131;
				void* _t139;
				void* _t141;
				void* _t142;

				_t129 = _t130 - 0x1d0;
				_t131 = _t130 - 0x2d0;
				asm("movaps [esp+0x2c0], xmm6");
				_t97 =  *0x87d8ec78; // 0x522936145607
				 *(_t129 + 0x1b0) = _t97 ^ _t131;
				_t126 = __r8;
				asm("movaps xmm6, xmm1");
				_t141 = __rcx;
				 *((char*)(_t131 + 0x30)) = 0;
				E00007FF87FF887D43B30();
				asm("movups xmm0, [eax]");
				asm("movaps [esp+0x40], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				_t66 = ( *(__r8 + 0xc) << 0x00000019 >> 0x0000001d ^ __eax) & 0x000000ff ^ __eax;
				 *(_t131 + 0x48) = _t66;
				asm("movaps xmm0, xmm6");
				__imp___fdsign();
				if (__eax == 0) goto 0x87d465b7;
				_t68 = _t66 & 0xffffff01 | 0x00000001;
				asm("xorps xmm6, [0x35e0b]");
				goto 0x87d465c2;
				if (_t68 != 1) goto 0x87d465c6;
				_t69 = _t68 & 0xffffff00;
				 *(_t131 + 0x48) = _t69;
				asm("movaps xmm0, xmm6");
				0x87d77137();
				if (__eax <= 0) goto 0x87d46623;
				if (__eax != 1) goto 0x87d465e9;
				goto 0x87d465f7;
				_t100 = "NAN";
				_t113 =  !=  ? _t100 : "nan";
				 *((intOrPtr*)(_t131 + 0x40)) =  *(_t131 + 0x48);
				 *(_t131 + 0x48) =  !=  ? _t100 : "nan";
				_t122 = __r8;
				E00007FF87FF887D471A0(_t79, _t100, _t108, __rcx, __r8, _t131 + 0x40, _t142);
				goto 0x87d46752;
				_t53 =  *(_t126 + 0xc);
				_t77 = _t53 << 0x1c >> 0x1c;
				if (_t77 != 0) goto 0x87d46644;
				 *(_t126 + 0xc) = _t53 & 0xfffffff2 | 0x00000002;
				goto 0x87d46682;
				if (_t77 != 4) goto 0x87d46682;
				_t127 =  *(_t131 + 0x48);
				if (sil == 0) goto 0x87d4667a;
				E00007FF87FF887D4BAB0(_t108, _t141, _t122, _t127);
				 *_t100 =  *(_t127 + 0x87d7e0a4) & 0x000000ff;
				 *(_t131 + 0x48) = _t69 & 0xffffff00;
				_t57 =  *_t126;
				if (_t57 == 0) goto 0x87d4667a;
				 *_t126 = _t57 - 1;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) & 0xfffffff2;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) | 0x00000002;
				 *((long long*)(_t129 - 0x60)) = 0;
				 *((long long*)(_t129 - 0x70)) = 0x87d7baa8;
				 *((long long*)(_t129 - 0x68)) = _t129 - 0x50;
				 *((long long*)(_t129 - 0x58)) = 0x1f4;
				if (( *(_t131 + 0x44) & 0x000000ff) != 3) goto 0x87d4677b;
				if (sil == 0) goto 0x87d466cd;
				 *((char*)(_t129 - 0x50)) =  *( *(_t131 + 0x48) + 0x87d7e0a4) & 0x000000ff;
				 *((long long*)(_t129 - 0x60)) = 1;
				asm("xorps xmm0, xmm0");
				asm("cvtss2sd xmm0, xmm6");
				asm("movaps xmm1, [esp+0x40]");
				asm("movdqa [esp+0x50], xmm1");
				E00007FF87FF887D64200( *(_t127 + 0x87d7e0a4) & 0x000000ff,  *((intOrPtr*)(_t126 + 4)), _t108, _t131 + 0x50, _t129 - 0x70, _t139);
				 *((long long*)(_t131 + 0x40)) =  *((intOrPtr*)(_t129 - 0x68));
				 *(_t131 + 0x48) =  *((intOrPtr*)(_t129 - 0x60));
				E00007FF87FF887D48330(_t108, _t141, _t126, _t126, _t131 + 0x40, _t129 - 0x70, _t139, 0x87d7e0a4);
				 *((long long*)(_t129 - 0x70)) = 0x87d7baa8;
				_t117 =  *((intOrPtr*)(_t129 - 0x68));
				if (_t117 == _t129 - 0x50) goto 0x87d46752;
				if ( *((intOrPtr*)(_t129 - 0x58)) - 0x1000 < 0) goto 0x87d4674d;
				if (_t117 -  *((intOrPtr*)(_t117 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87d468b8;
				_t64 = E00007FF87FF887D65E20(E00007FF87FF887D656E4(),  *(_t127 + 0x87d7e0a4) & 0x000000ff,  *(_t129 + 0x1b0) ^ _t131);
				asm("movaps xmm6, [esp+0x2c0]");
				return _t64;
			}




























                                                            0x7ff887d4652b
                                                            0x7ff887d46533
                                                            0x7ff887d4653a
                                                            0x7ff887d46542
                                                            0x7ff887d4654c
                                                            0x7ff887d46553
                                                            0x7ff887d46556
                                                            0x7ff887d46559
                                                            0x7ff887d4655c
                                                            0x7ff887d4656e
                                                            0x7ff887d46573
                                                            0x7ff887d46576
                                                            0x7ff887d46584
                                                            0x7ff887d46589
                                                            0x7ff887d46592
                                                            0x7ff887d46594
                                                            0x7ff887d46598
                                                            0x7ff887d4659b
                                                            0x7ff887d465a3
                                                            0x7ff887d465ab
                                                            0x7ff887d465ae
                                                            0x7ff887d465b5
                                                            0x7ff887d465ba
                                                            0x7ff887d465bc
                                                            0x7ff887d465c2
                                                            0x7ff887d465c6
                                                            0x7ff887d465c9
                                                            0x7ff887d465d1
                                                            0x7ff887d465d7
                                                            0x7ff887d465e7
                                                            0x7ff887d465e9
                                                            0x7ff887d465fc
                                                            0x7ff887d46605
                                                            0x7ff887d46609
                                                            0x7ff887d46613
                                                            0x7ff887d46619
                                                            0x7ff887d4661e
                                                            0x7ff887d46623
                                                            0x7ff887d4662b
                                                            0x7ff887d46637
                                                            0x7ff887d4663f
                                                            0x7ff887d46642
                                                            0x7ff887d46647
                                                            0x7ff887d46649
                                                            0x7ff887d46652
                                                            0x7ff887d4665a
                                                            0x7ff887d46664
                                                            0x7ff887d4666c
                                                            0x7ff887d46670
                                                            0x7ff887d46674
                                                            0x7ff887d46678
                                                            0x7ff887d4667a
                                                            0x7ff887d4667e
                                                            0x7ff887d46682
                                                            0x7ff887d46691
                                                            0x7ff887d46699
                                                            0x7ff887d4669d
                                                            0x7ff887d466ac
                                                            0x7ff887d466bb
                                                            0x7ff887d466c2
                                                            0x7ff887d466c5
                                                            0x7ff887d466cd
                                                            0x7ff887d466d0
                                                            0x7ff887d466d4
                                                            0x7ff887d466d9
                                                            0x7ff887d466eb
                                                            0x7ff887d466f4
                                                            0x7ff887d466fd
                                                            0x7ff887d4670d
                                                            0x7ff887d46713
                                                            0x7ff887d4671b
                                                            0x7ff887d46722
                                                            0x7ff887d46732
                                                            0x7ff887d46747
                                                            0x7ff887d4675c
                                                            0x7ff887d46761
                                                            0x7ff887d4677a

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: __std_exception_copy_fdclass_fdsign_invalid_parameter_noinfo_noreturn
                                                            • String ID: INF$NAN$inf$nan$number is too big
                                                            • API String ID: 3310147705-1812383209
                                                            • Opcode ID: 9f5298840a802956e41cf92eeb2111b055740e70d50ef15bd4f5d77ec76a783c
                                                            • Instruction ID: 838c43bbae1a3455b0be96e231157b3c86cc76428acaf67dabee15e657c9aa76
                                                            • Opcode Fuzzy Hash: 9f5298840a802956e41cf92eeb2111b055740e70d50ef15bd4f5d77ec76a783c
                                                            • Instruction Fuzzy Hash: 2BB1E522A88B8189EB508B64E4403BDB770FB567E4F504336EA9E16A9DDF3CE485C740
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D49C50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 200COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 28%
                                                            			E00007FF87FF887D49C50(void* __rcx, long long __rdx, void* __rbp, void* __r8) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				intOrPtr _v96;
				char _v120;
				long long _v128;
				long long _v136;
				char _v152;
				long long _v160;
				long long _v168;
				intOrPtr _v178;
				short _v180;
				char _v184;
				char _v200;
				long long _v216;
				long long _v224;
				long long _v232;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				char _t58;
				void* _t71;
				void* _t83;
				void* _t84;
				void* _t85;
				signed long long _t110;
				signed long long _t111;
				long long _t115;
				void* _t121;
				void* _t134;
				long long _t135;
				char _t158;
				long long _t167;
				long long _t173;
				intOrPtr _t176;
				long long _t182;
				intOrPtr _t185;
				intOrPtr _t188;
				intOrPtr _t191;
				long long _t194;
				void* _t196;
				void* _t197;
				void* _t198;
				intOrPtr _t202;
				void* _t205;
				void* _t206;
				long long _t207;

				_t197 = __rbp;
				_t205 = _t198;
				_t199 = _t198 - 0xe0;
				_t110 =  *0x87d8ec78; // 0x522936145607
				_t111 = _t110 ^ _t198 - 0x000000e0;
				_v56 = _t111;
				_t196 = __r8;
				_t194 = __rdx;
				_t206 = __rcx;
				r15d = 0;
				_v184 = _t207;
				_v160 = 0xf;
				_v168 = 6;
				_t58 = "system"; // 0x74737973
				_v184 = _t58;
				_v180 =  *0x87d7ba84 & 0x0000ffff;
				_v178 = r15b;
				 *((long long*)(_t205 - 0x78)) = _t207;
				asm("movdqa xmm0, [0x326e3]");
				asm("repe inc ecx");
				 *((intOrPtr*)(_t205 - 0x78)) = r15b;
				E00007FF87FF887D5D640(_t134, __rcx, __r8);
				if ( &_v120 == _t111) goto 0x87d49cf7;
				_t202 =  *((intOrPtr*)(_t111 + 0x10));
				if ( *((long long*)(_t111 + 0x18)) - 0x10 < 0) goto 0x87d49ce7;
				E00007FF87FF887D49100(_t134,  &_v120,  *_t111, _t202, _t206);
				E00007FF87FF887D606F0( *((long long*)(_t111 + 0x18)) - 0x10,  *_t111,  &_v184, _t202);
				_t167 = _v160;
				if (_t167 - 0x10 < 0) goto 0x87d49d42;
				if (_t167 + 1 - 0x1000 < 0) goto 0x87d49d3d;
				_t115 = _v184 -  *((intOrPtr*)(_v184 - 8)) + 0xfffffff8;
				if (_t115 - 0x1f <= 0) goto 0x87d49d3d;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v168 = _t207;
				_v160 = 0xf;
				_v184 = 0;
				E00007FF87FF887D54280(_t84, _t134,  &_v88, _t196, _t196, _t197);
				_t135 = _t115;
				_v200 = _t194;
				E00007FF87FF887D54280(_t84, _t135,  &_v152, _t206, _t196, _t197);
				_v216 = _t135;
				_v224 =  &_v200;
				_v232 = _t115;
				r8d = 0x5f;
				_t82 = _t202 - 0x5e;
				E00007FF87FF887D45BB0(_t202 - 0x5e, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_deleteport \'{}\', {:#x}, \'{}\'");
				_t173 = _v128;
				if (_t173 - 0x10 < 0) goto 0x87d49df0;
				if (_t173 + 1 - 0x1000 < 0) goto 0x87d49deb;
				if (_v152 -  *((intOrPtr*)(_v152 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d49deb;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v136 = _t207;
				_v128 = 0xf;
				_v152 = 0;
				_t176 = _v64;
				if (_t176 - 0x10 < 0) goto 0x87d49e4f;
				if (_t176 + 1 - 0x1000 < 0) goto 0x87d49e4a;
				_t121 = _v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8;
				if (_t121 - 0x1f <= 0) goto 0x87d49e4a;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				E00007FF87FF887D4E0D0( *((intOrPtr*)(_v88 - 8)), _t176 + 0x28);
				E00007FF87FF887D54280(_t84, _t121,  &_v88, _t196, _t196, _t197);
				_t71 = E00007FF87FF887D54280(_t84, _t121,  &_v152, _t206, _t196, _t197);
				_t203 = _t121;
				E00007FF87FF887D4E6C0(_t71, _t83, _t84, _t85, _t121, _t121, _t121, _t121, _t196, _t197, _t121);
				_t182 = _v128;
				if (_t182 - 0x10 < 0) goto 0x87d49eca;
				if (_t182 + 1 - 0x1000 < 0) goto 0x87d49ec5;
				if (_v152 -  *((intOrPtr*)(_v152 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d49ec5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v136 = _t207;
				_v128 = 0xf;
				_v152 = 0;
				_t185 = _v64;
				if (_t185 - 0x10 < 0) goto 0x87d49f2a;
				if (_t185 + 1 - 0x1000 < 0) goto 0x87d49f24;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d49f24;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				E00007FF87FF887D606F0(_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f, _v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8,  &_v120, _t121);
				_t188 = _v96;
				if (_t188 - 0x10 < 0) goto 0x87d49f7e;
				_t158 = _v120;
				if (_t188 + 1 - 0x1000 < 0) goto 0x87d49f78;
				_t130 = _t158 -  *((intOrPtr*)(_t158 - 8)) + 0xfffffff8;
				_t105 = _t158 -  *((intOrPtr*)(_t158 - 8)) + 0xfffffff8 - 0x1f;
				if (_t158 -  *((intOrPtr*)(_t158 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d49f78;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				E00007FF87FF887D606F0(_t105, _t130,  &_v120, _t203);
				_t191 = _v96;
				if (_t191 - 0x10 < 0) goto 0x87d49fd9;
				if (_t191 + 1 - 0x1000 < 0) goto 0x87d49fd3;
				if (_v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d49fd3;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				return E00007FF87FF887D65E20(0, _t82, _v56 ^ _t199);
			}



















































                                                            0x7ff887d49c50
                                                            0x7ff887d49c50
                                                            0x7ff887d49c5a
                                                            0x7ff887d49c61
                                                            0x7ff887d49c68
                                                            0x7ff887d49c6b
                                                            0x7ff887d49c73
                                                            0x7ff887d49c76
                                                            0x7ff887d49c79
                                                            0x7ff887d49c7c
                                                            0x7ff887d49c7f
                                                            0x7ff887d49c84
                                                            0x7ff887d49c8d
                                                            0x7ff887d49c96
                                                            0x7ff887d49c9c
                                                            0x7ff887d49ca7
                                                            0x7ff887d49cac
                                                            0x7ff887d49cb1
                                                            0x7ff887d49cb5
                                                            0x7ff887d49cbd
                                                            0x7ff887d49cc3
                                                            0x7ff887d49cc7
                                                            0x7ff887d49cd7
                                                            0x7ff887d49cd9
                                                            0x7ff887d49ce2
                                                            0x7ff887d49cf2
                                                            0x7ff887d49cfc
                                                            0x7ff887d49d02
                                                            0x7ff887d49d0b
                                                            0x7ff887d49d1f
                                                            0x7ff887d49d2c
                                                            0x7ff887d49d34
                                                            0x7ff887d49d36
                                                            0x7ff887d49d3c
                                                            0x7ff887d49d3d
                                                            0x7ff887d49d42
                                                            0x7ff887d49d47
                                                            0x7ff887d49d50
                                                            0x7ff887d49d60
                                                            0x7ff887d49d65
                                                            0x7ff887d49d68
                                                            0x7ff887d49d75
                                                            0x7ff887d49d7b
                                                            0x7ff887d49d85
                                                            0x7ff887d49d8a
                                                            0x7ff887d49d96
                                                            0x7ff887d49da3
                                                            0x7ff887d49da7
                                                            0x7ff887d49dad
                                                            0x7ff887d49db9
                                                            0x7ff887d49dcd
                                                            0x7ff887d49de2
                                                            0x7ff887d49de4
                                                            0x7ff887d49dea
                                                            0x7ff887d49deb
                                                            0x7ff887d49df0
                                                            0x7ff887d49df8
                                                            0x7ff887d49e04
                                                            0x7ff887d49e09
                                                            0x7ff887d49e15
                                                            0x7ff887d49e2c
                                                            0x7ff887d49e39
                                                            0x7ff887d49e41
                                                            0x7ff887d49e43
                                                            0x7ff887d49e49
                                                            0x7ff887d49e4a
                                                            0x7ff887d49e4f
                                                            0x7ff887d49e62
                                                            0x7ff887d49e72
                                                            0x7ff887d49e78
                                                            0x7ff887d49e81
                                                            0x7ff887d49e87
                                                            0x7ff887d49e93
                                                            0x7ff887d49ea7
                                                            0x7ff887d49ebc
                                                            0x7ff887d49ebe
                                                            0x7ff887d49ec4
                                                            0x7ff887d49ec5
                                                            0x7ff887d49eca
                                                            0x7ff887d49ed2
                                                            0x7ff887d49ede
                                                            0x7ff887d49ee3
                                                            0x7ff887d49eef
                                                            0x7ff887d49f06
                                                            0x7ff887d49f1b
                                                            0x7ff887d49f1d
                                                            0x7ff887d49f23
                                                            0x7ff887d49f24
                                                            0x7ff887d49f32
                                                            0x7ff887d49f37
                                                            0x7ff887d49f43
                                                            0x7ff887d49f48
                                                            0x7ff887d49f5a
                                                            0x7ff887d49f67
                                                            0x7ff887d49f6b
                                                            0x7ff887d49f6f
                                                            0x7ff887d49f71
                                                            0x7ff887d49f77
                                                            0x7ff887d49f78
                                                            0x7ff887d49f8d
                                                            0x7ff887d49f92
                                                            0x7ff887d49f9e
                                                            0x7ff887d49fb5
                                                            0x7ff887d49fca
                                                            0x7ff887d49fcc
                                                            0x7ff887d49fd2
                                                            0x7ff887d49fd3
                                                            0x7ff887d49ff9

                                                            APIs
                                                              • Part of subcall function 00007FF887D5D640: __tlregdtor.LIBCMT ref: 00007FF887D5D690
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D49D36
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D49DE4
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D49E43
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D49EBE
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D49F1D
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D49F71
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                            • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_deleteport '{}', {:#x}, '{}'$system
                                                            • API String ID: 333172304-3252672930
                                                            • Opcode ID: 226080c0ce44445658238c64672bb0263095b08184b26bd6105cc1f14d8ca101
                                                            • Instruction ID: 29447758e44e17eb035416cdd8173fcee8a390aea6b7300b53319cb8b6a97a32
                                                            • Opcode Fuzzy Hash: 226080c0ce44445658238c64672bb0263095b08184b26bd6105cc1f14d8ca101
                                                            • Instruction Fuzzy Hash: 08819462A9DAC541EE50DB65E44436E6361FB957E0F404731EAAE47ADDDF7CE080C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D77570 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 185COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 30%
                                                            			E00007FF87FF887D77570(void* __edi, long long __rax, void* __rcx, long long __rdx, void* __rsi, void* __r13, void* __r14, void* __r15) {
				void* __rbx;
				void* __rdi;
				void* __rbp;
				void* _t71;
				signed int _t84;
				signed int _t86;
				intOrPtr _t90;
				intOrPtr _t116;
				int _t126;
				intOrPtr _t139;
				intOrPtr _t143;
				intOrPtr _t147;
				intOrPtr _t169;
				intOrPtr _t172;
				void* _t175;
				void* _t182;
				long long _t183;
				void* _t185;
				void* _t186;
				intOrPtr _t190;

				_t204 = __r15;
				_t202 = __r13;
				 *((long long*)(_t185 + 0x10)) = __rdx;
				_t186 = _t185 - 0x30;
				_t183 = __rdx;
				 *((long long*)(__rdx + 0x60)) = 0;
				 *((long long*)(__rdx + 0x70)) = 0;
				 *((long long*)(__rdx + 0x78)) = 0xf;
				 *((char*)(__rdx + 0x60)) = 0;
				E00007FF87FF887D656A8(_t71, __rax, __rcx);
				 *((long long*)(__rdx + 0x70)) = 0x25;
				 *((long long*)(__rdx + 0x78)) = 0x2f;
				asm("movups xmm0, [0x4a8c]");
				asm("movups [eax], xmm0");
				asm("movups xmm1, [0x4a92]");
				asm("movups [eax+0x10], xmm1");
				_t90 =  *0x87d7c068; // 0x3a6e6f69
				 *((intOrPtr*)(__rax + 0x20)) = _t90;
				 *((char*)(__rax + 0x24)) =  *0x87d7c06c & 0x000000ff;
				 *((char*)(__rax + 0x25)) = 0;
				 *((long long*)(__rdx + 0x60)) = __rax;
				_t116 =  *((intOrPtr*)( *((intOrPtr*)(__rdx + 0x50))));
				 *((intOrPtr*)(_t116 + 8))();
				if ( *((char*)(_t116 + 0xffffffff)) != 0) goto 0x87d77600;
				_t139 =  *((intOrPtr*)(__rdx + 0x70));
				if (0xffffffff -  *((intOrPtr*)(__rdx + 0x78)) - _t139 > 0) goto 0x87d7764f;
				 *((long long*)(__rdx + 0x70)) = _t139 + 0xffffffff;
				_t128 =  !=  ?  *((void*)(__rdx + 0x60)) : __rdx + 0x60;
				_t129 = ( !=  ?  *((void*)(__rdx + 0x60)) : __rdx + 0x60) + _t139;
				memmove(_t175, _t182, _t126);
				 *((char*)(( !=  ?  *((void*)(__rdx + 0x60)) : __rdx + 0x60) + _t139 + 0xffffffff)) = 0;
				goto 0x87d77663;
				 *((long long*)(_t186 + 0x20)) = 0xffffffff;
				r8d = 0;
				E00007FF87FF887D42190(__rdx + 0x60, 0xffffffff, 0, __rdx, _t116, __r13, __r15);
				_t143 =  *((intOrPtr*)(_t183 + 0x70));
				_t190 = _t143;
				if ( *((intOrPtr*)(_t183 + 0x78)) - _t143 - 0xa < 0) goto 0x87d776b2;
				 *((long long*)(_t183 + 0x70)) = _t143 + 0xa;
				_t131 =  !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60;
				_t132 = ( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t190;
				r8d = 0xa;
				memmove(??, ??, ??);
				 *((char*)(( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t190 + 0xa)) = 0;
				goto 0x87d776d2;
				 *((long long*)(_t186 + 0x20)) = 0xa;
				r8d = 0;
				_t34 = _t190 + 0xa; // 0xa
				E00007FF87FF887D42190(_t183 + 0x60, ", format: ", 0, _t183, ", format: ", _t202, _t204);
				if ( *((char*)( *((intOrPtr*)(_t183 + 0x40)) + 0xffffffff)) != 0) goto 0x87d776e0;
				_t147 =  *((intOrPtr*)(_t183 + 0x70));
				if (0xffffffff -  *((intOrPtr*)(_t183 + 0x78)) - _t147 > 0) goto 0x87d77730;
				 *((long long*)(_t183 + 0x70)) = _t147 + 0xffffffff;
				_t134 =  !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60;
				_t135 = ( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t147;
				memmove(??, ??, ??);
				 *((char*)(( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t147 + 0xffffffff)) = 0;
				goto 0x87d77744;
				 *((long long*)(_t186 + 0x20)) = 0xffffffff;
				r8d = 0;
				E00007FF87FF887D42190(_t183 + 0x60, 0xffffffff, 0, _t183,  *((intOrPtr*)(_t183 + 0x40)), _t202, _t204);
				 *((long long*)(_t183 + 0x80)) = 0;
				 *((long long*)(_t183 + 0x90)) = 0;
				 *((long long*)(_t183 + 0x98)) = 0xf;
				 *((char*)(_t183 + 0x80)) = 0;
				asm("o16 nop [eax+eax]");
				if ( *((char*)( *((intOrPtr*)(_t183 + 0x48)) + 0xffffffff)) != 0) goto 0x87d77780;
				E00007FF87FF887D49100(( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t147, _t183 + 0x80,  *((intOrPtr*)(_t183 + 0x48)), 0, __r14);
				_t84 = E00007FF87FF887D5E5B0( *((intOrPtr*)(_t183 + 0x38)), _t34,  *((intOrPtr*)(_t183 + 0x78)) - _t147, ( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t147, _t183 + 0x80, _t183 + 0x80, __rsi, _t183,  *((intOrPtr*)(_t183 + 0x30)), _t183 + 0x60);
				_t169 =  *((intOrPtr*)(_t183 + 0x98));
				if ((_t84 & 0xffffff00 | _t169 - 0x00000010 >= 0x00000000) == 0) goto 0x87d777fb;
				if (_t169 + 1 - 0x1000 < 0) goto 0x87d777f5;
				_t64 =  *((intOrPtr*)(_t183 + 0x80)) -  *((intOrPtr*)( *((intOrPtr*)(_t183 + 0x80)) - 8)) - 8; // -8
				if (_t64 - 0x1f > 0) goto 0x87d777ee;
				goto 0x87d777f5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t86 = E00007FF87FF887D656E4();
				_t172 =  *((intOrPtr*)(_t183 + 0x78));
				if ((_t86 & 0xffffff00 | _t172 - 0x00000010 >= 0x00000000) == 0) goto 0x87d77841;
				if (_t172 + 1 - 0x1000 < 0) goto 0x87d7783b;
				_t70 =  *((intOrPtr*)(_t183 + 0x60)) -  *((intOrPtr*)( *((intOrPtr*)(_t183 + 0x60)) - 8)) - 8; // -8
				if (_t70 - 0x1f > 0) goto 0x87d77834;
				goto 0x87d7783b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887D656E4();
			}























                                                            0x7ff887d77570
                                                            0x7ff887d77570
                                                            0x7ff887d77570
                                                            0x7ff887d77578
                                                            0x7ff887d7757c
                                                            0x7ff887d7757f
                                                            0x7ff887d77587
                                                            0x7ff887d7758f
                                                            0x7ff887d77597
                                                            0x7ff887d775a0
                                                            0x7ff887d775a5
                                                            0x7ff887d775ad
                                                            0x7ff887d775b5
                                                            0x7ff887d775bc
                                                            0x7ff887d775bf
                                                            0x7ff887d775c6
                                                            0x7ff887d775ca
                                                            0x7ff887d775d0
                                                            0x7ff887d775da
                                                            0x7ff887d775dd
                                                            0x7ff887d775e1
                                                            0x7ff887d775e9
                                                            0x7ff887d775ec
                                                            0x7ff887d77607
                                                            0x7ff887d77609
                                                            0x7ff887d7761d
                                                            0x7ff887d77622
                                                            0x7ff887d77633
                                                            0x7ff887d77638
                                                            0x7ff887d77644
                                                            0x7ff887d77649
                                                            0x7ff887d7764d
                                                            0x7ff887d7764f
                                                            0x7ff887d77654
                                                            0x7ff887d7765e
                                                            0x7ff887d77663
                                                            0x7ff887d77667
                                                            0x7ff887d77678
                                                            0x7ff887d7767e
                                                            0x7ff887d7768f
                                                            0x7ff887d77694
                                                            0x7ff887d77697
                                                            0x7ff887d776a7
                                                            0x7ff887d776ac
                                                            0x7ff887d776b0
                                                            0x7ff887d776b2
                                                            0x7ff887d776c2
                                                            0x7ff887d776c5
                                                            0x7ff887d776cd
                                                            0x7ff887d776e8
                                                            0x7ff887d776ea
                                                            0x7ff887d776fe
                                                            0x7ff887d77703
                                                            0x7ff887d77714
                                                            0x7ff887d77719
                                                            0x7ff887d77725
                                                            0x7ff887d7772a
                                                            0x7ff887d7772e
                                                            0x7ff887d77730
                                                            0x7ff887d77735
                                                            0x7ff887d7773f
                                                            0x7ff887d77744
                                                            0x7ff887d7774f
                                                            0x7ff887d7775a
                                                            0x7ff887d77765
                                                            0x7ff887d77777
                                                            0x7ff887d77788
                                                            0x7ff887d77791
                                                            0x7ff887d777a9
                                                            0x7ff887d777af
                                                            0x7ff887d777bf
                                                            0x7ff887d777d2
                                                            0x7ff887d777df
                                                            0x7ff887d777e7
                                                            0x7ff887d777ec
                                                            0x7ff887d777ee
                                                            0x7ff887d777f4
                                                            0x7ff887d777f5
                                                            0x7ff887d777fb
                                                            0x7ff887d77808
                                                            0x7ff887d77818
                                                            0x7ff887d77825
                                                            0x7ff887d7782d
                                                            0x7ff887d77832
                                                            0x7ff887d77834
                                                            0x7ff887d7783a
                                                            0x7ff887d77852

                                                            APIs
                                                              • Part of subcall function 00007FF887D656A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887D48F4E), ref: 00007FF887D656C2
                                                            • memmove.VCRUNTIME140 ref: 00007FF887D77644
                                                            • memmove.VCRUNTIME140 ref: 00007FF887D776A7
                                                            • memmove.VCRUNTIME140 ref: 00007FF887D77725
                                                              • Part of subcall function 00007FF887D42190: memmove.VCRUNTIME140 ref: 00007FF887D4227D
                                                              • Part of subcall function 00007FF887D42190: memmove.VCRUNTIME140 ref: 00007FF887D4228B
                                                              • Part of subcall function 00007FF887D42190: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D422C4
                                                              • Part of subcall function 00007FF887D42190: memmove.VCRUNTIME140 ref: 00007FF887D422CE
                                                              • Part of subcall function 00007FF887D42190: memmove.VCRUNTIME140 ref: 00007FF887D422DC
                                                              • Part of subcall function 00007FF887D42190: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887D42311
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D777EE
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D77834
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memmove$_invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskmalloc
                                                            • String ID: %$, format: $/$ion:
                                                            • API String ID: 1572157692-3554288949
                                                            • Opcode ID: faff6170a70bc7182dc5a3738a3de080a9f083ead64c6a0946783119d2ec3fa3
                                                            • Instruction ID: a77d511fb083c808f24f0142d1ffb5055a299e3b4a18ddeab2f4ba9b0ba7890f
                                                            • Opcode Fuzzy Hash: faff6170a70bc7182dc5a3738a3de080a9f083ead64c6a0946783119d2ec3fa3
                                                            • Instruction Fuzzy Hash: CE816D62A457858AEB108F38D9443EC27A1FB41BE8F585731EA9E0BA99DF78D584C340
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D77250 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 182COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 31%
                                                            			E00007FF87FF887D77250(void* __edi, long long __rax, void* __rcx, long long __rdx, void* __rsi, void* __r13, void* __r14, void* __r15) {
				void* __rbx;
				void* __rdi;
				void* __rbp;
				void* _t71;
				signed int _t84;
				signed int _t86;
				intOrPtr _t90;
				intOrPtr _t116;
				int _t126;
				intOrPtr _t139;
				intOrPtr _t143;
				intOrPtr _t147;
				intOrPtr _t169;
				intOrPtr _t172;
				void* _t175;
				void* _t182;
				long long _t183;
				void* _t185;
				void* _t186;
				intOrPtr _t190;

				_t204 = __r15;
				_t202 = __r13;
				 *((long long*)(_t185 + 0x10)) = __rdx;
				_t186 = _t185 - 0x30;
				_t183 = __rdx;
				 *((long long*)(__rdx + 0x70)) = 0;
				 *((long long*)(__rdx + 0x80)) = 0;
				 *((long long*)(__rdx + 0x88)) = 0xf;
				 *((char*)(__rdx + 0x70)) = 0;
				E00007FF87FF887D656A8(_t71, __rax, __rcx);
				 *((long long*)(__rdx + 0x80)) = 0x25;
				 *((long long*)(__rdx + 0x88)) = 0x2f;
				asm("movups xmm0, [0x4da0]");
				asm("movups [eax], xmm0");
				asm("movups xmm1, [0x4da6]");
				asm("movups [eax+0x10], xmm1");
				_t90 =  *0x87d7c068; // 0x3a6e6f69
				 *((intOrPtr*)(__rax + 0x20)) = _t90;
				 *((char*)(__rax + 0x24)) =  *0x87d7c06c & 0x000000ff;
				 *((char*)(__rax + 0x25)) = 0;
				 *((long long*)(__rdx + 0x70)) = __rax;
				_t116 =  *((intOrPtr*)( *((intOrPtr*)(__rdx + 0x60))));
				 *((intOrPtr*)(_t116 + 8))();
				if ( *((char*)(_t116 + 0xffffffff)) != 0) goto 0x87d772e5;
				_t139 =  *((intOrPtr*)(__rdx + 0x80));
				if (0xffffffff -  *((intOrPtr*)(__rdx + 0x88)) - _t139 > 0) goto 0x87d7733d;
				 *((long long*)(__rdx + 0x80)) = _t139 + 0xffffffff;
				_t128 =  !=  ?  *((void*)(__rdx + 0x70)) : __rdx + 0x70;
				_t129 = ( !=  ?  *((void*)(__rdx + 0x70)) : __rdx + 0x70) + _t139;
				memmove(_t175, _t182, _t126);
				 *((char*)(( !=  ?  *((void*)(__rdx + 0x70)) : __rdx + 0x70) + _t139 + 0xffffffff)) = 0;
				goto 0x87d77351;
				 *((long long*)(_t186 + 0x20)) = 0xffffffff;
				r8d = 0;
				E00007FF87FF887D42190(__rdx + 0x70, 0xffffffff, 0, __rdx, _t116, __r13, __r15);
				_t143 =  *((intOrPtr*)(_t183 + 0x80));
				_t190 = _t143;
				if ( *((intOrPtr*)(_t183 + 0x88)) - _t143 - 0xa < 0) goto 0x87d773a9;
				 *((long long*)(_t183 + 0x80)) = _t143 + 0xa;
				_t131 =  !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70;
				_t132 = ( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t190;
				r8d = 0xa;
				memmove(??, ??, ??);
				 *((char*)(( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t190 + 0xa)) = 0;
				goto 0x87d773c9;
				 *((long long*)(_t186 + 0x20)) = 0xa;
				r8d = 0;
				_t34 = _t190 + 0xa; // 0xa
				E00007FF87FF887D42190(_t183 + 0x70, ", format: ", 0, _t183, ", format: ", _t202, _t204);
				if ( *((char*)( *((intOrPtr*)(_t183 + 0x50)) + 0xffffffff)) != 0) goto 0x87d773d4;
				_t147 =  *((intOrPtr*)(_t183 + 0x80));
				if (0xffffffff -  *((intOrPtr*)(_t183 + 0x88)) - _t147 > 0) goto 0x87d7742d;
				 *((long long*)(_t183 + 0x80)) = _t147 + 0xffffffff;
				_t134 =  !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70;
				_t135 = ( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t147;
				memmove(??, ??, ??);
				 *((char*)(( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t147 + 0xffffffff)) = 0;
				goto 0x87d77441;
				 *((long long*)(_t186 + 0x20)) = 0xffffffff;
				r8d = 0;
				E00007FF87FF887D42190(_t183 + 0x70, 0xffffffff, 0, _t183,  *((intOrPtr*)(_t183 + 0x50)), _t202, _t204);
				 *((long long*)(_t183 + 0x90)) = 0;
				 *((long long*)(_t183 + 0xa0)) = 0;
				 *((long long*)(_t183 + 0xa8)) = 0xf;
				 *((char*)(_t183 + 0x90)) = 0;
				if ( *((char*)( *((intOrPtr*)(_t183 + 0x58)) + 0xffffffff)) != 0) goto 0x87d77474;
				E00007FF87FF887D49100(( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t147, _t183 + 0x90,  *((intOrPtr*)(_t183 + 0x58)), 0, __r14);
				_t84 = E00007FF87FF887D5E5B0( *((intOrPtr*)(_t183 + 0x38)), _t34,  *((intOrPtr*)(_t183 + 0x88)) - _t147, ( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t147, _t183 + 0x90, _t183 + 0x90, __rsi, _t183,  *((intOrPtr*)(_t183 + 0x30)), _t183 + 0x70);
				_t169 =  *((intOrPtr*)(_t183 + 0xa8));
				if ((_t84 & 0xffffff00 | _t169 - 0x00000010 >= 0x00000000) == 0) goto 0x87d774ef;
				if (_t169 + 1 - 0x1000 < 0) goto 0x87d774e9;
				_t64 =  *((intOrPtr*)(_t183 + 0x90)) -  *((intOrPtr*)( *((intOrPtr*)(_t183 + 0x90)) - 8)) - 8; // -8
				if (_t64 - 0x1f > 0) goto 0x87d774e2;
				goto 0x87d774e9;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t86 = E00007FF87FF887D656E4();
				_t172 =  *((intOrPtr*)(_t183 + 0x88));
				if ((_t86 & 0xffffff00 | _t172 - 0x00000010 >= 0x00000000) == 0) goto 0x87d77538;
				if (_t172 + 1 - 0x1000 < 0) goto 0x87d77532;
				_t70 =  *((intOrPtr*)(_t183 + 0x70)) -  *((intOrPtr*)( *((intOrPtr*)(_t183 + 0x70)) - 8)) - 8; // -8
				if (_t70 - 0x1f > 0) goto 0x87d7752b;
				goto 0x87d77532;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887D656E4();
			}























                                                            0x7ff887d77250
                                                            0x7ff887d77250
                                                            0x7ff887d77250
                                                            0x7ff887d77258
                                                            0x7ff887d7725c
                                                            0x7ff887d7725f
                                                            0x7ff887d77267
                                                            0x7ff887d77272
                                                            0x7ff887d7727d
                                                            0x7ff887d77286
                                                            0x7ff887d7728b
                                                            0x7ff887d77296
                                                            0x7ff887d772a1
                                                            0x7ff887d772a8
                                                            0x7ff887d772ab
                                                            0x7ff887d772b2
                                                            0x7ff887d772b6
                                                            0x7ff887d772bc
                                                            0x7ff887d772c6
                                                            0x7ff887d772c9
                                                            0x7ff887d772cd
                                                            0x7ff887d772d5
                                                            0x7ff887d772d8
                                                            0x7ff887d772ec
                                                            0x7ff887d772ee
                                                            0x7ff887d77308
                                                            0x7ff887d7730d
                                                            0x7ff887d77321
                                                            0x7ff887d77326
                                                            0x7ff887d77332
                                                            0x7ff887d77337
                                                            0x7ff887d7733b
                                                            0x7ff887d7733d
                                                            0x7ff887d77342
                                                            0x7ff887d7734c
                                                            0x7ff887d77351
                                                            0x7ff887d77358
                                                            0x7ff887d7736c
                                                            0x7ff887d77372
                                                            0x7ff887d77386
                                                            0x7ff887d7738b
                                                            0x7ff887d7738e
                                                            0x7ff887d7739e
                                                            0x7ff887d773a3
                                                            0x7ff887d773a7
                                                            0x7ff887d773a9
                                                            0x7ff887d773b9
                                                            0x7ff887d773bc
                                                            0x7ff887d773c4
                                                            0x7ff887d773dc
                                                            0x7ff887d773de
                                                            0x7ff887d773f8
                                                            0x7ff887d773fd
                                                            0x7ff887d77411
                                                            0x7ff887d77416
                                                            0x7ff887d77422
                                                            0x7ff887d77427
                                                            0x7ff887d7742b
                                                            0x7ff887d7742d
                                                            0x7ff887d77432
                                                            0x7ff887d7743c
                                                            0x7ff887d77441
                                                            0x7ff887d7744c
                                                            0x7ff887d77457
                                                            0x7ff887d77462
                                                            0x7ff887d7747c
                                                            0x7ff887d77485
                                                            0x7ff887d7749d
                                                            0x7ff887d774a3
                                                            0x7ff887d774b3
                                                            0x7ff887d774c6
                                                            0x7ff887d774d3
                                                            0x7ff887d774db
                                                            0x7ff887d774e0
                                                            0x7ff887d774e2
                                                            0x7ff887d774e8
                                                            0x7ff887d774e9
                                                            0x7ff887d774ef
                                                            0x7ff887d774ff
                                                            0x7ff887d7750f
                                                            0x7ff887d7751c
                                                            0x7ff887d77524
                                                            0x7ff887d77529
                                                            0x7ff887d7752b
                                                            0x7ff887d77531
                                                            0x7ff887d77549

                                                            APIs
                                                              • Part of subcall function 00007FF887D656A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887D48F4E), ref: 00007FF887D656C2
                                                            • memmove.VCRUNTIME140 ref: 00007FF887D77332
                                                            • memmove.VCRUNTIME140 ref: 00007FF887D7739E
                                                            • memmove.VCRUNTIME140 ref: 00007FF887D77422
                                                              • Part of subcall function 00007FF887D42190: memmove.VCRUNTIME140 ref: 00007FF887D4227D
                                                              • Part of subcall function 00007FF887D42190: memmove.VCRUNTIME140 ref: 00007FF887D4228B
                                                              • Part of subcall function 00007FF887D42190: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D422C4
                                                              • Part of subcall function 00007FF887D42190: memmove.VCRUNTIME140 ref: 00007FF887D422CE
                                                              • Part of subcall function 00007FF887D42190: memmove.VCRUNTIME140 ref: 00007FF887D422DC
                                                              • Part of subcall function 00007FF887D42190: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887D42311
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D774E2
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D7752B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memmove$_invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskmalloc
                                                            • String ID: %$, format: $/$ion:
                                                            • API String ID: 1572157692-3554288949
                                                            • Opcode ID: d8fa846999dc6887ed0151b9e4cf413d19c92a27b04199a7d7cb26b344e886b1
                                                            • Instruction ID: 447aa5ba1ea5a5f3f23c56c6e30538ee75a770bc66ded8d1b36847e2e6b6bab6
                                                            • Opcode Fuzzy Hash: d8fa846999dc6887ed0151b9e4cf413d19c92a27b04199a7d7cb26b344e886b1
                                                            • Instruction Fuzzy Hash: 8B818F62A457C589EB208F34D8403ED27A1FB417E8F585735DA9E0BADADF78D189C340
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D75FA0 Relevance: 15.1, APIs: 10, Instructions: 139COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: Event$CloseHandle$Create$ObjectOpenResetSingleWait
                                                            • String ID:
                                                            • API String ID: 3951656645-0
                                                            • Opcode ID: e70b6efb45fd57b730ffd615a8e7d69745b853a7db37e14f4ef59c49c9d22bbf
                                                            • Instruction ID: cd229be64c04dcc8e9f1f0d172be03d8521150b0a39ab9842b3605879e1baf72
                                                            • Opcode Fuzzy Hash: e70b6efb45fd57b730ffd615a8e7d69745b853a7db37e14f4ef59c49c9d22bbf
                                                            • Instruction Fuzzy Hash: 4D51913264C68186EB518B14E54433EB7B1FB86BE5F540335EA9E07A9DEF2DD444CB00
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D6AAD0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 218COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 29%
                                                            			E00007FF87FF887D6AAD0(long long __rbx, long long* __rcx, void* __rdx, long long __rsi) {
				void* _t21;
				void* _t22;
				void* _t26;
				long long _t44;
				long long _t50;
				unsigned long long _t57;
				signed long long _t66;
				int _t71;
				long long* _t72;
				long long _t79;
				unsigned long long _t80;
				void* _t82;
				void* _t86;
				intOrPtr _t87;
				void* _t89;
				signed long long _t90;

				 *((long long*)(_t82 + 8)) = __rbx;
				 *((long long*)(_t82 + 0x10)) = _t79;
				 *((long long*)(_t82 + 0x18)) = __rsi;
				_t72 = __rcx;
				_t87 =  *((intOrPtr*)(__rcx + 0x10));
				if (0xffffffff - _t87 - __rdx < 0) goto 0x87d6ac11;
				_t90 = _t87 + __rdx;
				_t80 =  *((intOrPtr*)(__rcx + 0x18));
				_t66 = _t90 | 0x0000000f;
				if (_t66 - 0xffffffff > 0) goto 0x87d6ab56;
				_t57 = _t80 >> 1;
				if (_t80 - 0xffffffff - _t57 > 0) goto 0x87d6ab56;
				_t50 =  <  ? _t57 + _t80 : _t66;
				_t44 = _t50 + 1;
				if (_t44 - 0x1000 < 0) goto 0x87d6ab7f;
				if (_t44 + 0x27 - _t44 <= 0) goto 0x87d6ac17;
				goto 0x87d6ab60;
				_t22 = E00007FF87FF887D656A8(_t21, _t44, 0x27);
				if (_t44 == 0) goto 0x87d6ab78;
				_t10 = _t44 + 0x27; // 0x27
				 *((long long*)((_t10 & 0xffffffe0) - 8)) = _t44;
				goto 0x87d6ab93;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				if (_t44 == 0) goto 0x87d6ab91;
				E00007FF87FF887D656A8(_t22, _t44, _t44);
				goto 0x87d6ab93;
				 *(_t72 + 0x10) = _t90;
				 *((long long*)(_t72 + 0x18)) = _t50;
				if (_t80 - 0x10 < 0) goto 0x87d6abea;
				memmove(_t89, _t86, _t71);
				_t15 = _t80 + 1; // 0x7ff887d6aee2
				if (_t15 - 0x1000 < 0) goto 0x87d6abd8;
				_t17 =  *_t72 -  *((intOrPtr*)( *_t72 - 8)) - 8; // 0x7ffffffffffffff7
				if (_t17 - 0x1f > 0) goto 0x87d6abe3;
				E00007FF87FF887D656E4();
				goto 0x87d6abf2;
				__imp___invalid_parameter_noinfo_noreturn();
				_t26 = memmove(??, ??, ??);
				 *_t72 = _t44;
				return _t26;
			}



















                                                            0x7ff887d6aad0
                                                            0x7ff887d6aad5
                                                            0x7ff887d6aada
                                                            0x7ff887d6aae8
                                                            0x7ff887d6aaeb
                                                            0x7ff887d6ab02
                                                            0x7ff887d6ab08
                                                            0x7ff887d6ab0c
                                                            0x7ff887d6ab13
                                                            0x7ff887d6ab1a
                                                            0x7ff887d6ab1f
                                                            0x7ff887d6ab2b
                                                            0x7ff887d6ab37
                                                            0x7ff887d6ab3b
                                                            0x7ff887d6ab45
                                                            0x7ff887d6ab4e
                                                            0x7ff887d6ab54
                                                            0x7ff887d6ab60
                                                            0x7ff887d6ab68
                                                            0x7ff887d6ab6a
                                                            0x7ff887d6ab72
                                                            0x7ff887d6ab76
                                                            0x7ff887d6ab78
                                                            0x7ff887d6ab7e
                                                            0x7ff887d6ab82
                                                            0x7ff887d6ab87
                                                            0x7ff887d6ab8f
                                                            0x7ff887d6ab93
                                                            0x7ff887d6ab97
                                                            0x7ff887d6aba6
                                                            0x7ff887d6abae
                                                            0x7ff887d6abb3
                                                            0x7ff887d6abbe
                                                            0x7ff887d6abcb
                                                            0x7ff887d6abd3
                                                            0x7ff887d6abdb
                                                            0x7ff887d6abe1
                                                            0x7ff887d6abe3
                                                            0x7ff887d6abed
                                                            0x7ff887d6abf2
                                                            0x7ff887d6ac10

                                                            APIs
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF887D6AD8C), ref: 00007FF887D6AB78
                                                            • memmove.VCRUNTIME140(?,?,00007FF887D6AD8C), ref: 00007FF887D6ABAE
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00007FF887D6AD8C), ref: 00007FF887D6ABE3
                                                            • memmove.VCRUNTIME140(?,?,00007FF887D6AD8C), ref: 00007FF887D6ABED
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887D6AC17
                                                            • ?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z.MSVCP140 ref: 00007FF887D6ACCE
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturnmemmove$?out@?$codecvt@_Concurrency::cancel_current_taskMbstatet@@Mbstatet@@@std@@
                                                            • String ID: Could not convert character encoding$libs\log\src\code_conversion.cpp
                                                            • API String ID: 3477520665-1764552477
                                                            • Opcode ID: d4c76cade3ef9cea3b522cf51c1e2f0f329956eac3a2e36d547df32bdf9192e5
                                                            • Instruction ID: 95cce97feef73188abc3eda93d3c7275ce13b014455f0ea2086f8a21c31e199b
                                                            • Opcode Fuzzy Hash: d4c76cade3ef9cea3b522cf51c1e2f0f329956eac3a2e36d547df32bdf9192e5
                                                            • Instruction Fuzzy Hash: B581E162B49B8185EA109B55E4002EE6775FB88BD4F944632EF9E07B9DDF7CE580C380
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D4FB10 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 201COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 17%
                                                            			E00007FF87FF887D4FB10(void* __eflags, long long __rcx, intOrPtr* __rdx) {
				void* __rbx;
				void* __rbp;
				void* _t80;
				void* _t83;
				signed long long _t114;
				long long _t134;
				signed long long _t163;
				signed long long _t166;
				signed long long _t169;
				intOrPtr _t172;
				signed long long _t178;
				intOrPtr _t181;
				void* _t184;
				void* _t185;
				void* _t186;

				_t185 = _t186 - 0x47;
				_t114 =  *0x87d8ec78; // 0x522936145607
				 *(_t185 + 0x3f) = _t114 ^ _t186 - 0x000000b0;
				_t134 = __rcx;
				 *((intOrPtr*)(_t185 - 0x49)) = r8d;
				r8d = r8d - 1;
				if (__eflags == 0) goto 0x87d4fced;
				if (r8d != 1) goto 0x87d4fdc3;
				E00007FF87FF887D4D4C0(_t114 ^ _t186 - 0x000000b0, __rcx, _t185 - 0x21,  *__rdx, _t184);
				_t158 =  >=  ?  *((void*)(_t185 - 0x21)) : _t185 - 0x21;
				E00007FF87FF887D53FF0(_t80, _t134, _t185 - 0x41,  >=  ?  *((void*)(_t185 - 0x21)) : _t185 - 0x21, _t184, _t185);
				if ( *((long long*)(_t134 + 0x38)) - 0x10 < 0) goto 0x87d4fb7c;
				E00007FF87FF887D53FF0(_t80, _t134, _t185 + 0x1f,  *((intOrPtr*)(_t134 + 0x20)), _t184, _t185);
				if ( *((long long*)(_t134 + 0x58)) - 0x10 < 0) goto 0x87d4fb94;
				E00007FF87FF887D53FF0(_t80, _t134, _t185 - 1,  *((intOrPtr*)(_t134 + 0x40)), _t184, _t185);
				_t163 =  *((intOrPtr*)(_t185 + 0x17));
				if (_t163 - 8 < 0) goto 0x87d4fbf0;
				if (2 + _t163 * 2 - 0x1000 < 0) goto 0x87d4fbeb;
				if ( *((intOrPtr*)(_t185 - 1)) -  *((intOrPtr*)( *((intOrPtr*)(_t185 - 1)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4fbeb;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				 *((long long*)(_t185 + 0xf)) = _t134;
				 *((long long*)(_t185 + 0x17)) = 7;
				 *((short*)(_t185 - 1)) = 0;
				_t166 =  *((intOrPtr*)(_t185 + 0x37));
				if (_t166 - 8 < 0) goto 0x87d4fc45;
				if (2 + _t166 * 2 - 0x1000 < 0) goto 0x87d4fc40;
				if ( *((intOrPtr*)(_t185 + 0x1f)) -  *((intOrPtr*)( *((intOrPtr*)(_t185 + 0x1f)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4fc40;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				 *((long long*)(_t185 + 0x2f)) = _t134;
				 *((long long*)(_t185 + 0x37)) = 7;
				 *((short*)(_t185 + 0x1f)) = 0;
				_t169 =  *((intOrPtr*)(_t185 - 0x29));
				if (_t169 - 8 < 0) goto 0x87d4fc98;
				if (2 + _t169 * 2 - 0x1000 < 0) goto 0x87d4fc93;
				if ( *((intOrPtr*)(_t185 - 0x41)) -  *((intOrPtr*)( *((intOrPtr*)(_t185 - 0x41)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4fc93;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				 *((long long*)(_t185 - 0x31)) = _t134;
				 *((long long*)(_t185 - 0x29)) = 7;
				 *((short*)(_t185 - 0x41)) = 0;
				_t172 =  *((intOrPtr*)(_t185 - 9));
				if (_t172 - 0x10 < 0) goto 0x87d4fdaa;
				_t146 =  *((intOrPtr*)(_t185 - 0x21));
				if (_t172 + 1 - 0x1000 < 0) goto 0x87d4fda5;
				if ( *((intOrPtr*)(_t185 - 0x21)) -  *((intOrPtr*)(_t146 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4fda5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D4D4C0( *((intOrPtr*)(_t185 - 0x21)) -  *((intOrPtr*)(_t146 - 8)) + 0xfffffff8, _t134,  *((intOrPtr*)(_t146 - 8)),  *((intOrPtr*)(_t172 + 0x28)), _t184);
				_t177 =  >=  ?  *((void*)(_t185 - 0x21)) : _t185 - 0x21;
				E00007FF87FF887D53FF0(0, _t134, _t185 - 0x41,  >=  ?  *((void*)(_t185 - 0x21)) : _t185 - 0x21, _t184, _t185);
				_t178 =  *((intOrPtr*)(_t185 - 0x29));
				if (_t178 - 8 < 0) goto 0x87d4fd5a;
				if (2 + _t178 * 2 - 0x1000 < 0) goto 0x87d4fd55;
				if ( *((intOrPtr*)(_t185 - 0x41)) -  *((intOrPtr*)( *((intOrPtr*)(_t185 - 0x41)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4fd55;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				 *((long long*)(_t185 - 0x31)) = _t134;
				 *((long long*)(_t185 - 0x29)) = 7;
				 *((short*)(_t185 - 0x41)) = 0;
				_t181 =  *((intOrPtr*)(_t185 - 9));
				if (_t181 - 0x10 < 0) goto 0x87d4fdaa;
				if (_t181 + 1 - 0x1000 < 0) goto 0x87d4fda5;
				if ( *((intOrPtr*)(_t185 - 0x21)) -  *((intOrPtr*)( *((intOrPtr*)(_t185 - 0x21)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4fda5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				return E00007FF87FF887D65E20(0xa + ( *((intOrPtr*)(_t185 - 0x21)) -  *((intOrPtr*)(_t146 - 8)) + 0xfffffff8) * 2, _t83,  *(_t185 + 0x3f) ^ _t186 - 0x000000b0);
			}


















                                                            0x7ff887d4fb14
                                                            0x7ff887d4fb20
                                                            0x7ff887d4fb2a
                                                            0x7ff887d4fb2e
                                                            0x7ff887d4fb31
                                                            0x7ff887d4fb35
                                                            0x7ff887d4fb3d
                                                            0x7ff887d4fb47
                                                            0x7ff887d4fb50
                                                            0x7ff887d4fb5f
                                                            0x7ff887d4fb68
                                                            0x7ff887d4fb77
                                                            0x7ff887d4fb80
                                                            0x7ff887d4fb8f
                                                            0x7ff887d4fb98
                                                            0x7ff887d4fbad
                                                            0x7ff887d4fbb5
                                                            0x7ff887d4fbcd
                                                            0x7ff887d4fbe2
                                                            0x7ff887d4fbe4
                                                            0x7ff887d4fbea
                                                            0x7ff887d4fbeb
                                                            0x7ff887d4fbf2
                                                            0x7ff887d4fbf6
                                                            0x7ff887d4fbfe
                                                            0x7ff887d4fc02
                                                            0x7ff887d4fc0a
                                                            0x7ff887d4fc22
                                                            0x7ff887d4fc37
                                                            0x7ff887d4fc39
                                                            0x7ff887d4fc3f
                                                            0x7ff887d4fc40
                                                            0x7ff887d4fc45
                                                            0x7ff887d4fc49
                                                            0x7ff887d4fc51
                                                            0x7ff887d4fc55
                                                            0x7ff887d4fc5d
                                                            0x7ff887d4fc75
                                                            0x7ff887d4fc8a
                                                            0x7ff887d4fc8c
                                                            0x7ff887d4fc92
                                                            0x7ff887d4fc93
                                                            0x7ff887d4fc98
                                                            0x7ff887d4fc9c
                                                            0x7ff887d4fca4
                                                            0x7ff887d4fca8
                                                            0x7ff887d4fcb0
                                                            0x7ff887d4fcb9
                                                            0x7ff887d4fcc7
                                                            0x7ff887d4fce0
                                                            0x7ff887d4fce6
                                                            0x7ff887d4fcec
                                                            0x7ff887d4fcf0
                                                            0x7ff887d4fcff
                                                            0x7ff887d4fd08
                                                            0x7ff887d4fd17
                                                            0x7ff887d4fd1f
                                                            0x7ff887d4fd37
                                                            0x7ff887d4fd4c
                                                            0x7ff887d4fd4e
                                                            0x7ff887d4fd54
                                                            0x7ff887d4fd55
                                                            0x7ff887d4fd5c
                                                            0x7ff887d4fd60
                                                            0x7ff887d4fd68
                                                            0x7ff887d4fd6c
                                                            0x7ff887d4fd74
                                                            0x7ff887d4fd87
                                                            0x7ff887d4fd9c
                                                            0x7ff887d4fd9e
                                                            0x7ff887d4fda4
                                                            0x7ff887d4fda5
                                                            0x7ff887d4fdc2

                                                            APIs
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4FBE4
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4FC39
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4FC8C
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4FCE6
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4FD4E
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4FD9E
                                                            • _CxxThrowException.VCRUNTIME140 ref: 00007FF887D4FDEB
                                                              • Part of subcall function 00007FF887D53FF0: MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FF887D53B6C), ref: 00007FF887D5404F
                                                              • Part of subcall function 00007FF887D53FF0: memset.VCRUNTIME140(?,?,?,?,00000000,?,?,?,00000000,00007FF887D53B6C), ref: 00007FF887D540AC
                                                              • Part of subcall function 00007FF887D53FF0: MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FF887D53B6C), ref: 00007FF887D540EA
                                                              • Part of subcall function 00007FF887D53FF0: MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FF887D53B6C), ref: 00007FF887D54117
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$ByteCharMultiWide$ExceptionThrowmemset
                                                            • String ID: port level {} is invalid
                                                            • API String ID: 2707084545-1214850675
                                                            • Opcode ID: 4a0a4fa043a0ed611f0e9e4ce8093e1eb79f0e2ea7fa222c73836a595fab8e3b
                                                            • Instruction ID: a5f51040d1f42ac7ad3610b1027c33e458ae54889181db8014059c784382f058
                                                            • Opcode Fuzzy Hash: 4a0a4fa043a0ed611f0e9e4ce8093e1eb79f0e2ea7fa222c73836a595fab8e3b
                                                            • Instruction Fuzzy Hash: 768170A2F9964285FF40DBA8D4843AC2332BB447E8F445735DA2E47AEDDE78E485C304
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D54690 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 134COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(-00000068,?,?,[uninitialized],?,00007FF887D66ADE), ref: 00007FF887D5472B
                                                            • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(-00000068,?,?,[uninitialized],?,00007FF887D66ADE), ref: 00007FF887D54786
                                                            • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140(-00000068,?,?,[uninitialized],?,00007FF887D66ADE), ref: 00007FF887D547A8
                                                            • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF887D547C9
                                                            • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140(-00000068,?,?,[uninitialized],?,00007FF887D66ADE), ref: 00007FF887D54811
                                                            • ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FF887D54818
                                                            • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF887D54824
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
                                                            • String ID: [uninitialized]
                                                            • API String ID: 1492985063-2099769388
                                                            • Opcode ID: 289b43a0fd393f7efa8b98694c0fc63bfc4486ac80d57e856cfae009353a8c5f
                                                            • Instruction ID: 7cff3a9b34ec6889f7b7c7e9bc686297477d527d52a6662aaeb55aa8796a5f99
                                                            • Opcode Fuzzy Hash: 289b43a0fd393f7efa8b98694c0fc63bfc4486ac80d57e856cfae009353a8c5f
                                                            • Instruction Fuzzy Hash: A751716664AA8182EB208B19E58423DABB0FB85FD5F158331CE9F477A5CF39D446C340
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D6B790 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 88COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF887D6B7DF
                                                            • ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF887D6B7FE
                                                            • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF887D6B832
                                                              • Part of subcall function 00007FF887D66A70: AcquireSRWLockShared.KERNEL32 ref: 00007FF887D66A94
                                                              • Part of subcall function 00007FF887D66A70: ReleaseSRWLockShared.KERNEL32 ref: 00007FF887D66AB9
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: U?$char_traits@$D@std@@@std@@$LockShared$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@AcquireD@std@@@1@_ReleaseV?$basic_streambuf@
                                                            • String ID: $libs\log\src\thread_specific.cpp
                                                            • API String ID: 804302166-328183245
                                                            • Opcode ID: 9c29405b958e3b2f102dbcfcfde52ea5884bc4c20c3659383fd20e43f049d681
                                                            • Instruction ID: 8b604abd7f31f992a4c8bbec3f7abc6c5e3d5d1e901c41b11c65982de2e45a23
                                                            • Opcode Fuzzy Hash: 9c29405b958e3b2f102dbcfcfde52ea5884bc4c20c3659383fd20e43f049d681
                                                            • Instruction Fuzzy Hash: E6416132608B819AE710CF24E8843AE7770FB81798F505235EB8E47AACDF39D549CB40
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D6CD30 Relevance: 13.9, APIs: 9, Instructions: 430COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 51%
                                                            			E00007FF87FF887D6CD30(void* __eflags, long long __rax, void* __rcx, long long __rdx, void* __r9, void* __r11) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* _t80;
				void* _t93;
				void* _t102;
				intOrPtr* _t133;
				long long* _t135;
				long long _t138;
				intOrPtr _t146;
				intOrPtr* _t147;
				intOrPtr* _t148;
				void* _t151;
				intOrPtr _t153;
				intOrPtr* _t161;
				void* _t189;
				intOrPtr* _t190;
				intOrPtr* _t191;
				long long _t193;
				intOrPtr* _t195;
				void* _t197;
				void* _t198;
				intOrPtr* _t199;
				void* _t201;
				void* _t202;
				void* _t204;
				void* _t211;
				intOrPtr* _t212;
				long long _t214;
				long long _t216;
				long long _t218;
				void* _t220;
				long long _t222;
				intOrPtr* _t223;
				long long _t225;
				void* _t227;
				long long _t228;
				long long _t229;

				_t133 = __rax;
				 *((long long*)(_t204 + 0x10)) = __rdx;
				_t202 = _t204 - 0x1f;
				_t198 = __rcx;
				r13d = 0;
				 *((intOrPtr*)(_t202 - 0x59)) = r13d;
				 *((long long*)(__rdx)) = _t216;
				 *((intOrPtr*)(_t202 - 0x59)) = 1;
				E00007FF87FF887D656A8(_t80, __rax, __rcx);
				 *((long long*)(_t202 + 0x67)) = __rax;
				E00007FF87FF887D6C0C0(__rdx, __rax, _t198, _t227, _t220);
				_t190 = _t133;
				_t161 =  *((intOrPtr*)(__rdx));
				if (_t161 == 0) goto 0x87d6cd91;
				if ( *((intOrPtr*)( *_t161 + 0x20))(_t151, _t201) == 0) goto 0x87d6cd91;
				 *((long long*)(__rdx)) = _t216;
				 *((long long*)(__rdx)) = _t190;
				if (_t190 == 0) goto 0x87d6cda2;
				 *((intOrPtr*)( *_t190 + 0x18))();
				_t199 =  *((intOrPtr*)(_t198 + 8));
				_t153 =  *_t199;
				if (_t153 == _t199) goto 0x87d6d039;
				_t10 = _t190 + 8; // 0x8
				_t212 = _t10;
				 *((long long*)(_t202 + 0x7f)) = _t212;
				asm("o16 nop [eax+eax]");
				_t135 =  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x28))));
				 *((intOrPtr*)(_t135 + 8))();
				 *((long long*)(_t202 - 0x51)) = _t135;
				 *((long long*)(_t202 - 0x49)) = _t216;
				E00007FF87FF887D6AF60(_t135, _t153, _t202 + 0x77, _t135, _t216);
				 *((long long*)(_t202 - 0x49)) =  *_t135;
				 *_t135 =  *((intOrPtr*)(_t202 - 0x49));
				_t191 =  *((intOrPtr*)(_t202 + 0x77));
				if (_t191 == 0) goto 0x87d6ce28;
				asm("lock xadd [edi+0x8], eax");
				if (0xffffffff != 1) goto 0x87d6ce28;
				 *((intOrPtr*)( *_t191 + 8))();
				asm("lock xadd [edi+0xc], eax");
				if (0xffffffff != 1) goto 0x87d6ce28;
				E00007FF87FF887D60730( *((intOrPtr*)( *_t191 + 0x10))(), _t202 - 0x51, _t135, _t135, __r9, _t211, _t189);
				 *((long long*)(_t202 - 0x19)) =  *((intOrPtr*)(_t153 + 0x20));
				_t138 =  *((intOrPtr*)(_t202 - 0x51));
				 *((long long*)(_t202 + 0x67)) = _t138;
				 *((long long*)(_t202 - 0x11)) = _t138;
				_t228 =  *((intOrPtr*)(_t202 - 0x49));
				 *((long long*)(_t202 - 9)) = _t228;
				if (_t228 == 0) goto 0x87d6ce77;
				asm("lock inc ecx");
				_t229 =  *((intOrPtr*)(_t202 - 9));
				 *((long long*)(_t202 + 0x67)) =  *((intOrPtr*)(_t202 - 0x11));
				_t193 =  *((intOrPtr*)(_t202 - 0x19));
				_t222 =  *((intOrPtr*)( *_t212 + 8));
				 *((long long*)(_t202 - 1)) = _t222;
				 *((intOrPtr*)(_t202 + 7)) = 0;
				if ( *((char*)(_t222 + 0x19)) != 0) goto 0x87d6cedd;
				asm("o16 nop [eax+eax]");
				 *((long long*)(_t202 - 1)) = _t222;
				0x87d77119();
				if (1 >= 0) goto 0x87d6cec5;
				 *((intOrPtr*)(_t202 + 7)) = 0;
				_t223 =  *((intOrPtr*)(_t222 + 0x10));
				goto 0x87d6ced2;
				 *((intOrPtr*)(_t202 + 7)) = 1;
				_t218 = _t223;
				if ( *((char*)( *_t223 + 0x19)) == 0) goto 0x87d6cea0;
				_t214 =  *((intOrPtr*)(_t202 + 0x7f));
				if ( *((char*)(_t218 + 0x19)) != 0) goto 0x87d6cef9;
				0x87d77119();
				if (1 >= 0) goto 0x87d6cf6e;
				if ( *((intOrPtr*)(_t214 + 8)) == 0x92492492) goto 0x87d6d051;
				_t225 =  *_t214;
				 *((long long*)(_t202 - 0x41)) = _t214;
				r13d = 0;
				 *((long long*)(_t202 - 0x39)) = _t218;
				_t93 = E00007FF87FF887D656A8(1, 0x92492492, _t193 + 8);
				 *0x4924924924924B2 = _t193;
				 *0x4924924924924BA =  *((intOrPtr*)(_t202 + 0x67));
				r15d = r13d;
				 *((long long*)(_t202 - 9)) = _t218;
				 *0x4924924924924C2 = _t229;
				 *0x92492492 = _t225;
				 *0x49249249249249A = _t225;
				 *0x4924924924924A2 = _t225;
				 *0x4924924924924AA = r13w;
				 *((long long*)(_t202 - 0x39)) = _t218;
				asm("movups xmm0, [ebp-0x1]");
				asm("movaps [ebp-0x29], xmm0");
				E00007FF87FF887D6C920(_t93, _t153, _t214, _t202 - 0x29, _t193, 0x92492492, _t197);
				goto 0x87d6cf71;
				r13d = 0;
				if (_t229 == 0) goto 0x87d6cfad;
				asm("lock inc ecx");
				if (0xffffffff != 1) goto 0x87d6cfad;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t202 - 9)))) + 8))();
				asm("lock xadd [edi+0xc], eax");
				if (0xffffffff != 1) goto 0x87d6cfad;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t202 - 9)))) + 0x10))();
				_t195 =  *((intOrPtr*)(_t202 - 0x49));
				if (_t195 == 0) goto 0x87d6cfe6;
				asm("lock xadd [edi+0x8], eax");
				if (0xffffffff != 1) goto 0x87d6cfe6;
				 *((intOrPtr*)( *_t195 + 8))();
				asm("lock xadd [edi+0xc], eax");
				if (0xffffffff != 1) goto 0x87d6cfe6;
				_t102 =  *((intOrPtr*)( *_t195 + 0x10))();
				if ( *((char*)( *((intOrPtr*)(_t153 + 0x10)) + 0x19)) == 0) goto 0x87d6d018;
				_t146 =  *((intOrPtr*)(_t153 + 8));
				if ( *((char*)(_t146 + 0x19)) != 0) goto 0x87d6d013;
				asm("o16 nop [eax+eax]");
				if (_t153 !=  *((intOrPtr*)(_t146 + 0x10))) goto 0x87d6d013;
				_t147 =  *((intOrPtr*)(_t146 + 8));
				if ( *((char*)(_t147 + 0x19)) == 0) goto 0x87d6d000;
				goto 0x87d6d030;
				_t148 =  *_t147;
				if ( *((char*)(_t148 + 0x19)) != 0) goto 0x87d6d030;
				if ( *((char*)( *_t148 + 0x19)) == 0) goto 0x87d6d024;
				if (_t148 != _t199) goto 0x87d6cdc0;
				return _t102;
			}









































                                                            0x7ff887d6cd30
                                                            0x7ff887d6cd30
                                                            0x7ff887d6cd41
                                                            0x7ff887d6cd50
                                                            0x7ff887d6cd53
                                                            0x7ff887d6cd56
                                                            0x7ff887d6cd5a
                                                            0x7ff887d6cd5d
                                                            0x7ff887d6cd68
                                                            0x7ff887d6cd6d
                                                            0x7ff887d6cd74
                                                            0x7ff887d6cd79
                                                            0x7ff887d6cd7c
                                                            0x7ff887d6cd82
                                                            0x7ff887d6cd8c
                                                            0x7ff887d6cd8e
                                                            0x7ff887d6cd91
                                                            0x7ff887d6cd97
                                                            0x7ff887d6cd9f
                                                            0x7ff887d6cda2
                                                            0x7ff887d6cda6
                                                            0x7ff887d6cdac
                                                            0x7ff887d6cdb2
                                                            0x7ff887d6cdb2
                                                            0x7ff887d6cdb6
                                                            0x7ff887d6cdba
                                                            0x7ff887d6cdc4
                                                            0x7ff887d6cdc7
                                                            0x7ff887d6cdcd
                                                            0x7ff887d6cdd1
                                                            0x7ff887d6cddc
                                                            0x7ff887d6cde8
                                                            0x7ff887d6cdec
                                                            0x7ff887d6cdef
                                                            0x7ff887d6cdf6
                                                            0x7ff887d6cdfd
                                                            0x7ff887d6ce05
                                                            0x7ff887d6ce0d
                                                            0x7ff887d6ce15
                                                            0x7ff887d6ce1d
                                                            0x7ff887d6ce32
                                                            0x7ff887d6ce3f
                                                            0x7ff887d6ce43
                                                            0x7ff887d6ce47
                                                            0x7ff887d6ce4b
                                                            0x7ff887d6ce4f
                                                            0x7ff887d6ce53
                                                            0x7ff887d6ce5a
                                                            0x7ff887d6ce61
                                                            0x7ff887d6ce67
                                                            0x7ff887d6ce6f
                                                            0x7ff887d6ce73
                                                            0x7ff887d6ce7b
                                                            0x7ff887d6ce7f
                                                            0x7ff887d6ce83
                                                            0x7ff887d6ce8f
                                                            0x7ff887d6ce95
                                                            0x7ff887d6cea0
                                                            0x7ff887d6ceaf
                                                            0x7ff887d6ceb6
                                                            0x7ff887d6ceb8
                                                            0x7ff887d6cebf
                                                            0x7ff887d6cec3
                                                            0x7ff887d6cec5
                                                            0x7ff887d6cecc
                                                            0x7ff887d6ced7
                                                            0x7ff887d6ced9
                                                            0x7ff887d6cee2
                                                            0x7ff887d6cef0
                                                            0x7ff887d6cef7
                                                            0x7ff887d6cf08
                                                            0x7ff887d6cf0e
                                                            0x7ff887d6cf12
                                                            0x7ff887d6cf16
                                                            0x7ff887d6cf19
                                                            0x7ff887d6cf21
                                                            0x7ff887d6cf27
                                                            0x7ff887d6cf2f
                                                            0x7ff887d6cf36
                                                            0x7ff887d6cf39
                                                            0x7ff887d6cf3d
                                                            0x7ff887d6cf41
                                                            0x7ff887d6cf44
                                                            0x7ff887d6cf48
                                                            0x7ff887d6cf4c
                                                            0x7ff887d6cf51
                                                            0x7ff887d6cf55
                                                            0x7ff887d6cf59
                                                            0x7ff887d6cf67
                                                            0x7ff887d6cf6c
                                                            0x7ff887d6cf6e
                                                            0x7ff887d6cf74
                                                            0x7ff887d6cf7b
                                                            0x7ff887d6cf84
                                                            0x7ff887d6cf90
                                                            0x7ff887d6cf98
                                                            0x7ff887d6cfa0
                                                            0x7ff887d6cfa9
                                                            0x7ff887d6cfad
                                                            0x7ff887d6cfb4
                                                            0x7ff887d6cfbb
                                                            0x7ff887d6cfc3
                                                            0x7ff887d6cfcb
                                                            0x7ff887d6cfd3
                                                            0x7ff887d6cfdb
                                                            0x7ff887d6cfe3
                                                            0x7ff887d6cfee
                                                            0x7ff887d6cff0
                                                            0x7ff887d6cff8
                                                            0x7ff887d6cffa
                                                            0x7ff887d6d004
                                                            0x7ff887d6d009
                                                            0x7ff887d6d011
                                                            0x7ff887d6d016
                                                            0x7ff887d6d01b
                                                            0x7ff887d6d022
                                                            0x7ff887d6d02e
                                                            0x7ff887d6d033
                                                            0x7ff887d6d050

                                                            APIs
                                                              • Part of subcall function 00007FF887D656A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887D48F4E), ref: 00007FF887D656C2
                                                            • __std_type_info_compare.VCRUNTIME140 ref: 00007FF887D6CEAF
                                                            • __std_type_info_compare.VCRUNTIME140 ref: 00007FF887D6CEF0
                                                            • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF887D6D0AF
                                                            • ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF887D6D0CE
                                                            • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF887D6D104
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D6D204
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D6D2D7
                                                            • ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF887D6D314
                                                            • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF887D6D31E
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: U?$char_traits@$D@std@@@std@@$__std_type_info_compare_invalid_parameter_noinfo_noreturn$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@??1?$basic_ios@??1?$basic_ostream@D@std@@@1@_V?$basic_streambuf@malloc
                                                            • String ID:
                                                            • API String ID: 3231916079-0
                                                            • Opcode ID: 8f727c501bc642afc385f2a35a2fdff484e233f624a9630d1da4be8b6943314e
                                                            • Instruction ID: 10a368a4516d33a694176b911c9d20b7bd09e28d4c12e5339a422d52d0a5b9ef
                                                            • Opcode Fuzzy Hash: 8f727c501bc642afc385f2a35a2fdff484e233f624a9630d1da4be8b6943314e
                                                            • Instruction Fuzzy Hash: B5128C72A49B8586EB10CF25E4443AD77B1FB88BD8F048225EE5E57798DF38E495C380
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D503F0 Relevance: 13.8, APIs: 9, Instructions: 256COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 35%
                                                            			E00007FF87FF887D503F0(void* __eax, long long __rbx, void* __rcx, void* __rdx, long long __rbp, long long* __r8, long long _a8, long long _a32) {
				void* _v40;
				signed int _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				char _v88;
				long long _v96;
				long long _v104;
				long long _v112;
				long long _v120;
				char _v136;
				void* __rsi;
				void* _t37;
				void* _t39;
				void* _t41;
				signed long long _t57;
				intOrPtr* _t71;
				intOrPtr _t72;
				void* _t74;
				void* _t79;
				void* _t90;
				long long _t93;
				void* _t97;
				char _t98;
				void* _t102;
				long long* _t108;
				intOrPtr _t109;
				void* _t110;
				intOrPtr* _t111;

				_t74 = __rcx;
				_a8 = __rbx;
				_a32 = __rbp;
				_t57 =  *0x87d8ec78; // 0x522936145607
				_v56 = _t57 ^ _t102 - 0x00000080;
				_t108 = __r8;
				_t110 = __rcx;
				 *__r8 = 0;
				_t4 = _t74 + 0x70; // 0x70
				_v96 = _t4;
				0x87d65430();
				if (__eax != 0) goto 0x87d505a3;
				E00007FF87FF887D4D4C0(_t57 ^ _t102 - 0x00000080, __rdx,  &_v136, __rdx, _t97);
				_v104 =  &_v136;
				_t111 =  *((intOrPtr*)(_t110 + 0x60));
				_t71 =  *_t111;
				if (_t71 == _t111) goto 0x87d50508;
				_t37 = E00007FF87FF887D4D4C0( &_v136, _t71,  &_v88,  *((intOrPtr*)(_t71 + 0x10)), _t97);
				_t90 =  >=  ? _v136 :  &_v136;
				_t98 = _v88;
				_t109 = _v64;
				_t79 =  >=  ? _t98 :  &_v88;
				if (_v72 != _v120) goto 0x87d504b8;
				0x87d77101();
				if (_t37 != 0) goto 0x87d504b8;
				bpl = 1;
				goto 0x87d504bb;
				bpl = 0;
				if (_t109 - 0x10 < 0) goto 0x87d504ee;
				if (_t109 + 1 - 0x1000 < 0) goto 0x87d504e6;
				if (_t98 -  *((intOrPtr*)(_t98 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87d50501;
				E00007FF87FF887D656E4();
				if (bpl != 0) goto 0x87d50508;
				_t72 =  *_t71;
				goto 0x87d50462;
				__imp___invalid_parameter_noinfo_noreturn();
				_t93 = _v112;
				if (_t93 - 0x10 < 0) goto 0x87d50548;
				if (_t93 + 1 - 0x1000 < 0) goto 0x87d50543;
				if (_v136 -  *((intOrPtr*)(_v136 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d50543;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t39 = E00007FF87FF887D656E4();
				_v120 = 0;
				_v112 = 0xf;
				_v136 = 0;
				 *((char*)( *((intOrPtr*)(_t72 + 0x10)) + 0xa0)) = 1;
				 *_t108 =  *((intOrPtr*)(_t72 + 0x10));
				0x87d65436();
				return E00007FF87FF887D65E20(_t39, _t41, _v56 ^ _t102 - 0x00000080);
			}































                                                            0x7ff887d503f0
                                                            0x7ff887d503f0
                                                            0x7ff887d503f5
                                                            0x7ff887d50409
                                                            0x7ff887d50413
                                                            0x7ff887d50418
                                                            0x7ff887d5041e
                                                            0x7ff887d50421
                                                            0x7ff887d50428
                                                            0x7ff887d5042c
                                                            0x7ff887d50434
                                                            0x7ff887d5043b
                                                            0x7ff887d50449
                                                            0x7ff887d50453
                                                            0x7ff887d50458
                                                            0x7ff887d5045c
                                                            0x7ff887d50462
                                                            0x7ff887d50471
                                                            0x7ff887d50481
                                                            0x7ff887d5048c
                                                            0x7ff887d50491
                                                            0x7ff887d5049a
                                                            0x7ff887d504a8
                                                            0x7ff887d504aa
                                                            0x7ff887d504b1
                                                            0x7ff887d504b3
                                                            0x7ff887d504b6
                                                            0x7ff887d504b8
                                                            0x7ff887d504bf
                                                            0x7ff887d504cf
                                                            0x7ff887d504e4
                                                            0x7ff887d504e9
                                                            0x7ff887d504f1
                                                            0x7ff887d504f6
                                                            0x7ff887d504fc
                                                            0x7ff887d50501
                                                            0x7ff887d50508
                                                            0x7ff887d50511
                                                            0x7ff887d50525
                                                            0x7ff887d5053a
                                                            0x7ff887d5053c
                                                            0x7ff887d50542
                                                            0x7ff887d50543
                                                            0x7ff887d50548
                                                            0x7ff887d50551
                                                            0x7ff887d5055a
                                                            0x7ff887d50563
                                                            0x7ff887d5056e
                                                            0x7ff887d50575
                                                            0x7ff887d505a2

                                                            APIs
                                                            • _Mtx_lock.MSVCP140 ref: 00007FF887D50434
                                                            • memcmp.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FF887D4A7CC), ref: 00007FF887D504AA
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF887D4A7CC), ref: 00007FF887D50501
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF887D4A7CC), ref: 00007FF887D5053C
                                                            • _Mtx_unlock.MSVCP140(?,?,?,?,?,?,?,?,?,?,00007FF887D4A7CC), ref: 00007FF887D50575
                                                              • Part of subcall function 00007FF887D4D4C0: memmove.VCRUNTIME140(?,?,?,00007FF887D4E21C,?,?,?,00007FF887D5D6C2), ref: 00007FF887D4D572
                                                              • Part of subcall function 00007FF887D4D4C0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887D4D597
                                                              • Part of subcall function 00007FF887D4D4C0: __std_exception_copy.VCRUNTIME140(?,?,?,?,?,?,?,00007FF887D4E21C,?,?,?,00007FF887D5D6C2), ref: 00007FF887D4D5C4
                                                            • ?_Throw_C_error@std@@YAXH@Z.MSVCP140 ref: 00007FF887D505A5
                                                            • ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ.MSVCP140 ref: 00007FF887D50602
                                                            • memmove.VCRUNTIME140 ref: 00007FF887D50685
                                                            • ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ.MSVCP140 ref: 00007FF887D5071E
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: D@std@@@std@@Pninc@?$basic_streambuf@U?$char_traits@_invalid_parameter_noinfo_noreturnmemmove$C_error@std@@Concurrency::cancel_current_taskMtx_lockMtx_unlockThrow___std_exception_copymemcmp
                                                            • String ID:
                                                            • API String ID: 746284128-0
                                                            • Opcode ID: 2d97d0e12ee4a3a8b2d37e1ec409398ce534de5f8946287022801530ad55abf0
                                                            • Instruction ID: 169ebf78aebdd5a87c16e9f2cddcbf6027a59f84c3d54380f9bb3fc61accc942
                                                            • Opcode Fuzzy Hash: 2d97d0e12ee4a3a8b2d37e1ec409398ce534de5f8946287022801530ad55abf0
                                                            • Instruction Fuzzy Hash: BCA16D32B49B8586EB11DF29E45426D63A5FB88BE8F544231EEAE07799DF3CD481C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D6B300 Relevance: 13.6, APIs: 9, Instructions: 122COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memmove$_invalid_parameter_noinfo_noreturnmemset$Concurrency::cancel_current_task
                                                            • String ID:
                                                            • API String ID: 612657275-0
                                                            • Opcode ID: b049d1f40c21fbe2e38ad000cf652e28f2f947a77c9211f69e8f13876829a593
                                                            • Instruction ID: 1747c3a3adef0d62a8c7e011025146e9ad2de920469d2a6f2e9e7ecf41365c19
                                                            • Opcode Fuzzy Hash: b049d1f40c21fbe2e38ad000cf652e28f2f947a77c9211f69e8f13876829a593
                                                            • Instruction Fuzzy Hash: 6C418022B49A8691EE14EB52E4441BD6361FB44BE8F584735EE6E0BB9EDF7CE041C340
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D74540 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 297COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 57%
                                                            			E00007FF87FF887D74540(signed long long __rbx, long long __rcx, void* __r8) {
				void* _t112;
				intOrPtr* _t129;
				long long _t140;
				long long _t141;
				signed long long _t152;
				intOrPtr* _t159;
				intOrPtr* _t161;
				intOrPtr* _t164;
				intOrPtr* _t170;
				intOrPtr* _t174;
				void* _t178;
				void* _t181;
				void* _t183;
				void* _t184;
				void* _t186;
				void* _t187;
				signed long long _t190;
				void* _t192;
				void* _t195;
				void* _t198;

				 *((long long*)(_t186 + 0x20)) = __rbx;
				 *((long long*)(_t186 + 8)) = __rcx;
				_t184 = _t186 - 0x27;
				_t187 = _t186 - 0xe0;
				r12d = 0;
				 *((intOrPtr*)(_t187 + 0x20)) = r12d;
				 *(_t184 - 0x11) = _t190;
				asm("xorps xmm0, xmm0");
				asm("movdqa [ebp-0x9], xmm0");
				 *((intOrPtr*)(_t184 + 7)) = 0xffffffff;
				asm("movups [ebp+0x17], xmm0");
				 *((long long*)(_t184 + 0x17)) = "bad allocation";
				 *((long long*)(_t184 - 0x19)) = 0x87d7eec0;
				 *((long long*)(_t184 + 0xf)) = 0x87d7eed0;
				 *((long long*)(_t184 - 0x49)) = 0x87d7ece0;
				 *((long long*)(_t184 - 0x39)) = 0x87d7ceb8;
				 *((intOrPtr*)(_t187 + 0x20)) = 2;
				 *((long long*)(_t187 + 0x30)) = 0x87d7cea8;
				 *(_t187 + 0x38) = _t190;
				 *((long long*)(_t184 - 0x79)) =  *((intOrPtr*)(_t184 - 9));
				 *((long long*)(_t184 - 0x71)) =  *((intOrPtr*)(_t184 - 1));
				 *((intOrPtr*)(_t184 - 0x69)) = 0xffffffff;
				 *((long long*)(_t184 - 0x61)) = 0x87d7b9e8;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp-0x59], xmm0");
				0x87d770e3(_t198, _t195, _t192, _t190, _t178, _t181, _t183);
				 *((long long*)(_t187 + 0x30)) = 0x87d7eca0;
				 *((long long*)(_t184 - 0x61)) = 0x87d7ecb0;
				 *((long long*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x49)) = 0x87d7ecc8;
				 *((intOrPtr*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x4d)) =  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x10;
				 *(_t184 + 0x6f) = __rbx;
				_t159 =  *(_t184 - 0x11);
				if (_t159 == 0) goto 0x87d74691;
				_t129 =  *_t159;
				 *((intOrPtr*)(_t129 + 0x28))();
				_t152 =  *_t129;
				 *(_t184 + 0x6f) = _t152;
				if (_t152 == 0) goto 0x87d74674;
				 *((intOrPtr*)( *_t152 + 0x18))();
				_t161 =  *((intOrPtr*)(_t184 + 0x67));
				if (_t161 == 0) goto 0x87d74691;
				 *((intOrPtr*)( *_t161 + 0x20))();
				_t163 =  !=  ? _t190 :  *((intOrPtr*)(_t184 + 0x67));
				 *((long long*)(_t184 + 0x67)) =  !=  ? _t190 :  *((intOrPtr*)(_t184 + 0x67));
				 *((long long*)(_t184 - 0x71)) =  *((intOrPtr*)(_t184 - 1));
				 *((intOrPtr*)(_t184 - 0x69)) =  *((intOrPtr*)(_t184 + 7));
				 *((long long*)(_t184 - 0x79)) =  *((intOrPtr*)(_t184 - 9));
				_t164 =  *(_t187 + 0x38);
				if (_t164 == 0) goto 0x87d746b7;
				 *((intOrPtr*)( *_t164 + 0x20))();
				 *(_t187 + 0x38) = _t152;
				if (_t152 == 0) goto 0x87d746cb;
				 *((intOrPtr*)( *_t152 + 0x18))();
				if (_t152 == 0) goto 0x87d746da;
				 *((intOrPtr*)( *_t152 + 0x20))();
				 *((long long*)(_t184 - 0x79)) = "class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void)";
				 *((long long*)(_t184 - 0x71)) = ".\\boost/exception/detail/exception_ptr.hpp";
				 *((intOrPtr*)(_t184 - 0x69)) = 0x87;
				r8d = 0x44;
				r15d = 1;
				_t112 =  *0x87d92440 -  *((intOrPtr*)(__r8 +  *((intOrPtr*)( *[gs:0x58] + _t152 * 8)))); // 0x80000001
				if (_t112 > 0) goto 0x87d74833;
				_t140 =  *0x87d92430; // 0xcd5990
				 *((long long*)(__rcx)) = _t140;
				_t141 =  *0x87d92438; // 0xcf4700
				 *((long long*)(__rcx + 8)) = _t141;
				if (_t141 == 0) goto 0x87d74746;
				asm("lock inc esp");
				 *((long long*)(_t187 + 0x30)) = 0x87d7eca0;
				 *((long long*)(_t184 - 0x61)) = 0x87d7ecb0;
				 *((long long*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x49)) = 0x87d7ecc8;
				 *((intOrPtr*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x4d)) =  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x10;
				 *((long long*)(_t187 + 0x30)) = 0x87d7eec0;
				 *((long long*)(_t184 - 0x61)) = 0x87d7b9e8;
				0x87d770e9();
				 *((long long*)(_t187 + 0x30)) = 0x87d7cea8;
				_t170 =  *(_t187 + 0x38);
				if (_t170 == 0) goto 0x87d747bf;
				 *((intOrPtr*)( *_t170 + 0x20))();
				_t172 =  !=  ? _t190 :  *(_t187 + 0x38);
				 *(_t187 + 0x38) =  !=  ? _t190 :  *(_t187 + 0x38);
				 *((long long*)(_t184 - 0x39)) = 0x87d7ceb8;
				 *((long long*)(_t184 - 0x19)) = 0x87d7eec0;
				 *((long long*)(_t184 + 0xf)) = 0x87d7b9e8;
				0x87d770e9();
				 *((long long*)(_t184 - 0x19)) = 0x87d7cea8;
				_t174 =  *(_t184 - 0x11);
				if (_t174 == 0) goto 0x87d747f0;
				return  *((intOrPtr*)( *_t174 + 0x20))();
			}























                                                            0x7ff887d74540
                                                            0x7ff887d74545
                                                            0x7ff887d74555
                                                            0x7ff887d7455a
                                                            0x7ff887d74564
                                                            0x7ff887d74567
                                                            0x7ff887d7456c
                                                            0x7ff887d74570
                                                            0x7ff887d74573
                                                            0x7ff887d7457f
                                                            0x7ff887d74582
                                                            0x7ff887d7458d
                                                            0x7ff887d74598
                                                            0x7ff887d745a3
                                                            0x7ff887d745ae
                                                            0x7ff887d745b9
                                                            0x7ff887d745bd
                                                            0x7ff887d745cc
                                                            0x7ff887d745d1
                                                            0x7ff887d745da
                                                            0x7ff887d745e2
                                                            0x7ff887d745e6
                                                            0x7ff887d745f0
                                                            0x7ff887d745f4
                                                            0x7ff887d745f7
                                                            0x7ff887d74603
                                                            0x7ff887d74610
                                                            0x7ff887d7461c
                                                            0x7ff887d7462f
                                                            0x7ff887d7463f
                                                            0x7ff887d74646
                                                            0x7ff887d7464a
                                                            0x7ff887d74651
                                                            0x7ff887d74653
                                                            0x7ff887d7465a
                                                            0x7ff887d7465e
                                                            0x7ff887d74661
                                                            0x7ff887d74668
                                                            0x7ff887d74670
                                                            0x7ff887d74674
                                                            0x7ff887d7467b
                                                            0x7ff887d74680
                                                            0x7ff887d74689
                                                            0x7ff887d7468d
                                                            0x7ff887d74695
                                                            0x7ff887d7469c
                                                            0x7ff887d746a3
                                                            0x7ff887d746a7
                                                            0x7ff887d746af
                                                            0x7ff887d746b4
                                                            0x7ff887d746b7
                                                            0x7ff887d746bf
                                                            0x7ff887d746c7
                                                            0x7ff887d746ce
                                                            0x7ff887d746d6
                                                            0x7ff887d746e1
                                                            0x7ff887d746ec
                                                            0x7ff887d746f0
                                                            0x7ff887d74706
                                                            0x7ff887d74710
                                                            0x7ff887d7471a
                                                            0x7ff887d74720
                                                            0x7ff887d74726
                                                            0x7ff887d7472d
                                                            0x7ff887d74730
                                                            0x7ff887d74737
                                                            0x7ff887d7473e
                                                            0x7ff887d74740
                                                            0x7ff887d7474d
                                                            0x7ff887d74759
                                                            0x7ff887d7476c
                                                            0x7ff887d7477c
                                                            0x7ff887d74780
                                                            0x7ff887d7478c
                                                            0x7ff887d74794
                                                            0x7ff887d7479a
                                                            0x7ff887d7479f
                                                            0x7ff887d747a7
                                                            0x7ff887d747ac
                                                            0x7ff887d747b6
                                                            0x7ff887d747ba
                                                            0x7ff887d747c6
                                                            0x7ff887d747ca
                                                            0x7ff887d747ce
                                                            0x7ff887d747d6
                                                            0x7ff887d747dc
                                                            0x7ff887d747e0
                                                            0x7ff887d747e7
                                                            0x7ff887d7480d

                                                            APIs
                                                            Strings
                                                            • bad allocation, xrefs: 00007FF887D74586
                                                            • class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void), xrefs: 00007FF887D746DA
                                                            • .\boost/exception/detail/exception_ptr.hpp, xrefs: 00007FF887D746E5
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: __std_exception_copy__std_exception_destroy
                                                            • String ID: .\boost/exception/detail/exception_ptr.hpp$bad allocation$class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void)
                                                            • API String ID: 2960854011-706345339
                                                            • Opcode ID: 9f006b87f9c85754f6f5151a0656ba859143af9fab131fd4f0b3de3cf9a14c30
                                                            • Instruction ID: d27dc9c95755f8605ffaef8fcb5864fc06cc519cd169b65e3e1a0fc186b29ec3
                                                            • Opcode Fuzzy Hash: 9f006b87f9c85754f6f5151a0656ba859143af9fab131fd4f0b3de3cf9a14c30
                                                            • Instruction Fuzzy Hash: 83E11536B45B458AEB10CF65E8802AC73B4FB48BD8B04863ADE4E57768EF38E555C740
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D749E0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 297COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 57%
                                                            			E00007FF87FF887D749E0(signed long long __rbx, long long __rcx, void* __r8) {
				void* _t112;
				intOrPtr* _t129;
				long long _t140;
				long long _t141;
				signed long long _t152;
				intOrPtr* _t159;
				intOrPtr* _t161;
				intOrPtr* _t164;
				intOrPtr* _t170;
				intOrPtr* _t174;
				void* _t178;
				void* _t181;
				void* _t183;
				void* _t184;
				void* _t186;
				void* _t187;
				signed long long _t190;
				void* _t192;
				void* _t195;
				void* _t198;

				 *((long long*)(_t186 + 0x20)) = __rbx;
				 *((long long*)(_t186 + 8)) = __rcx;
				_t184 = _t186 - 0x27;
				_t187 = _t186 - 0xe0;
				r12d = 0;
				 *((intOrPtr*)(_t187 + 0x20)) = r12d;
				 *(_t184 - 0x11) = _t190;
				asm("xorps xmm0, xmm0");
				asm("movdqa [ebp-0x9], xmm0");
				 *((intOrPtr*)(_t184 + 7)) = 0xffffffff;
				asm("movups [ebp+0x17], xmm0");
				 *((long long*)(_t184 + 0x17)) = "bad exception";
				 *((long long*)(_t184 - 0x19)) = 0x87d7eee8;
				 *((long long*)(_t184 + 0xf)) = 0x87d7eef8;
				 *((long long*)(_t184 - 0x49)) = 0x87d7edf8;
				 *((long long*)(_t184 - 0x39)) = 0x87d7ceb8;
				 *((intOrPtr*)(_t187 + 0x20)) = 2;
				 *((long long*)(_t187 + 0x30)) = 0x87d7cea8;
				 *(_t187 + 0x38) = _t190;
				 *((long long*)(_t184 - 0x79)) =  *((intOrPtr*)(_t184 - 9));
				 *((long long*)(_t184 - 0x71)) =  *((intOrPtr*)(_t184 - 1));
				 *((intOrPtr*)(_t184 - 0x69)) = 0xffffffff;
				 *((long long*)(_t184 - 0x61)) = 0x87d7b9e8;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp-0x59], xmm0");
				0x87d770e3(_t198, _t195, _t192, _t190, _t178, _t181, _t183);
				 *((long long*)(_t187 + 0x30)) = 0x87d7edb8;
				 *((long long*)(_t184 - 0x61)) = 0x87d7edc8;
				 *((long long*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x49)) = 0x87d7ede0;
				 *((intOrPtr*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x4d)) =  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x10;
				 *(_t184 + 0x6f) = __rbx;
				_t159 =  *(_t184 - 0x11);
				if (_t159 == 0) goto 0x87d74b31;
				_t129 =  *_t159;
				 *((intOrPtr*)(_t129 + 0x28))();
				_t152 =  *_t129;
				 *(_t184 + 0x6f) = _t152;
				if (_t152 == 0) goto 0x87d74b14;
				 *((intOrPtr*)( *_t152 + 0x18))();
				_t161 =  *((intOrPtr*)(_t184 + 0x67));
				if (_t161 == 0) goto 0x87d74b31;
				 *((intOrPtr*)( *_t161 + 0x20))();
				_t163 =  !=  ? _t190 :  *((intOrPtr*)(_t184 + 0x67));
				 *((long long*)(_t184 + 0x67)) =  !=  ? _t190 :  *((intOrPtr*)(_t184 + 0x67));
				 *((long long*)(_t184 - 0x71)) =  *((intOrPtr*)(_t184 - 1));
				 *((intOrPtr*)(_t184 - 0x69)) =  *((intOrPtr*)(_t184 + 7));
				 *((long long*)(_t184 - 0x79)) =  *((intOrPtr*)(_t184 - 9));
				_t164 =  *(_t187 + 0x38);
				if (_t164 == 0) goto 0x87d74b57;
				 *((intOrPtr*)( *_t164 + 0x20))();
				 *(_t187 + 0x38) = _t152;
				if (_t152 == 0) goto 0x87d74b6b;
				 *((intOrPtr*)( *_t152 + 0x18))();
				if (_t152 == 0) goto 0x87d74b7a;
				 *((intOrPtr*)( *_t152 + 0x20))();
				 *((long long*)(_t184 - 0x79)) = "class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void)";
				 *((long long*)(_t184 - 0x71)) = ".\\boost/exception/detail/exception_ptr.hpp";
				 *((intOrPtr*)(_t184 - 0x69)) = 0x87;
				r8d = 0x44;
				r15d = 1;
				_t112 =  *0x87d92458 -  *((intOrPtr*)(__r8 +  *((intOrPtr*)( *[gs:0x58] + _t152 * 8)))); // 0x80000002
				if (_t112 > 0) goto 0x87d74cd3;
				_t140 =  *0x87d92448; // 0xcd5d50
				 *((long long*)(__rcx)) = _t140;
				_t141 =  *0x87d92450; // 0xcf48a0
				 *((long long*)(__rcx + 8)) = _t141;
				if (_t141 == 0) goto 0x87d74be6;
				asm("lock inc esp");
				 *((long long*)(_t187 + 0x30)) = 0x87d7edb8;
				 *((long long*)(_t184 - 0x61)) = 0x87d7edc8;
				 *((long long*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x49)) = 0x87d7ede0;
				 *((intOrPtr*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x4d)) =  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x10;
				 *((long long*)(_t187 + 0x30)) = 0x87d7eee8;
				 *((long long*)(_t184 - 0x61)) = 0x87d7b9e8;
				0x87d770e9();
				 *((long long*)(_t187 + 0x30)) = 0x87d7cea8;
				_t170 =  *(_t187 + 0x38);
				if (_t170 == 0) goto 0x87d74c5f;
				 *((intOrPtr*)( *_t170 + 0x20))();
				_t172 =  !=  ? _t190 :  *(_t187 + 0x38);
				 *(_t187 + 0x38) =  !=  ? _t190 :  *(_t187 + 0x38);
				 *((long long*)(_t184 - 0x39)) = 0x87d7ceb8;
				 *((long long*)(_t184 - 0x19)) = 0x87d7eee8;
				 *((long long*)(_t184 + 0xf)) = 0x87d7b9e8;
				0x87d770e9();
				 *((long long*)(_t184 - 0x19)) = 0x87d7cea8;
				_t174 =  *(_t184 - 0x11);
				if (_t174 == 0) goto 0x87d74c90;
				return  *((intOrPtr*)( *_t174 + 0x20))();
			}























                                                            0x7ff887d749e0
                                                            0x7ff887d749e5
                                                            0x7ff887d749f5
                                                            0x7ff887d749fa
                                                            0x7ff887d74a04
                                                            0x7ff887d74a07
                                                            0x7ff887d74a0c
                                                            0x7ff887d74a10
                                                            0x7ff887d74a13
                                                            0x7ff887d74a1f
                                                            0x7ff887d74a22
                                                            0x7ff887d74a2d
                                                            0x7ff887d74a38
                                                            0x7ff887d74a43
                                                            0x7ff887d74a4e
                                                            0x7ff887d74a59
                                                            0x7ff887d74a5d
                                                            0x7ff887d74a6c
                                                            0x7ff887d74a71
                                                            0x7ff887d74a7a
                                                            0x7ff887d74a82
                                                            0x7ff887d74a86
                                                            0x7ff887d74a90
                                                            0x7ff887d74a94
                                                            0x7ff887d74a97
                                                            0x7ff887d74aa3
                                                            0x7ff887d74ab0
                                                            0x7ff887d74abc
                                                            0x7ff887d74acf
                                                            0x7ff887d74adf
                                                            0x7ff887d74ae6
                                                            0x7ff887d74aea
                                                            0x7ff887d74af1
                                                            0x7ff887d74af3
                                                            0x7ff887d74afa
                                                            0x7ff887d74afe
                                                            0x7ff887d74b01
                                                            0x7ff887d74b08
                                                            0x7ff887d74b10
                                                            0x7ff887d74b14
                                                            0x7ff887d74b1b
                                                            0x7ff887d74b20
                                                            0x7ff887d74b29
                                                            0x7ff887d74b2d
                                                            0x7ff887d74b35
                                                            0x7ff887d74b3c
                                                            0x7ff887d74b43
                                                            0x7ff887d74b47
                                                            0x7ff887d74b4f
                                                            0x7ff887d74b54
                                                            0x7ff887d74b57
                                                            0x7ff887d74b5f
                                                            0x7ff887d74b67
                                                            0x7ff887d74b6e
                                                            0x7ff887d74b76
                                                            0x7ff887d74b81
                                                            0x7ff887d74b8c
                                                            0x7ff887d74b90
                                                            0x7ff887d74ba6
                                                            0x7ff887d74bb0
                                                            0x7ff887d74bba
                                                            0x7ff887d74bc0
                                                            0x7ff887d74bc6
                                                            0x7ff887d74bcd
                                                            0x7ff887d74bd0
                                                            0x7ff887d74bd7
                                                            0x7ff887d74bde
                                                            0x7ff887d74be0
                                                            0x7ff887d74bed
                                                            0x7ff887d74bf9
                                                            0x7ff887d74c0c
                                                            0x7ff887d74c1c
                                                            0x7ff887d74c20
                                                            0x7ff887d74c2c
                                                            0x7ff887d74c34
                                                            0x7ff887d74c3a
                                                            0x7ff887d74c3f
                                                            0x7ff887d74c47
                                                            0x7ff887d74c4c
                                                            0x7ff887d74c56
                                                            0x7ff887d74c5a
                                                            0x7ff887d74c66
                                                            0x7ff887d74c6a
                                                            0x7ff887d74c6e
                                                            0x7ff887d74c76
                                                            0x7ff887d74c7c
                                                            0x7ff887d74c80
                                                            0x7ff887d74c87
                                                            0x7ff887d74cad

                                                            APIs
                                                            Strings
                                                            • class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void), xrefs: 00007FF887D74B7A
                                                            • .\boost/exception/detail/exception_ptr.hpp, xrefs: 00007FF887D74B85
                                                            • bad exception, xrefs: 00007FF887D74A26
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: __std_exception_copy__std_exception_destroy
                                                            • String ID: .\boost/exception/detail/exception_ptr.hpp$bad exception$class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void)
                                                            • API String ID: 2960854011-1507259449
                                                            • Opcode ID: fc3aa84a03b73d6f394b629e0a64d3ddce47d92245d602c639d9136dbaf551b1
                                                            • Instruction ID: 73e4380056dd92f2f1b9e522a6d8b96a491a99fb0eb6843346e3c73c445583c9
                                                            • Opcode Fuzzy Hash: fc3aa84a03b73d6f394b629e0a64d3ddce47d92245d602c639d9136dbaf551b1
                                                            • Instruction Fuzzy Hash: 56E11836B45B418AEB10CF65E4802AC77B4FB88BD8B04863ADE4E57768EF38E555C340
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D4AB60 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 168COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 36%
                                                            			E00007FF87FF887D4AB60(long long __rcx, void* __rdx, void* __rbp, long long _a40) {
				signed int _v64;
				intOrPtr _v72;
				char _v96;
				intOrPtr _v104;
				char _v128;
				long long _v136;
				long long _v144;
				char _v154;
				short _v156;
				char _v160;
				char _v176;
				char _v184;
				char _v192;
				char _v200;
				long long _v216;
				long long _v224;
				long long _v232;
				long long _v240;
				long long _v248;
				void* __rbx;
				void* __rsi;
				void* __r14;
				char _t54;
				void* _t76;
				signed long long _t95;
				signed long long _t96;
				long long _t100;
				void* _t104;
				long long _t114;
				char _t133;
				long long _t142;
				intOrPtr _t147;
				intOrPtr _t152;
				intOrPtr _t155;
				intOrPtr _t158;
				void* _t161;
				long long _t162;
				void* _t163;
				void* _t164;
				void* _t167;
				void* _t171;
				long long _t172;

				_t163 = __rbp;
				_t171 = _t164;
				_t165 = _t164 - 0xe8;
				_t95 =  *0x87d8ec78; // 0x522936145607
				_t96 = _t95 ^ _t164 - 0x000000e8;
				_v64 = _t96;
				r12d = r9d;
				r15d = r8d;
				_t161 = __rdx;
				_t172 = __rcx;
				_v192 = r8d;
				_v200 = r9d;
				_t162 = _a40;
				_v160 = _t114;
				 *((long long*)(_t171 - 0x88)) = 0xf;
				 *((long long*)(_t171 - 0x90)) = 6;
				_t54 = "system"; // 0x74737973
				_v160 = _t54;
				_v156 =  *0x87d7ba84 & 0x0000ffff;
				_v154 = 0;
				 *((long long*)(_t171 - 0x80)) = _t114;
				asm("movdqa xmm0, [0x317ba]");
				asm("repe inc ecx");
				 *((char*)(_t171 - 0x80)) = 0;
				E00007FF87FF887D5D640(_t114, __rcx, _t167);
				if ( &_v128 == _t96) goto 0x87d4ac20;
				if ( *((long long*)(_t96 + 0x18)) - 0x10 < 0) goto 0x87d4ac10;
				E00007FF87FF887D49100(_t114,  &_v128,  *_t96,  *((intOrPtr*)(_t96 + 0x10)), _t172);
				E00007FF87FF887D606F0( *((long long*)(_t96 + 0x18)) - 0x10,  *_t96,  &_v160,  *((intOrPtr*)(_t96 + 0x10)));
				_t142 = _v136;
				if (_t142 - 0x10 < 0) goto 0x87d4ac6e;
				if (_t142 + 1 - 0x1000 < 0) goto 0x87d4ac69;
				_t100 = _v160 -  *((intOrPtr*)(_v160 - 8)) + 0xfffffff8;
				if (_t100 - 0x1f <= 0) goto 0x87d4ac69;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v144 = _t114;
				_v136 = 0xf;
				_v160 = 0;
				_v176 = _t162;
				E00007FF87FF887D54280(_t76, _t114,  &_v96, _t161, _t162, _t163);
				_v184 = _t172;
				_v216 =  &_v176;
				_v224 =  &_v200;
				_v232 =  &_v192;
				_v240 = _t100;
				_v248 =  &_v184;
				r8d = 0xb9;
				E00007FF87FF887D45F50(0, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_startdocport {:#x}, \'{}\', {}, {}, {:#x}");
				_t147 = _v72;
				if (_t147 - 0x10 < 0) goto 0x87d4ad31;
				if (_t147 + 1 - 0x1000 < 0) goto 0x87d4ad2c;
				_t104 = _v96 -  *((intOrPtr*)(_v96 - 8)) + 0xfffffff8;
				if (_t104 - 0x1f <= 0) goto 0x87d4ad2c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				E00007FF87FF887D4E0D0( *((intOrPtr*)(_v96 - 8)), _t147 + 0x28);
				E00007FF87FF887D54280(_t76, _t104,  &_v96, _t161, _t162, _t163);
				_v240 = _t162;
				_v248 = r12d;
				r9d = r15d;
				_t169 = _t104;
				E00007FF87FF887D50CE0(0, _t76, _t104, _t104, _t172, _t104);
				_t152 = _v72;
				if (_t152 - 0x10 < 0) goto 0x87d4adad;
				if (_t152 + 1 - 0x1000 < 0) goto 0x87d4ada7;
				if (_v96 -  *((intOrPtr*)(_v96 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4ada7;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				E00007FF87FF887D606F0(_v96 -  *((intOrPtr*)(_v96 - 8)) + 0xfffffff8 - 0x1f, _v96 -  *((intOrPtr*)(_v96 - 8)) + 0xfffffff8,  &_v128, _t104);
				_t155 = _v104;
				if (_t155 - 0x10 < 0) goto 0x87d4ae01;
				_t133 = _v128;
				if (_t155 + 1 - 0x1000 < 0) goto 0x87d4adfb;
				_t110 = _t133 -  *((intOrPtr*)(_t133 - 8)) + 0xfffffff8;
				_t90 = _t133 -  *((intOrPtr*)(_t133 - 8)) + 0xfffffff8 - 0x1f;
				if (_t133 -  *((intOrPtr*)(_t133 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4adfb;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				E00007FF87FF887D606F0(_t90, _t110,  &_v128, _t169);
				_t158 = _v104;
				if (_t158 - 0x10 < 0) goto 0x87d4ae5c;
				if (_t158 + 1 - 0x1000 < 0) goto 0x87d4ae56;
				if (_v128 -  *((intOrPtr*)(_v128 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4ae56;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				return E00007FF87FF887D65E20(0, 0, _v64 ^ _t165);
			}













































                                                            0x7ff887d4ab60
                                                            0x7ff887d4ab60
                                                            0x7ff887d4ab6c
                                                            0x7ff887d4ab73
                                                            0x7ff887d4ab7a
                                                            0x7ff887d4ab7d
                                                            0x7ff887d4ab85
                                                            0x7ff887d4ab88
                                                            0x7ff887d4ab8b
                                                            0x7ff887d4ab8e
                                                            0x7ff887d4ab91
                                                            0x7ff887d4ab96
                                                            0x7ff887d4ab9b
                                                            0x7ff887d4aba5
                                                            0x7ff887d4abaa
                                                            0x7ff887d4abb5
                                                            0x7ff887d4abc0
                                                            0x7ff887d4abc6
                                                            0x7ff887d4abd1
                                                            0x7ff887d4abd6
                                                            0x7ff887d4abda
                                                            0x7ff887d4abde
                                                            0x7ff887d4abe6
                                                            0x7ff887d4abec
                                                            0x7ff887d4abf0
                                                            0x7ff887d4ac00
                                                            0x7ff887d4ac0b
                                                            0x7ff887d4ac1b
                                                            0x7ff887d4ac25
                                                            0x7ff887d4ac2b
                                                            0x7ff887d4ac37
                                                            0x7ff887d4ac4b
                                                            0x7ff887d4ac58
                                                            0x7ff887d4ac60
                                                            0x7ff887d4ac62
                                                            0x7ff887d4ac68
                                                            0x7ff887d4ac69
                                                            0x7ff887d4ac6e
                                                            0x7ff887d4ac76
                                                            0x7ff887d4ac82
                                                            0x7ff887d4ac87
                                                            0x7ff887d4ac97
                                                            0x7ff887d4ac9d
                                                            0x7ff887d4aca7
                                                            0x7ff887d4acb1
                                                            0x7ff887d4acbb
                                                            0x7ff887d4acc0
                                                            0x7ff887d4acca
                                                            0x7ff887d4acd6
                                                            0x7ff887d4ace5
                                                            0x7ff887d4aceb
                                                            0x7ff887d4acf7
                                                            0x7ff887d4ad0e
                                                            0x7ff887d4ad1b
                                                            0x7ff887d4ad23
                                                            0x7ff887d4ad25
                                                            0x7ff887d4ad2b
                                                            0x7ff887d4ad2c
                                                            0x7ff887d4ad31
                                                            0x7ff887d4ad44
                                                            0x7ff887d4ad4a
                                                            0x7ff887d4ad4f
                                                            0x7ff887d4ad54
                                                            0x7ff887d4ad57
                                                            0x7ff887d4ad60
                                                            0x7ff887d4ad66
                                                            0x7ff887d4ad72
                                                            0x7ff887d4ad89
                                                            0x7ff887d4ad9e
                                                            0x7ff887d4ada0
                                                            0x7ff887d4ada6
                                                            0x7ff887d4ada7
                                                            0x7ff887d4adb5
                                                            0x7ff887d4adba
                                                            0x7ff887d4adc6
                                                            0x7ff887d4adcb
                                                            0x7ff887d4addd
                                                            0x7ff887d4adea
                                                            0x7ff887d4adee
                                                            0x7ff887d4adf2
                                                            0x7ff887d4adf4
                                                            0x7ff887d4adfa
                                                            0x7ff887d4adfb
                                                            0x7ff887d4ae10
                                                            0x7ff887d4ae15
                                                            0x7ff887d4ae21
                                                            0x7ff887d4ae38
                                                            0x7ff887d4ae4d
                                                            0x7ff887d4ae4f
                                                            0x7ff887d4ae55
                                                            0x7ff887d4ae56
                                                            0x7ff887d4ae7e

                                                            APIs
                                                              • Part of subcall function 00007FF887D5D640: __tlregdtor.LIBCMT ref: 00007FF887D5D690
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4AC62
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4AD25
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4ADA0
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4ADF4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                            • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_startdocport {:#x}, '{}', {}, {}, {:#x}$system
                                                            • API String ID: 333172304-80416438
                                                            • Opcode ID: 406ab90b12b9c71644ad45163aa117fb6f4394c3b52fa641a7fa9bed9ec58b32
                                                            • Instruction ID: 62a5048de9e9c1e863323e1458ae4fec0f1ed29d4f240337f61f03f9f4765fda
                                                            • Opcode Fuzzy Hash: 406ab90b12b9c71644ad45163aa117fb6f4394c3b52fa641a7fa9bed9ec58b32
                                                            • Instruction Fuzzy Hash: BF717262A8878181EA60DB65E4443AE7361FB857E0F504336EAAE47BEDDF7CD484C704
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D49980 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 146COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 32%
                                                            			E00007FF87FF887D49980(long long __rbx, void* __rcx, long long __rdx, void* __rbp, void* __r8, long long _a32) {
				signed int _v40;
				intOrPtr _v48;
				char _v72;
				long long _v80;
				long long _v88;
				char _v104;
				intOrPtr _v112;
				char _v136;
				long long _v144;
				long long _v152;
				char _v162;
				short _v164;
				char _v168;
				char _v184;
				long long _v200;
				long long _v208;
				long long _v216;
				void* __rsi;
				void* __r14;
				char _t49;
				void* _t68;
				signed long long _t87;
				signed long long _t88;
				long long _t92;
				void* _t106;
				long long _t107;
				char _t123;
				long long _t132;
				long long _t138;
				intOrPtr _t141;
				intOrPtr _t144;
				intOrPtr _t147;
				void* _t150;
				long long _t151;
				void* _t152;
				void* _t153;
				intOrPtr _t157;
				long long _t159;

				_t152 = __rbp;
				_a32 = __rbx;
				_t154 = _t153 - 0xe0;
				_t87 =  *0x87d8ec78; // 0x522936145607
				_t88 = _t87 ^ _t153 - 0x000000e0;
				_v40 = _t88;
				_t106 = __r8;
				_t151 = __rdx;
				_t150 = __rcx;
				r14d = 0;
				_v168 = _t159;
				_v144 = 0xf;
				_v152 = 6;
				_t49 = "system"; // 0x74737973
				_v168 = _t49;
				_v164 =  *0x87d7ba84 & 0x0000ffff;
				_v162 = r14b;
				_v136 = _t159;
				asm("movdqa xmm0, [0x329b3]");
				asm("movdqu [esp+0x80], xmm0");
				_v136 = r14b;
				E00007FF87FF887D5D640(__r8, __rcx, __r8);
				if ( &_v136 == _t88) goto 0x87d49a25;
				_t157 =  *((intOrPtr*)(_t88 + 0x10));
				if ( *((long long*)(_t88 + 0x18)) - 0x10 < 0) goto 0x87d49a18;
				E00007FF87FF887D49100(__r8,  &_v136,  *_t88, _t157, _t159);
				E00007FF87FF887D606F0( *((long long*)(_t88 + 0x18)) - 0x10,  *_t88,  &_v168, _t157);
				_t132 = _v144;
				if (_t132 - 0x10 < 0) goto 0x87d49a70;
				if (_t132 + 1 - 0x1000 < 0) goto 0x87d49a6b;
				_t92 = _v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8;
				if (_t92 - 0x1f <= 0) goto 0x87d49a6b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v152 = _t159;
				_v144 = 0xf;
				_v168 = 0;
				E00007FF87FF887D54280(_t68, _t106,  &_v72, _t106, _t151, _t152);
				_t107 = _t92;
				_v184 = _t151;
				E00007FF87FF887D54280(_t68, _t107,  &_v104, _t150, _t151, _t152);
				_v200 = _t107;
				_v208 =  &_v184;
				_v216 = _t92;
				r8d = 0x51;
				_t67 = _t157 - 0x50;
				E00007FF87FF887D45BB0(_t157 - 0x50, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_configureport \'{}\', {:#x}, \'{}\'");
				_t138 = _v80;
				if (_t138 - 0x10 < 0) goto 0x87d49b24;
				if (_t138 + 1 - 0x1000 < 0) goto 0x87d49b1f;
				if (_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d49b1f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v88 = _t159;
				_v80 = 0xf;
				_v104 = 0;
				_t141 = _v48;
				if (_t141 - 0x10 < 0) goto 0x87d49b87;
				if (_t141 + 1 - 0x1000 < 0) goto 0x87d49b81;
				if (_v72 -  *((intOrPtr*)(_v72 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d49b81;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				E00007FF87FF887D606F0(_v72 -  *((intOrPtr*)(_v72 - 8)) + 0xfffffff8 - 0x1f, _v72 -  *((intOrPtr*)(_v72 - 8)) + 0xfffffff8,  &_v136, _t157);
				_t144 = _v112;
				if (_t144 - 0x10 < 0) goto 0x87d49bd5;
				_t123 = _v136;
				if (_t144 + 1 - 0x1000 < 0) goto 0x87d49bcf;
				_t101 = _t123 -  *((intOrPtr*)(_t123 - 8)) + 0xfffffff8;
				_t82 = _t123 -  *((intOrPtr*)(_t123 - 8)) + 0xfffffff8 - 0x1f;
				if (_t123 -  *((intOrPtr*)(_t123 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d49bcf;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				E00007FF87FF887D606F0(_t82, _t101,  &_v136, _t157);
				_t147 = _v112;
				if (_t147 - 0x10 < 0) goto 0x87d49c2a;
				if (_t147 + 1 - 0x1000 < 0) goto 0x87d49c24;
				if (_v136 -  *((intOrPtr*)(_v136 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d49c24;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				return E00007FF87FF887D65E20(0, _t67, _v40 ^ _t154);
			}









































                                                            0x7ff887d49980
                                                            0x7ff887d49980
                                                            0x7ff887d49989
                                                            0x7ff887d49990
                                                            0x7ff887d49997
                                                            0x7ff887d4999a
                                                            0x7ff887d499a2
                                                            0x7ff887d499a5
                                                            0x7ff887d499a8
                                                            0x7ff887d499ab
                                                            0x7ff887d499ae
                                                            0x7ff887d499b3
                                                            0x7ff887d499bc
                                                            0x7ff887d499c5
                                                            0x7ff887d499cb
                                                            0x7ff887d499d6
                                                            0x7ff887d499db
                                                            0x7ff887d499e0
                                                            0x7ff887d499e5
                                                            0x7ff887d499ed
                                                            0x7ff887d499f6
                                                            0x7ff887d499fb
                                                            0x7ff887d49a08
                                                            0x7ff887d49a0a
                                                            0x7ff887d49a13
                                                            0x7ff887d49a20
                                                            0x7ff887d49a2a
                                                            0x7ff887d49a30
                                                            0x7ff887d49a39
                                                            0x7ff887d49a4d
                                                            0x7ff887d49a5a
                                                            0x7ff887d49a62
                                                            0x7ff887d49a64
                                                            0x7ff887d49a6a
                                                            0x7ff887d49a6b
                                                            0x7ff887d49a70
                                                            0x7ff887d49a75
                                                            0x7ff887d49a7e
                                                            0x7ff887d49a8e
                                                            0x7ff887d49a93
                                                            0x7ff887d49a96
                                                            0x7ff887d49aa6
                                                            0x7ff887d49aac
                                                            0x7ff887d49ab6
                                                            0x7ff887d49abb
                                                            0x7ff887d49ac7
                                                            0x7ff887d49ad4
                                                            0x7ff887d49ad8
                                                            0x7ff887d49ade
                                                            0x7ff887d49aea
                                                            0x7ff887d49b01
                                                            0x7ff887d49b16
                                                            0x7ff887d49b18
                                                            0x7ff887d49b1e
                                                            0x7ff887d49b1f
                                                            0x7ff887d49b24
                                                            0x7ff887d49b2c
                                                            0x7ff887d49b38
                                                            0x7ff887d49b40
                                                            0x7ff887d49b4c
                                                            0x7ff887d49b63
                                                            0x7ff887d49b78
                                                            0x7ff887d49b7a
                                                            0x7ff887d49b80
                                                            0x7ff887d49b81
                                                            0x7ff887d49b8c
                                                            0x7ff887d49b91
                                                            0x7ff887d49b9d
                                                            0x7ff887d49ba2
                                                            0x7ff887d49bb1
                                                            0x7ff887d49bbe
                                                            0x7ff887d49bc2
                                                            0x7ff887d49bc6
                                                            0x7ff887d49bc8
                                                            0x7ff887d49bce
                                                            0x7ff887d49bcf
                                                            0x7ff887d49be1
                                                            0x7ff887d49be6
                                                            0x7ff887d49bf2
                                                            0x7ff887d49c06
                                                            0x7ff887d49c1b
                                                            0x7ff887d49c1d
                                                            0x7ff887d49c23
                                                            0x7ff887d49c24
                                                            0x7ff887d49c4f

                                                            APIs
                                                              • Part of subcall function 00007FF887D5D640: __tlregdtor.LIBCMT ref: 00007FF887D5D690
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D49A64
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D49B18
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D49B7A
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D49BC8
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                            • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_configureport '{}', {:#x}, '{}'$system
                                                            • API String ID: 333172304-3163355225
                                                            • Opcode ID: e14ab46071b807c50b760bae5b8b4710aa90fb6ebf50a14d2b1117d1926ebb90
                                                            • Instruction ID: 4f6e5d1c3be44514a9e7d94d69bd2a6345eed7a4a77d256b6a0381010154a130
                                                            • Opcode Fuzzy Hash: e14ab46071b807c50b760bae5b8b4710aa90fb6ebf50a14d2b1117d1926ebb90
                                                            • Instruction Fuzzy Hash: A8519362A98AC582EA50DB65E4453AE6371FB947E0F404335EAAE16BEDDF7CD080C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D55550 Relevance: 12.2, APIs: 8, Instructions: 248COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FF887D55BDD), ref: 00007FF887D55643
                                                            • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FF887D55BDD), ref: 00007FF887D5565A
                                                            • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FF887D55BDD), ref: 00007FF887D5567E
                                                            • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FF887D55BDD), ref: 00007FF887D55695
                                                            • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FF887D55BDD), ref: 00007FF887D556CE
                                                            • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FF887D55BDD), ref: 00007FF887D556E5
                                                            • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FF887D55BDD), ref: 00007FF887D5573E
                                                            • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FF887D55BDD), ref: 00007FF887D55755
                                                              • Part of subcall function 00007FF887D55480: __std_type_info_compare.VCRUNTIME140(?,?,?,00007FF887D5561B,?,?,00000000,00007FF887D55BDD), ref: 00007FF887D554A6
                                                              • Part of subcall function 00007FF887D55480: __std_type_info_compare.VCRUNTIME140(?,?,?,00007FF887D5561B,?,?,00000000,00007FF887D55BDD), ref: 00007FF887D554DE
                                                              • Part of subcall function 00007FF887D55480: __std_type_info_compare.VCRUNTIME140(?,?,?,00007FF887D5561B,?,?,00000000,00007FF887D55BDD), ref: 00007FF887D55516
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: __std_type_info_compare
                                                            • String ID:
                                                            • API String ID: 4241632388-0
                                                            • Opcode ID: 7d142e9f2ca846a9df2f65f0f1854761cbdd8297f96bc156cff0964b0237385b
                                                            • Instruction ID: e09b3236d4de3c6b91e09ce2e5369a9771179dd78e38ff08e07af7fed27c0be3
                                                            • Opcode Fuzzy Hash: 7d142e9f2ca846a9df2f65f0f1854761cbdd8297f96bc156cff0964b0237385b
                                                            • Instruction Fuzzy Hash: 21A13776B46E9282DA10CF16E98427DA776FB88BD4B058632CB9F47749DF38E161C310
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D5BD30 Relevance: 12.1, APIs: 8, Instructions: 135COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • memmove.VCRUNTIME140(?,?,00000000,?,00007FF887D5E79F), ref: 00007FF887D5BE20
                                                            • memmove.VCRUNTIME140(?,?,00000000,?,00007FF887D5E79F), ref: 00007FF887D5BE37
                                                            • memset.VCRUNTIME140(?,?,00000000,?,00007FF887D5E79F), ref: 00007FF887D5BE4C
                                                            • memmove.VCRUNTIME140(?,?,00000000,?,00007FF887D5E79F), ref: 00007FF887D5BE64
                                                            • memmove.VCRUNTIME140(?,?,00000000,?,00007FF887D5E79F), ref: 00007FF887D5BE7D
                                                            • memset.VCRUNTIME140(?,?,00000000,?,00007FF887D5E79F), ref: 00007FF887D5BE8B
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,00007FF887D5E79F), ref: 00007FF887D5BEEF
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887D5BEF6
                                                              • Part of subcall function 00007FF887D656A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887D48F4E), ref: 00007FF887D656C2
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memmove$memset$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
                                                            • String ID:
                                                            • API String ID: 1282081513-0
                                                            • Opcode ID: f6b35741b10c704098a06c801e1f053a1391e23ad5623e337860fab711777fad
                                                            • Instruction ID: ab6782fd0bfeb62fef335b07177985a34d9e29c02c48bb5eda9564cc6bd89808
                                                            • Opcode Fuzzy Hash: f6b35741b10c704098a06c801e1f053a1391e23ad5623e337860fab711777fad
                                                            • Instruction Fuzzy Hash: D441AD61A4AAC686EA04DF65D4402AC6761FB45BE8F584B36EE6F1BBCDCE7CD050C300
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D6B140 Relevance: 10.6, APIs: 7, Instructions: 134COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF887D6B1C7
                                                            • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF887D6B21E
                                                            • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF887D6B248
                                                            • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FF887D6B283
                                                            • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF887D6B2B7
                                                            • ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FF887D6B2BE
                                                            • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF887D6B2CA
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
                                                            • String ID:
                                                            • API String ID: 1492985063-0
                                                            • Opcode ID: 9d0936fb1a672e1796aba82365c1d2076bff5db8fa4339c5f789ed29314c767b
                                                            • Instruction ID: 462962730059707eea7186e1efa3933a5769663632a2bb50bf3715e34dec8441
                                                            • Opcode Fuzzy Hash: 9d0936fb1a672e1796aba82365c1d2076bff5db8fa4339c5f789ed29314c767b
                                                            • Instruction Fuzzy Hash: 7E516262648A4191EB208B5AD58423CB7B1FB89FD9F258235DE4F077A8CF3DE542C340
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D4C670 Relevance: 10.6, APIs: 7, Instructions: 125COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(00000009,?,?,?,?,00007FF887D4F95E), ref: 00007FF887D4C6D3
                                                            • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(00000009,?,?,?,?,00007FF887D4F95E), ref: 00007FF887D4C74A
                                                            • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(00000009,?,?,?,?,00007FF887D4F95E), ref: 00007FF887D4C770
                                                            • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,?,00007FF887D4F95E), ref: 00007FF887D4C79B
                                                            • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140(00000009,?,?,?,?,00007FF887D4F95E), ref: 00007FF887D4C7DC
                                                            • ?uncaught_exception@std@@YA_NXZ.MSVCP140(?,?,?,00007FF887D4F95E), ref: 00007FF887D4C7E3
                                                            • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140(?,?,?,00007FF887D4F95E), ref: 00007FF887D4C7EF
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
                                                            • String ID:
                                                            • API String ID: 2331969452-0
                                                            • Opcode ID: f691e1f04ba2ee2f9ca696224b13ba9103c1a7b8a4e03602e614a439e787b8e8
                                                            • Instruction ID: 6f6fd9828520b66c95e68a8858c19d671f1b55061eb1f6b89b838a049300f301
                                                            • Opcode Fuzzy Hash: f691e1f04ba2ee2f9ca696224b13ba9103c1a7b8a4e03602e614a439e787b8e8
                                                            • Instruction Fuzzy Hash: 52515C22689A4182EB608F1AD09023DA7B0FB85FD9F15C636CE9F477A4CF39D446C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D4E3A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 116COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 15%
                                                            			E00007FF87FF887D4E3A0(void* __eax, void* __ebp, long long __rbx, long long __rcx, void* __rdx, long long _a24) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				signed long long _v104;
				signed long long _v112;
				long long _v120;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r14;
				void* _t35;
				void* _t37;
				signed long long _t52;
				signed long long _t53;
				long long _t66;
				intOrPtr _t83;
				signed long long _t86;
				long long _t87;
				void* _t88;
				void* _t89;
				void* _t92;
				void* _t94;

				_t66 = __rcx;
				_a24 = __rbx;
				_t52 =  *0x87d8ec78; // 0x522936145607
				_t53 = _t52 ^ _t89 - 0x00000070;
				_v56 = _t53;
				_t88 = __rdx;
				_t87 = __rcx;
				if ( *((long long*)(__rdx + 0x10)) == 0) goto 0x87d4e517;
				_t4 = _t66 + 0x70; // 0x70
				_v120 = _t4;
				0x87d65430();
				if (__eax != 0) goto 0x87d4e50f;
				E00007FF87FF887D656A8(E00007FF87FF887D53D90(_t37, _t4,  &_v88, __rcx, __rdx, _t92, _t94), _t53,  &_v88);
				_t86 = _t53;
				_v112 = _t53;
				if (_t53 == 0) goto 0x87d4e43c;
				asm("xorps xmm0, xmm0");
				asm("movups [eax], xmm0");
				 *((intOrPtr*)(_t53 + 8)) = 1;
				 *((intOrPtr*)(_t53 + 0xc)) = 1;
				 *_t86 = 0x87d7c988;
				_t10 = _t86 + 0x10; // 0x10
				E00007FF87FF887D4D640(0x87d7c988, _t4, _t10, _t88, _t53);
				goto 0x87d4e43e;
				_t11 = _t86 + 0x10; // 0x10
				_v112 = _t11;
				_v104 = _t86;
				_t15 = _t87 + 0x60; // 0x60
				E00007FF87FF887D4C830(_t4, _t15,  &_v112, _t87);
				if (_v104 == 0) goto 0x87d4e49d;
				asm("lock xadd [ecx+0x8], eax");
				if (0xffffffff != 1) goto 0x87d4e498;
				 *((intOrPtr*)( *_v104))();
				asm("lock xadd [ebx+0xc], edi");
				if (0xffffffff != 1) goto 0x87d4e498;
				 *((intOrPtr*)( *_v104 + 8))();
				_t83 = _v64;
				if (_t83 - 0x10 < 0) goto 0x87d4e4dd;
				if (_t83 + 1 - 0x1000 < 0) goto 0x87d4e4d8;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4e4d8;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_t35 = E00007FF87FF887D507D0(_v120, _t87, _t86, _t87);
				0x87d65436();
				return E00007FF87FF887D65E20(_t35, 0x118, _v56 ^ _t89 - 0x00000070);
			}

























                                                            0x7ff887d4e3a0
                                                            0x7ff887d4e3a0
                                                            0x7ff887d4e3b0
                                                            0x7ff887d4e3b7
                                                            0x7ff887d4e3ba
                                                            0x7ff887d4e3bf
                                                            0x7ff887d4e3c2
                                                            0x7ff887d4e3ca
                                                            0x7ff887d4e3d0
                                                            0x7ff887d4e3d4
                                                            0x7ff887d4e3dc
                                                            0x7ff887d4e3e3
                                                            0x7ff887d4e3fb
                                                            0x7ff887d4e400
                                                            0x7ff887d4e403
                                                            0x7ff887d4e40b
                                                            0x7ff887d4e40d
                                                            0x7ff887d4e410
                                                            0x7ff887d4e413
                                                            0x7ff887d4e41a
                                                            0x7ff887d4e428
                                                            0x7ff887d4e42b
                                                            0x7ff887d4e435
                                                            0x7ff887d4e43a
                                                            0x7ff887d4e43e
                                                            0x7ff887d4e442
                                                            0x7ff887d4e447
                                                            0x7ff887d4e451
                                                            0x7ff887d4e455
                                                            0x7ff887d4e463
                                                            0x7ff887d4e46c
                                                            0x7ff887d4e474
                                                            0x7ff887d4e481
                                                            0x7ff887d4e483
                                                            0x7ff887d4e48b
                                                            0x7ff887d4e495
                                                            0x7ff887d4e49d
                                                            0x7ff887d4e4a6
                                                            0x7ff887d4e4ba
                                                            0x7ff887d4e4cf
                                                            0x7ff887d4e4d1
                                                            0x7ff887d4e4d7
                                                            0x7ff887d4e4d8
                                                            0x7ff887d4e4e0
                                                            0x7ff887d4e4e9
                                                            0x7ff887d4e50e

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide$C_error@std@@ErrorExceptionLastMtx_lockMtx_unlockPathTempThrowThrow__invalid_parameter_noinfo_noreturnmalloc
                                                            • String ID: port name cannot be empty
                                                            • API String ID: 314681990-1868005089
                                                            • Opcode ID: 7f3501138e338ee3b7d9d33c44808dd3e511c8856744d23ebb6d5a8f62c01bc5
                                                            • Instruction ID: 0121305055fa1a638eca473911f1e00b5a2583f37c25e96f08b29fc7e24798a7
                                                            • Opcode Fuzzy Hash: 7f3501138e338ee3b7d9d33c44808dd3e511c8856744d23ebb6d5a8f62c01bc5
                                                            • Instruction Fuzzy Hash: 43419032A99B8692EA50DB25E4402BD63B0FB84BE4F544331EA5F437A9DF3CE481C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D53D90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 23%
                                                            			E00007FF87FF887D53D90(void* __ebx, long long __rbx, intOrPtr* __rcx, long long __rsi, long long __rbp, void* __r8, void* __r14, long long _a16, long long _a24, long long _a32) {
				void* _v8;
				signed int _v24;
				char _v1064;
				char _v1592;
				char _v1608;
				long long _v1616;
				long long _v1624;
				short _v1632;
				long long _v1640;
				int _t40;
				signed long long _t61;
				intOrPtr* _t81;
				void* _t86;

				_t82 = __rsi;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t61 =  *0x87d8ec78; // 0x522936145607
				_v24 = _t61 ^ _t86 - 0x00000680;
				_v1608 = __rcx;
				_t81 = __rcx;
				_v1064 = 0;
				if (GetTempPathW(??, ??) != 0) goto 0x87d53e14;
				_v1608 = GetLastError();
				r8d = 0xdb;
				_v1640 =  &_v1608;
				_t11 = _t82 + 1; // 0x1
				E00007FF87FF887D535D0(_t11, "c:\\design\\wiservice\\wiservice\\ext\\win\\ext-win-winutil.cpp", __rbp, "couldn\'t get temp folder path, error {}");
				_v1592 = sil;
				if ( *((intOrPtr*)( &_v1064 + 0xfffffffffffffffe)) != 0) goto 0x87d53e30;
				if (0 == 0) goto 0x87d53ea2;
				_v1616 = __rsi;
				_v1624 = __rsi;
				r9d = __ebx;
				_v1632 = 0;
				_v1640 = __rsi;
				_t40 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				if (_t40 == 0) goto 0x87d53ea2;
				_v1616 = __rsi;
				_v1624 = __rsi;
				_t41 =  >  ? 0x208 : _t40;
				r9d = __ebx;
				_v1632 =  >  ? 0x208 : _t40;
				_v1640 =  &_v1592;
				WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				 *_t81 = __rsi;
				 *((long long*)(_t81 + 0x10)) = __rsi;
				 *((long long*)(_t81 + 0x18)) = 0xf;
				 *_t81 = sil;
				if ( *((intOrPtr*)( &_v1592 + 0xffffffff)) != sil) goto 0x87d53ec0;
				return E00007FF87FF887D65E20(E00007FF87FF887D49100(0, _t81,  &_v1592, 0xffffffff, __r14), 0xfde9, _v24 ^ _t86 - 0x00000680);
			}
















                                                            0x7ff887d53d90
                                                            0x7ff887d53d90
                                                            0x7ff887d53d95
                                                            0x7ff887d53d9a
                                                            0x7ff887d53da7
                                                            0x7ff887d53db1
                                                            0x7ff887d53db9
                                                            0x7ff887d53dc6
                                                            0x7ff887d53dd2
                                                            0x7ff887d53de2
                                                            0x7ff887d53dea
                                                            0x7ff887d53dfa
                                                            0x7ff887d53e07
                                                            0x7ff887d53e0c
                                                            0x7ff887d53e0f
                                                            0x7ff887d53e1b
                                                            0x7ff887d53e37
                                                            0x7ff887d53e3c
                                                            0x7ff887d53e3e
                                                            0x7ff887d53e4b
                                                            0x7ff887d53e50
                                                            0x7ff887d53e53
                                                            0x7ff887d53e5e
                                                            0x7ff887d53e63
                                                            0x7ff887d53e6b
                                                            0x7ff887d53e6f
                                                            0x7ff887d53e74
                                                            0x7ff887d53e81
                                                            0x7ff887d53e84
                                                            0x7ff887d53e87
                                                            0x7ff887d53e97
                                                            0x7ff887d53e9c
                                                            0x7ff887d53ea2
                                                            0x7ff887d53eaa
                                                            0x7ff887d53eae
                                                            0x7ff887d53eb6
                                                            0x7ff887d53ec7
                                                            0x7ff887d53f04

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide_invalid_parameter_noinfo_noreturn$ErrorLastPathTemp
                                                            • String ID: c:\design\wiservice\wiservice\ext\win\ext-win-winutil.cpp$couldn't get temp folder path, error {}
                                                            • API String ID: 1286625825-281439859
                                                            • Opcode ID: 860c7eea8b8651675c8de02d71854b649c3b9077d5b219fa0bc9373d784dcf82
                                                            • Instruction ID: 80cd22001aad6302b4101b925a0a604bf0166620574039e782e35be96eaccada
                                                            • Opcode Fuzzy Hash: 860c7eea8b8651675c8de02d71854b649c3b9077d5b219fa0bc9373d784dcf82
                                                            • Instruction Fuzzy Hash: 03411632608B8582E7208F15F4442AEB7B5FB88BD4F44433AEA9E43B98DF38D555CB40
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D582A0 Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D582B2
                                                            • ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D582CC
                                                            • ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D582F6
                                                            • ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D58320
                                                            • std::_Facet_Register.LIBCPMT ref: 00007FF887D58339
                                                            • ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D58358
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887D58369
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Concurrency::cancel_current_taskD@std@@@std@@@std@@Facet_Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@RegisterU?$char_traits@V42@@V?$ostreambuf_iterator@Vfacet@locale@2@std::_
                                                            • String ID:
                                                            • API String ID: 3345465274-0
                                                            • Opcode ID: 4e4a803cf451d749639f82d7c091ac8fe20c97de71ea8e2ae2af82c5be18d0bb
                                                            • Instruction ID: ea5a0499d02b09dcd5ec6439e154dd92650bb92a1f1229821f3fc39dbd1aa5c0
                                                            • Opcode Fuzzy Hash: 4e4a803cf451d749639f82d7c091ac8fe20c97de71ea8e2ae2af82c5be18d0bb
                                                            • Instruction Fuzzy Hash: CF214C25A49A8182EA049B16E48417D6770FB95BE5B184631DE6F477ACDF2CE884C300
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D581D0 Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,00007FF887D6AECA), ref: 00007FF887D581E2
                                                            • ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,00007FF887D6AECA), ref: 00007FF887D581FC
                                                            • ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,00007FF887D6AECA), ref: 00007FF887D58226
                                                            • ?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,00007FF887D6AECA), ref: 00007FF887D58250
                                                            • std::_Facet_Register.LIBCPMT ref: 00007FF887D58269
                                                            • ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,00007FF887D6AECA), ref: 00007FF887D58288
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887D58299
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Concurrency::cancel_current_taskFacet_Getcat@?$codecvt@_Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterV42@@Vfacet@locale@2@std::_
                                                            • String ID:
                                                            • API String ID: 929128910-0
                                                            • Opcode ID: 3a782683d63e8b3b5db5c7f10f913e878a86a5064d5519ca7bc9aeb1d141eeb8
                                                            • Instruction ID: 13bc4dd4e546c9f787af2cf28ef832b171f5f2f50d0e6e3710afc5603c7df9ae
                                                            • Opcode Fuzzy Hash: 3a782683d63e8b3b5db5c7f10f913e878a86a5064d5519ca7bc9aeb1d141eeb8
                                                            • Instruction Fuzzy Hash: 8F213D25A8AA8182EA149B56E48417D6B71FB95BE4F184731DF6F077ACDF3CE885C300
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D76B90 Relevance: 10.1, APIs: 8, Instructions: 100memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: Heap$FreeProcess$Value
                                                            • String ID:
                                                            • API String ID: 3709577838-0
                                                            • Opcode ID: cba726e5eb5ad7b4e1610d0dee1c37cbefd4d62cab8451685cd09f84cd3f4121
                                                            • Instruction ID: 3ccb3f90cdd93d7f0c96f47d631e7a26f1d9e2b525da812d99e4a6ac2b52a2f8
                                                            • Opcode Fuzzy Hash: cba726e5eb5ad7b4e1610d0dee1c37cbefd4d62cab8451685cd09f84cd3f4121
                                                            • Instruction Fuzzy Hash: FA411C21A59A4582EA649B26E49433D63B1FF89FD4F188635CE4F03BA8EF3CE455C740
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D54280 Relevance: 9.2, APIs: 6, Instructions: 157COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide$Concurrency::cancel_current_taskXlength_error@std@@mallocmemset
                                                            • String ID:
                                                            • API String ID: 1152013002-0
                                                            • Opcode ID: 542fc2ed402419ff91edc090ac5f0108e80cbfef90a8c7504d974c129b5f27d7
                                                            • Instruction ID: e13215b2a7fba539946167ff8b2c23bae7fbba3ee9a4b8ed8b85efdf63b392ab
                                                            • Opcode Fuzzy Hash: 542fc2ed402419ff91edc090ac5f0108e80cbfef90a8c7504d974c129b5f27d7
                                                            • Instruction Fuzzy Hash: 41519832A4978182EB249B11B50436EB6B5BB847D4F184734DEAE07BD9DF7CD094D301
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D767A0 Relevance: 9.1, APIs: 6, Instructions: 118COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 54%
                                                            			E00007FF87FF887D767A0() {
				void* _t42;
				void* _t43;
				void* _t58;
				void* _t61;
				long long _t66;
				intOrPtr* _t67;
				long long _t69;
				intOrPtr* _t71;
				void* _t86;
				intOrPtr _t87;
				intOrPtr* _t88;
				long _t92;
				intOrPtr* _t93;
				long* _t96;
				intOrPtr _t97;
				void* _t99;
				void* _t100;
				long* _t102;
				intOrPtr* _t103;
				long _t105;
				void* _t108;
				intOrPtr _t109;
				void* _t111;
				long long _t112;

				 *((long long*)(_t99 + 0x10)) = _t66;
				_t100 = _t99 - 0x20;
				_t103 = _t71;
				 *((char*)(_t71 + 0x28)) = 1;
				E00007FF87FF887D76A20(_t42, _t43, _t61, _t66, _t71 + 0x40, _t86, _t92);
				_t112 =  *((intOrPtr*)(_t103 + 0x78));
				_t93 =  *_t112;
				 *((long long*)(_t100 + 0x60)) = _t93;
				 *((long long*)(_t100 + 0x70)) = _t112;
				if (_t93 == _t112) goto 0x87d76915;
				_t97 =  *((intOrPtr*)(_t93 + 0x10));
				if ( *((intOrPtr*)(_t97 + 0x10)) == 0) goto 0x87d76909;
				E00007FF87FF887D76690( *((intOrPtr*)(_t97 + 0x10)), _t61, _t66, _t97, _t93, _t111);
				if ( *((intOrPtr*)(_t97 + 0x10)) != 0) goto 0x87d76813;
				goto 0x87d768d8;
				 *((intOrPtr*)(_t97 + 0x10)) = 0;
				r8d = 0;
				ReleaseSemaphore(_t108, _t105, _t102);
				_t67 =  *((intOrPtr*)(_t97 + 0x18));
				_t87 =  *((intOrPtr*)(_t97 + 0x20));
				if (_t67 == _t87) goto 0x87d7684f;
				 *((char*)( *_t67 + 0x14)) = 1;
				r8d = 0;
				ReleaseSemaphore(_t86, _t92, _t96);
				if (_t67 + 8 != _t87) goto 0x87d76830;
				_t109 =  *((intOrPtr*)(_t97 + 0x20));
				_t88 =  *((intOrPtr*)(_t97 + 0x18));
				if (_t88 == _t109) goto 0x87d768ba;
				_t69 =  *_t88;
				if (_t69 == 0) goto 0x87d768ad;
				asm("lock xadd [ebx+0x18], eax");
				if (0xffffffff != 1) goto 0x87d768ad;
				if ( *((intOrPtr*)(_t69 + 8)) - 1 - 0xfffffffd > 0) goto 0x87d7688c;
				CloseHandle(??);
				if ( *_t69 - 1 - 0xfffffffd > 0) goto 0x87d768a0;
				CloseHandle(??);
				E00007FF87FF887D656E4();
				if (_t88 + 8 != _t109) goto 0x87d76860;
				 *((long long*)(_t97 + 0x20)) =  *((intOrPtr*)(_t97 + 0x18));
				_t58 =  *((intOrPtr*)(_t97 + 0x30)) - 1 - 0xfffffffd;
				if (_t58 > 0) goto 0x87d768d2;
				CloseHandle(??);
				 *((long long*)(_t97 + 0x30)) = _t69;
				asm("lock xadd [ebp], eax");
				asm("bt eax, 0x1e");
				if (_t58 < 0) goto 0x87d76909;
				if (0x80000000 - 0x80000000 <= 0) goto 0x87d76909;
				asm("lock bts dword [ebp], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x87d76909;
				E00007FF87FF887D5D940(_t97);
				SetEvent(??);
				if ( *_t93 != _t112) goto 0x87d767f0;
				goto ( *((intOrPtr*)( *_t103 + 0x10)));
			}



























                                                            0x7ff887d767a0
                                                            0x7ff887d767b0
                                                            0x7ff887d767b7
                                                            0x7ff887d767ba
                                                            0x7ff887d767c2
                                                            0x7ff887d767c7
                                                            0x7ff887d767cc
                                                            0x7ff887d767cf
                                                            0x7ff887d767d4
                                                            0x7ff887d767dc
                                                            0x7ff887d767f0
                                                            0x7ff887d767f9
                                                            0x7ff887d76802
                                                            0x7ff887d7680c
                                                            0x7ff887d7680e
                                                            0x7ff887d76813
                                                            0x7ff887d76816
                                                            0x7ff887d7681d
                                                            0x7ff887d76823
                                                            0x7ff887d76827
                                                            0x7ff887d7682e
                                                            0x7ff887d76836
                                                            0x7ff887d7683a
                                                            0x7ff887d76840
                                                            0x7ff887d7684d
                                                            0x7ff887d7684f
                                                            0x7ff887d76853
                                                            0x7ff887d7685a
                                                            0x7ff887d76860
                                                            0x7ff887d76866
                                                            0x7ff887d7686d
                                                            0x7ff887d76875
                                                            0x7ff887d76883
                                                            0x7ff887d76885
                                                            0x7ff887d76897
                                                            0x7ff887d76899
                                                            0x7ff887d768a8
                                                            0x7ff887d768b4
                                                            0x7ff887d768ba
                                                            0x7ff887d768c6
                                                            0x7ff887d768ca
                                                            0x7ff887d768cc
                                                            0x7ff887d768d4
                                                            0x7ff887d768dd
                                                            0x7ff887d768e2
                                                            0x7ff887d768e6
                                                            0x7ff887d768ed
                                                            0x7ff887d768ef
                                                            0x7ff887d768f5
                                                            0x7ff887d768fa
                                                            0x7ff887d76902
                                                            0x7ff887d7690f
                                                            0x7ff887d76933

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: CloseHandle$EventReleaseSemaphore$ObjectSingleWait
                                                            • String ID:
                                                            • API String ID: 1488515630-0
                                                            • Opcode ID: 3bcf2f0ad8178168a7f8be7a2930863f511e61aaff0b105efb4953fc0a99a83f
                                                            • Instruction ID: ceaa85909fb4ce30d60c85637c091b5c0dccb3e79868325dc0f3b326d7d087fa
                                                            • Opcode Fuzzy Hash: 3bcf2f0ad8178168a7f8be7a2930863f511e61aaff0b105efb4953fc0a99a83f
                                                            • Instruction Fuzzy Hash: D2417022A44A82CAEB109F25D84467D63B1FB46BE9F585735EE6E437D8EF38D841C340
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D42190 Relevance: 9.1, APIs: 6, Instructions: 118COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 2016347663-0
                                                            • Opcode ID: dfbe2bb97fd55202672e72005a79ffd0a429575f79d2377de772fcddb129c807
                                                            • Instruction ID: 95f635a0296b7c595e5199d96011838fbddefc5a74948e88dd366595611edb40
                                                            • Opcode Fuzzy Hash: dfbe2bb97fd55202672e72005a79ffd0a429575f79d2377de772fcddb129c807
                                                            • Instruction Fuzzy Hash: 3041C161B89A8185EA509B12E4442ADA376FB44BE4F884735DE9E0B7DDDE7CF081C310
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D559F0 Relevance: 9.1, APIs: 6, Instructions: 117COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • memmove.VCRUNTIME140(?,?,?,?,00007FF887D5C1BC,?,?,?,?,?,00007FF887D5C11C,?,?,?,00007FF887D5D3B9), ref: 00007FF887D55ADE
                                                            • memset.VCRUNTIME140(?,?,?,?,00007FF887D5C1BC,?,?,?,?,?,00007FF887D5C11C,?,?,?,00007FF887D5D3B9), ref: 00007FF887D55AEC
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF887D5C1BC,?,?,?,?,?,00007FF887D5C11C,?,?,?,00007FF887D5D3B9), ref: 00007FF887D55B25
                                                            • memmove.VCRUNTIME140(?,?,?,?,00007FF887D5C1BC,?,?,?,?,?,00007FF887D5C11C,?,?,?,00007FF887D5D3B9), ref: 00007FF887D55B2F
                                                            • memset.VCRUNTIME140(?,?,?,?,00007FF887D5C1BC,?,?,?,?,?,00007FF887D5C11C,?,?,?,00007FF887D5D3B9), ref: 00007FF887D55B3D
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887D55B72
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memmovememset$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 2171940698-0
                                                            • Opcode ID: 34bb71b0ba394ae16318a7d290492d0c7af7ec8d63b37f31e4ad3571e89afd36
                                                            • Instruction ID: 4717cd558ef4aef7e2693e73ac5adfe8fff1b810dd7f78f54ce7abbc2be5dd7b
                                                            • Opcode Fuzzy Hash: 34bb71b0ba394ae16318a7d290492d0c7af7ec8d63b37f31e4ad3571e89afd36
                                                            • Instruction Fuzzy Hash: E741A121B4ABC186EA11DB12A5442ADA766FB44BE0F584731DEAF0B7DDCE7CE041C304
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D714B0 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 338COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FF887D7160E
                                                            • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FF887D718FF
                                                            • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FF887D71A9C
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ?write@?$basic_ostream@D@std@@@std@@U?$char_traits@V12@
                                                            • String ID: ''''$0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures
                                                            • API String ID: 2277189856-568624354
                                                            • Opcode ID: f3eae634b5f49669f20d308f01c8813e58f466c40bdd9b7c1452c2ca4684f687
                                                            • Instruction ID: 922f88c166188671205106c51f9edb75772e7c6098ece72b2f0e394814dabb70
                                                            • Opcode Fuzzy Hash: f3eae634b5f49669f20d308f01c8813e58f466c40bdd9b7c1452c2ca4684f687
                                                            • Instruction Fuzzy Hash: 8DE1755BD28BD340F603473969125A8A720BFE77C4F10E72BFEE532916EF2993519214
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D71B10 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 331COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FF887D71C9B
                                                            • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FF887D71EE9
                                                            • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FF887D720D2
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ?write@?$basic_ostream@D@std@@@std@@U?$char_traits@V12@
                                                            • String ID: ''''$0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures
                                                            • API String ID: 2277189856-568624354
                                                            • Opcode ID: 5c4c044f33b61bb6b48a3a84244ff2c7c72e4787eb40354a53abca28040c53ac
                                                            • Instruction ID: 4bf393dbfd261181401c6d6382f9dd7fadf6f359850789b8b104e7c4a1e8dc68
                                                            • Opcode Fuzzy Hash: 5c4c044f33b61bb6b48a3a84244ff2c7c72e4787eb40354a53abca28040c53ac
                                                            • Instruction Fuzzy Hash: 2BE19216E34BD341F712473DA4065A8A720BFE77C4F11D727FE9932A26EB29D2819204
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D43510 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 127COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 58%
                                                            			E00007FF87FF887D43510(long long __rbx, signed char* __rcx, void* __rdx, long long __rdi, long long __rsi, intOrPtr* __r8, char _a8, long long _a16, long long _a24, long long _a32) {
				void* _v8;
				signed int _t31;
				void* _t43;
				void* _t49;
				signed char* _t56;
				signed char* _t57;
				char* _t58;
				signed char* _t59;
				intOrPtr _t67;
				signed char* _t74;
				void* _t85;
				char* _t87;

				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t74 = __rcx;
				r9d =  *__rcx & 0x000000ff;
				if (r9b >= 0) goto 0x87d4354a;
				_t56 =  &(__rcx[1]);
				if (_t56 == __rdx) goto 0x87d43551;
				if (( *_t56 & 0xc0) == 0x80) goto 0x87d43537;
				goto 0x87d4354e;
				_t57 =  &(__rcx[1]);
				_t43 = _t57 - __rdx;
				_t58 =  ==  ? __rcx : _t57;
				if (_t43 == 0) goto 0x87d4358f;
				if (_t43 == 0) goto 0x87d43588;
				if (_t43 == 0) goto 0x87d43581;
				if ( *_t58 - 0x3a == 0x20) goto 0x87d4357a;
				if (_t58 == __rcx) goto 0x87d43632;
				_t59 = __rcx;
				goto 0x87d43555;
				goto 0x87d43594;
				goto 0x87d43594;
				goto 0x87d43594;
				if (__rcx == __rcx) goto 0x87d435f6;
				if (r9b != 0x7b) goto 0x87d435b8;
				_a8 = 0;
				E00007FF87FF887D650C0(__rcx, "invalid fill character \'{\'");
				goto 0x87d43632;
				_t85 = _t59 - _t74;
				_t87 =  *__r8 + 0x11;
				if (_t85 - 4 > 0) goto 0x87d4364c;
				_t49 = _t85;
				if (_t49 == 0) goto 0x87d435f0;
				 *_t87 =  *(_t74 - _t87 + _t87) & 0x000000ff;
				if (_t49 != 0) goto 0x87d435e0;
				 *((intOrPtr*)(_t87 + 4)) = r8b;
				goto 0x87d435f9;
				if (1 != 4) goto 0x87d43624;
				if ( *((intOrPtr*)(__r8 + 0x20)) - 1 - 0xb <= 0) goto 0x87d43624;
				_a8 = 0;
				E00007FF87FF887D650C0(_t74 - _t87, "format specifier requires numeric argument");
				_t67 =  *__r8;
				_t31 =  *(_t67 + 0xc) & 0xfffffff0 | 0x00000001;
				 *(_t67 + 0xc) = _t31;
				return _t31;
			}















                                                            0x7ff887d43510
                                                            0x7ff887d43515
                                                            0x7ff887d4351a
                                                            0x7ff887d43528
                                                            0x7ff887d4352e
                                                            0x7ff887d43535
                                                            0x7ff887d43537
                                                            0x7ff887d4353d
                                                            0x7ff887d43546
                                                            0x7ff887d43548
                                                            0x7ff887d4354a
                                                            0x7ff887d4354e
                                                            0x7ff887d43551
                                                            0x7ff887d4355b
                                                            0x7ff887d43560
                                                            0x7ff887d43565
                                                            0x7ff887d4356a
                                                            0x7ff887d4356f
                                                            0x7ff887d43575
                                                            0x7ff887d43578
                                                            0x7ff887d4357f
                                                            0x7ff887d43586
                                                            0x7ff887d4358d
                                                            0x7ff887d43597
                                                            0x7ff887d4359d
                                                            0x7ff887d435a1
                                                            0x7ff887d435b1
                                                            0x7ff887d435b6
                                                            0x7ff887d435bb
                                                            0x7ff887d435c1
                                                            0x7ff887d435c9
                                                            0x7ff887d435cf
                                                            0x7ff887d435d2
                                                            0x7ff887d435e4
                                                            0x7ff887d435ee
                                                            0x7ff887d435f0
                                                            0x7ff887d435f4
                                                            0x7ff887d43600
                                                            0x7ff887d4360b
                                                            0x7ff887d4360f
                                                            0x7ff887d4361f
                                                            0x7ff887d43624
                                                            0x7ff887d4362d
                                                            0x7ff887d4362f
                                                            0x7ff887d4364b

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ExceptionThrow__std_exception_copy
                                                            • String ID: format specifier requires numeric argument$invalid fill$invalid fill character '{'
                                                            • API String ID: 1552479455-4061151604
                                                            • Opcode ID: 5c02c8c272ac9fefe5d792e7419a5383d88d5e431b2cf8836fd372669443061f
                                                            • Instruction ID: b04da46ded6d5adbbfc4901bdba6f2b3d8c0a10e83ec3b21b8a9fffac285c8a8
                                                            • Opcode Fuzzy Hash: 5c02c8c272ac9fefe5d792e7419a5383d88d5e431b2cf8836fd372669443061f
                                                            • Instruction Fuzzy Hash: 9541C423E8C68295EB90CB2CD54017DABB1FB557C0F584232EA8E67A9DDE2CE541C780
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D4A8F0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 123COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 51%
                                                            			E00007FF87FF887D4A8F0(long long __rcx, long long __rdx, void* __rbp, long long __r9) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v96;
				long long _v104;
				short _v116;
				char _v120;
				char _v136;
				char _v144;
				char _v152;
				char _v160;
				char _v168;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				void* __rbx;
				void* __r14;
				char _t47;
				void* _t54;
				signed long long _t77;
				signed long long _t78;
				intOrPtr* _t93;
				char _t103;
				long long _t112;
				intOrPtr _t117;
				intOrPtr _t120;
				long long _t123;
				long long _t124;
				void* _t126;
				void* _t129;
				void* _t135;
				void* _t136;
				long long _t137;

				_t135 = _t126;
				_t127 = _t126 - 0xc0;
				_t77 =  *0x87d8ec78; // 0x522936145607
				_t78 = _t77 ^ _t126 - 0x000000c0;
				_v56 = _t78;
				_t93 = __r9;
				r14d = r8d;
				_t123 = __rdx;
				_t124 = __rcx;
				_v160 = r14d;
				r15d = 0;
				 *((long long*)(_t135 - 0x78)) = _t137;
				 *((long long*)(_t135 - 0x60)) = 0xf;
				 *((long long*)(_t135 - 0x68)) = 6;
				_t47 = "system"; // 0x74737973
				_v120 = _t47;
				_v116 =  *0x87d7ba84 & 0x0000ffff;
				 *((intOrPtr*)(_t135 - 0x72)) = r15b;
				 *((long long*)(_t135 - 0x58)) = _t137;
				asm("movdqa xmm0, [0x31a3f]");
				asm("repe inc ecx");
				 *((intOrPtr*)(_t135 - 0x58)) = r15b;
				E00007FF87FF887D5D640(__r9, __rcx, _t129);
				if ( &_v88 == _t78) goto 0x87d4a99b;
				if ( *((long long*)(_t78 + 0x18)) - 0x10 < 0) goto 0x87d4a98b;
				E00007FF87FF887D49100(__r9,  &_v88,  *_t78,  *((intOrPtr*)(_t78 + 0x10)), _t136);
				E00007FF87FF887D606F0( *((long long*)(_t78 + 0x18)) - 0x10,  *_t78,  &_v120,  *((intOrPtr*)(_t78 + 0x10)));
				_t112 = _v96;
				if (_t112 - 0x10 < 0) goto 0x87d4a9e9;
				if (_t112 + 1 - 0x1000 < 0) goto 0x87d4a9e4;
				if (_v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4a9e4;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v104 = _t137;
				_v96 = 0xf;
				_v120 = 0;
				 *((intOrPtr*)(__r9)) = r15d;
				_v168 = r15d;
				_v144 = __r9;
				_v136 = _t123;
				_v152 = _t124;
				_v176 =  &_v144;
				_v184 =  &_v160;
				_v192 =  &_v136;
				_v200 =  &_v152;
				r8d = 0x94;
				E00007FF87FF887D46160(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_readport {:#x}, {:#x}, {}, {:#x}");
				_t54 = E00007FF87FF887D4E0D0( *((intOrPtr*)(_v120 - 8)), "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp");
				_v200 =  &_v168;
				_t131 = _t123;
				E00007FF87FF887D507C0(_t54);
				 *_t93 = _v168;
				E00007FF87FF887D606F0(_v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8 - 0x1f,  &_v152,  &_v88, _t123);
				_t117 = _v64;
				if (_t117 - 0x10 < 0) goto 0x87d4aadb;
				_t103 = _v88;
				if (_t117 + 1 - 0x1000 < 0) goto 0x87d4aad5;
				_t89 = _t103 -  *((intOrPtr*)(_t103 - 8)) + 0xfffffff8;
				_t72 = _t103 -  *((intOrPtr*)(_t103 - 8)) + 0xfffffff8 - 0x1f;
				if (_t103 -  *((intOrPtr*)(_t103 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4aad5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				E00007FF87FF887D606F0(_t72, _t89,  &_v88, _t131);
				_t120 = _v64;
				if (_t120 - 0x10 < 0) goto 0x87d4ab36;
				if (_t120 + 1 - 0x1000 < 0) goto 0x87d4ab30;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4ab30;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				return E00007FF87FF887D65E20(0, 1, _v56 ^ _t127);
			}





































                                                            0x7ff887d4a8f0
                                                            0x7ff887d4a8fa
                                                            0x7ff887d4a901
                                                            0x7ff887d4a908
                                                            0x7ff887d4a90b
                                                            0x7ff887d4a913
                                                            0x7ff887d4a916
                                                            0x7ff887d4a919
                                                            0x7ff887d4a91c
                                                            0x7ff887d4a91f
                                                            0x7ff887d4a924
                                                            0x7ff887d4a927
                                                            0x7ff887d4a92b
                                                            0x7ff887d4a933
                                                            0x7ff887d4a93b
                                                            0x7ff887d4a941
                                                            0x7ff887d4a94c
                                                            0x7ff887d4a951
                                                            0x7ff887d4a955
                                                            0x7ff887d4a959
                                                            0x7ff887d4a961
                                                            0x7ff887d4a967
                                                            0x7ff887d4a96b
                                                            0x7ff887d4a97b
                                                            0x7ff887d4a986
                                                            0x7ff887d4a996
                                                            0x7ff887d4a9a0
                                                            0x7ff887d4a9a6
                                                            0x7ff887d4a9b2
                                                            0x7ff887d4a9c6
                                                            0x7ff887d4a9db
                                                            0x7ff887d4a9dd
                                                            0x7ff887d4a9e3
                                                            0x7ff887d4a9e4
                                                            0x7ff887d4a9e9
                                                            0x7ff887d4a9f1
                                                            0x7ff887d4a9fd
                                                            0x7ff887d4aa02
                                                            0x7ff887d4aa05
                                                            0x7ff887d4aa0a
                                                            0x7ff887d4aa0f
                                                            0x7ff887d4aa14
                                                            0x7ff887d4aa1e
                                                            0x7ff887d4aa28
                                                            0x7ff887d4aa32
                                                            0x7ff887d4aa3c
                                                            0x7ff887d4aa48
                                                            0x7ff887d4aa5a
                                                            0x7ff887d4aa5f
                                                            0x7ff887d4aa6d
                                                            0x7ff887d4aa72
                                                            0x7ff887d4aa7b
                                                            0x7ff887d4aa85
                                                            0x7ff887d4aa8f
                                                            0x7ff887d4aa94
                                                            0x7ff887d4aaa0
                                                            0x7ff887d4aaa5
                                                            0x7ff887d4aab7
                                                            0x7ff887d4aac4
                                                            0x7ff887d4aac8
                                                            0x7ff887d4aacc
                                                            0x7ff887d4aace
                                                            0x7ff887d4aad4
                                                            0x7ff887d4aad5
                                                            0x7ff887d4aaea
                                                            0x7ff887d4aaef
                                                            0x7ff887d4aafb
                                                            0x7ff887d4ab12
                                                            0x7ff887d4ab27
                                                            0x7ff887d4ab29
                                                            0x7ff887d4ab2f
                                                            0x7ff887d4ab30
                                                            0x7ff887d4ab56

                                                            APIs
                                                              • Part of subcall function 00007FF887D5D640: __tlregdtor.LIBCMT ref: 00007FF887D5D690
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4A9DD
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4AACE
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                            • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_readport {:#x}, {:#x}, {}, {:#x}$system
                                                            • API String ID: 333172304-2826333439
                                                            • Opcode ID: 63654d137c15f83f08eb559c95b2f5fad86409a222d48f8664635b54fdbb5bfd
                                                            • Instruction ID: 1bc9bbbce56fa19e3fe0d0889a654f3c6fa33fcfea83a3f8ee9bc255b5d5f49f
                                                            • Opcode Fuzzy Hash: 63654d137c15f83f08eb559c95b2f5fad86409a222d48f8664635b54fdbb5bfd
                                                            • Instruction Fuzzy Hash: 67516D62A58B8186EB10DB65E4453AE73B5FB857D0F500336EA9E03BA9DF7CD484C740
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D4AE80 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 122COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 53%
                                                            			E00007FF87FF887D4AE80(long long __rcx, long long __rdx, void* __rbp, long long __r9) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v96;
				long long _v104;
				short _v116;
				char _v120;
				char _v136;
				char _v144;
				char _v152;
				char _v160;
				char _v168;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				void* __rbx;
				void* __r14;
				char _t47;
				void* _t54;
				void* _t64;
				signed long long _t78;
				signed long long _t79;
				intOrPtr* _t94;
				char _t104;
				long long _t113;
				intOrPtr _t118;
				intOrPtr _t121;
				long long _t124;
				long long _t125;
				void* _t127;
				void* _t130;
				void* _t136;
				void* _t137;
				long long _t138;

				_t136 = _t127;
				_t128 = _t127 - 0xc0;
				_t78 =  *0x87d8ec78; // 0x522936145607
				_t79 = _t78 ^ _t127 - 0x000000c0;
				_v56 = _t79;
				_t94 = __r9;
				r14d = r8d;
				_t124 = __rdx;
				_t125 = __rcx;
				_v160 = r14d;
				r15d = 0;
				 *((long long*)(_t136 - 0x78)) = _t138;
				 *((long long*)(_t136 - 0x60)) = 0xf;
				 *((long long*)(_t136 - 0x68)) = 6;
				_t47 = "system"; // 0x74737973
				_v120 = _t47;
				_v116 =  *0x87d7ba84 & 0x0000ffff;
				 *((intOrPtr*)(_t136 - 0x72)) = r15b;
				 *((long long*)(_t136 - 0x58)) = _t138;
				asm("movdqa xmm0, [0x314af]");
				asm("repe inc ecx");
				 *((intOrPtr*)(_t136 - 0x58)) = r15b;
				E00007FF87FF887D5D640(__r9, __rcx, _t130);
				if ( &_v88 == _t79) goto 0x87d4af2b;
				if ( *((long long*)(_t79 + 0x18)) - 0x10 < 0) goto 0x87d4af1b;
				E00007FF87FF887D49100(__r9,  &_v88,  *_t79,  *((intOrPtr*)(_t79 + 0x10)), _t137);
				E00007FF87FF887D606F0( *((long long*)(_t79 + 0x18)) - 0x10,  *_t79,  &_v120,  *((intOrPtr*)(_t79 + 0x10)));
				_t113 = _v96;
				if (_t113 - 0x10 < 0) goto 0x87d4af79;
				if (_t113 + 1 - 0x1000 < 0) goto 0x87d4af74;
				if (_v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4af74;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v104 = _t138;
				_v96 = 0xf;
				_v120 = 0;
				 *((intOrPtr*)(__r9)) = r15d;
				_v168 = r15d;
				_v144 = __r9;
				_v136 = _t124;
				_v152 = _t125;
				_v176 =  &_v144;
				_v184 =  &_v160;
				_v192 =  &_v136;
				_v200 =  &_v152;
				r8d = 0xa7;
				E00007FF87FF887D46160(0, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_writeport {:#x}, {:#x}, {}, {:#x}");
				_t54 = E00007FF87FF887D4E0D0( *((intOrPtr*)(_v120 - 8)), "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp");
				_v200 =  &_v168;
				_t132 = _t124;
				E00007FF87FF887D52420(_t54, _t64, _t94,  &_v152, _t125, _t124, _t124 + _t137);
				 *_t94 = _v168;
				E00007FF87FF887D606F0(_v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8 - 0x1f,  &_v152,  &_v88, _t124);
				_t118 = _v64;
				if (_t118 - 0x10 < 0) goto 0x87d4b068;
				_t104 = _v88;
				if (_t118 + 1 - 0x1000 < 0) goto 0x87d4b062;
				_t90 = _t104 -  *((intOrPtr*)(_t104 - 8)) + 0xfffffff8;
				_t73 = _t104 -  *((intOrPtr*)(_t104 - 8)) + 0xfffffff8 - 0x1f;
				if (_t104 -  *((intOrPtr*)(_t104 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4b062;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				E00007FF87FF887D606F0(_t73, _t90,  &_v88, _t132);
				_t121 = _v64;
				if (_t121 - 0x10 < 0) goto 0x87d4b0c3;
				if (_t121 + 1 - 0x1000 < 0) goto 0x87d4b0bd;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4b0bd;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				return E00007FF87FF887D65E20(0, 0, _v56 ^ _t128);
			}






































                                                            0x7ff887d4ae80
                                                            0x7ff887d4ae8a
                                                            0x7ff887d4ae91
                                                            0x7ff887d4ae98
                                                            0x7ff887d4ae9b
                                                            0x7ff887d4aea3
                                                            0x7ff887d4aea6
                                                            0x7ff887d4aea9
                                                            0x7ff887d4aeac
                                                            0x7ff887d4aeaf
                                                            0x7ff887d4aeb4
                                                            0x7ff887d4aeb7
                                                            0x7ff887d4aebb
                                                            0x7ff887d4aec3
                                                            0x7ff887d4aecb
                                                            0x7ff887d4aed1
                                                            0x7ff887d4aedc
                                                            0x7ff887d4aee1
                                                            0x7ff887d4aee5
                                                            0x7ff887d4aee9
                                                            0x7ff887d4aef1
                                                            0x7ff887d4aef7
                                                            0x7ff887d4aefb
                                                            0x7ff887d4af0b
                                                            0x7ff887d4af16
                                                            0x7ff887d4af26
                                                            0x7ff887d4af30
                                                            0x7ff887d4af36
                                                            0x7ff887d4af42
                                                            0x7ff887d4af56
                                                            0x7ff887d4af6b
                                                            0x7ff887d4af6d
                                                            0x7ff887d4af73
                                                            0x7ff887d4af74
                                                            0x7ff887d4af79
                                                            0x7ff887d4af81
                                                            0x7ff887d4af8d
                                                            0x7ff887d4af92
                                                            0x7ff887d4af95
                                                            0x7ff887d4af9a
                                                            0x7ff887d4af9f
                                                            0x7ff887d4afa4
                                                            0x7ff887d4afae
                                                            0x7ff887d4afb8
                                                            0x7ff887d4afc2
                                                            0x7ff887d4afcc
                                                            0x7ff887d4afd8
                                                            0x7ff887d4afe7
                                                            0x7ff887d4afec
                                                            0x7ff887d4affa
                                                            0x7ff887d4afff
                                                            0x7ff887d4b008
                                                            0x7ff887d4b012
                                                            0x7ff887d4b01c
                                                            0x7ff887d4b021
                                                            0x7ff887d4b02d
                                                            0x7ff887d4b032
                                                            0x7ff887d4b044
                                                            0x7ff887d4b051
                                                            0x7ff887d4b055
                                                            0x7ff887d4b059
                                                            0x7ff887d4b05b
                                                            0x7ff887d4b061
                                                            0x7ff887d4b062
                                                            0x7ff887d4b077
                                                            0x7ff887d4b07c
                                                            0x7ff887d4b088
                                                            0x7ff887d4b09f
                                                            0x7ff887d4b0b4
                                                            0x7ff887d4b0b6
                                                            0x7ff887d4b0bc
                                                            0x7ff887d4b0bd
                                                            0x7ff887d4b0e3

                                                            APIs
                                                              • Part of subcall function 00007FF887D5D640: __tlregdtor.LIBCMT ref: 00007FF887D5D690
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4AF6D
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4B05B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                            • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_writeport {:#x}, {:#x}, {}, {:#x}$system
                                                            • API String ID: 333172304-2630413138
                                                            • Opcode ID: ddacbfdd1a9649652c7a86655d04096a8500b7752d6a0cdd5784e42f15562c43
                                                            • Instruction ID: bab51b97d983740a2772d0d5d2e5d5edec15425f71ddf2984eac0f069edad68f
                                                            • Opcode Fuzzy Hash: ddacbfdd1a9649652c7a86655d04096a8500b7752d6a0cdd5784e42f15562c43
                                                            • Instruction Fuzzy Hash: 67514D62A98B8186EB10DB25E4443AE73B5FB957D4F500336EA9E43BA9DF7CD484C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D4C470 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 106COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 42%
                                                            			E00007FF87FF887D4C470(long long __rcx, long long __rdx, void* __rbp, long long __r8, void* __r14) {
				signed int _v40;
				intOrPtr _v48;
				char _v72;
				long long _v80;
				long long _v88;
				char _v104;
				char _v120;
				char _v128;
				char _v136;
				char _v144;
				char _v152;
				long long _v168;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				void* __rbx;
				char _t41;
				signed long long _t61;
				signed long long _t62;
				long long _t75;
				long long _t89;
				intOrPtr _t93;
				long long _t96;
				long long _t97;
				void* _t99;
				void* _t105;

				_t105 = _t99;
				_t61 =  *0x87d8ec78; // 0x522936145607
				_t62 = _t61 ^ _t99 - 0x000000d0;
				_v40 = _t62;
				_t75 = __r8;
				_t97 = __rdx;
				_t96 = __rcx;
				_v136 = __r8;
				_v152 = r9d;
				 *((long long*)(_t105 - 0x68)) = 0;
				 *((long long*)(_t105 - 0x50)) = 0xf;
				 *((long long*)(_t105 - 0x58)) = 6;
				_t41 = "rundll"; // 0x646e7572
				 *((intOrPtr*)(_t105 - 0x68)) = _t41;
				 *((short*)(_t105 - 0x64)) =  *0x87d7bfe8 & 0x0000ffff;
				 *((char*)(_t105 - 0x62)) = 0;
				 *((long long*)(_t105 - 0x48)) = 0;
				asm("movdqa xmm0, [0x2febb]");
				asm("repe inc ecx");
				 *((char*)(_t105 - 0x48)) = 0;
				E00007FF87FF887D5D640(__r8, __rcx, __r8);
				if ( &_v72 == _t62) goto 0x87d4c520;
				if ( *((long long*)(_t62 + 0x18)) - 0x10 < 0) goto 0x87d4c510;
				E00007FF87FF887D49100(__r8,  &_v72,  *_t62,  *((intOrPtr*)(_t62 + 0x10)), __r14);
				E00007FF87FF887D606F0( *((long long*)(_t62 + 0x18)) - 0x10,  *_t62,  &_v104,  *((intOrPtr*)(_t62 + 0x10)));
				_t89 = _v80;
				if (_t89 - 0x10 < 0) goto 0x87d4c574;
				if (_t89 + 1 - 0x1000 < 0) goto 0x87d4c56f;
				if (_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4c56f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v88 = 0;
				_v80 = 0xf;
				_v104 = 0;
				_v128 = _t75;
				_v120 = _t97;
				_v144 = _t96;
				_v168 =  &_v152;
				_v176 =  &_v136;
				_v184 =  &_v128;
				_v192 =  &_v120;
				_v200 =  &_v144;
				r8d = 0x113;
				E00007FF87FF887D46330(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "RunDllCallback {:#x}, {:#x}, {:#x} -> \'{}\', {}");
				E00007FF87FF887D606F0(_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f,  &_v144,  &_v72,  *((intOrPtr*)(_t62 + 0x10)));
				_t93 = _v48;
				if (_t93 - 0x10 < 0) goto 0x87d4c648;
				if (_t93 + 1 - 0x1000 < 0) goto 0x87d4c642;
				if (_v72 -  *((intOrPtr*)(_v72 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4c642;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887D65E20(E00007FF87FF887D656E4(), 1, _v40 ^ _t99 - 0x000000d0);
			}






























                                                            0x7ff887d4c470
                                                            0x7ff887d4c47d
                                                            0x7ff887d4c484
                                                            0x7ff887d4c487
                                                            0x7ff887d4c48f
                                                            0x7ff887d4c492
                                                            0x7ff887d4c495
                                                            0x7ff887d4c498
                                                            0x7ff887d4c49d
                                                            0x7ff887d4c4a2
                                                            0x7ff887d4c4aa
                                                            0x7ff887d4c4b2
                                                            0x7ff887d4c4ba
                                                            0x7ff887d4c4c0
                                                            0x7ff887d4c4cb
                                                            0x7ff887d4c4d0
                                                            0x7ff887d4c4d5
                                                            0x7ff887d4c4dd
                                                            0x7ff887d4c4e5
                                                            0x7ff887d4c4eb
                                                            0x7ff887d4c4f0
                                                            0x7ff887d4c500
                                                            0x7ff887d4c50b
                                                            0x7ff887d4c51b
                                                            0x7ff887d4c528
                                                            0x7ff887d4c52e
                                                            0x7ff887d4c53a
                                                            0x7ff887d4c551
                                                            0x7ff887d4c566
                                                            0x7ff887d4c568
                                                            0x7ff887d4c56e
                                                            0x7ff887d4c56f
                                                            0x7ff887d4c574
                                                            0x7ff887d4c580
                                                            0x7ff887d4c58c
                                                            0x7ff887d4c594
                                                            0x7ff887d4c599
                                                            0x7ff887d4c59e
                                                            0x7ff887d4c5a8
                                                            0x7ff887d4c5b2
                                                            0x7ff887d4c5bc
                                                            0x7ff887d4c5c6
                                                            0x7ff887d4c5d0
                                                            0x7ff887d4c5dc
                                                            0x7ff887d4c5ee
                                                            0x7ff887d4c5fc
                                                            0x7ff887d4c601
                                                            0x7ff887d4c60d
                                                            0x7ff887d4c624
                                                            0x7ff887d4c639
                                                            0x7ff887d4c63b
                                                            0x7ff887d4c641
                                                            0x7ff887d4c662

                                                            APIs
                                                              • Part of subcall function 00007FF887D5D640: __tlregdtor.LIBCMT ref: 00007FF887D5D690
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4C568
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4C63B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                            • String ID: RunDllCallback {:#x}, {:#x}, {:#x} -> '{}', {}$c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$rundll
                                                            • API String ID: 333172304-2456309662
                                                            • Opcode ID: a6f49f52a633823130ec69534744436b55779717cb7c8cb33321a036e829d2c8
                                                            • Instruction ID: e4e3f961effd1a8c4ba95f1f47ea2c0d63746eeade4330d9930cb960af991c21
                                                            • Opcode Fuzzy Hash: a6f49f52a633823130ec69534744436b55779717cb7c8cb33321a036e829d2c8
                                                            • Instruction Fuzzy Hash: 27515D72A99B8585EB60CB54E4443AE7361FB857D0F404336EA9E06BE9DF7CD484C740
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D49780 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 93COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 53%
                                                            			E00007FF87FF887D49780(long long __rcx, void* __rbp, void* __r14) {
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				long long _v64;
				long long _v72;
				char _v82;
				short _v84;
				char _v88;
				char _v104;
				long long _v120;
				void* __rbx;
				char _t34;
				signed long long _t63;
				signed long long _t64;
				long long _t76;
				char _t85;
				long long _t93;
				intOrPtr _t98;
				intOrPtr _t101;
				void* _t104;
				signed long long _t106;
				void* _t107;
				intOrPtr _t108;

				_t63 =  *0x87d8ec78; // 0x522936145607
				_t64 = _t63 ^ _t106;
				_v24 = _t64;
				_t76 = __rcx;
				_v88 = 0;
				_v64 = 0xf;
				_v72 = 6;
				_t34 = "system"; // 0x74737973
				_v88 = _t34;
				_v84 =  *0x87d7ba84 & 0x0000ffff;
				_v82 = 0;
				_v56 = 0;
				asm("movdqa xmm0, [0x32bbb]");
				asm("movdqu [esp+0x70], xmm0");
				_v56 = 0;
				E00007FF87FF887D5D640(__rcx, __rcx, _t107);
				if ( &_v56 == _t64) goto 0x87d4981a;
				_t108 =  *((intOrPtr*)(_t64 + 0x10));
				if ( *((long long*)(_t64 + 0x18)) - 0x10 < 0) goto 0x87d4980d;
				E00007FF87FF887D49100(_t76,  &_v56,  *_t64, _t108, __r14);
				E00007FF87FF887D606F0( *((long long*)(_t64 + 0x18)) - 0x10,  *_t64,  &_v88, _t108);
				_t93 = _v64;
				if (_t93 - 0x10 < 0) goto 0x87d49865;
				if (_t93 + 1 - 0x1000 < 0) goto 0x87d49860;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d49860;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v72 = 0;
				_v64 = 0xf;
				_v88 = 0;
				_v104 = _t76;
				_v120 =  &_v104;
				r8d = 0x42;
				_t50 = _t108 - 0x41;
				E00007FF87FF887D45DB0(_t108 - 0x41, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_closeport {:#x}");
				E00007FF87FF887D4E5B0(E00007FF87FF887D4E0D0( *((intOrPtr*)(_v88 - 8)), "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp"), _t76,  &_v104, _t76, _t104);
				E00007FF87FF887D606F0(_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f,  &_v104,  &_v56, _t108);
				_t98 = _v32;
				if (_t98 - 0x10 < 0) goto 0x87d49904;
				_t85 = _v56;
				if (_t98 + 1 - 0x1000 < 0) goto 0x87d498fe;
				_t72 = _t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8;
				_t58 = _t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8 - 0x1f;
				if (_t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d498fe;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				E00007FF87FF887D606F0(_t58, _t72,  &_v56, _t108);
				_t101 = _v32;
				if (_t101 - 0x10 < 0) goto 0x87d49956;
				if (_t101 + 1 - 0x1000 < 0) goto 0x87d49950;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d49950;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				return E00007FF87FF887D65E20(0, _t50, _v24 ^ _t106);
			}


























                                                            0x7ff887d49789
                                                            0x7ff887d49790
                                                            0x7ff887d49793
                                                            0x7ff887d4979b
                                                            0x7ff887d4979e
                                                            0x7ff887d497a7
                                                            0x7ff887d497b0
                                                            0x7ff887d497b9
                                                            0x7ff887d497bf
                                                            0x7ff887d497ca
                                                            0x7ff887d497cf
                                                            0x7ff887d497d4
                                                            0x7ff887d497dd
                                                            0x7ff887d497e5
                                                            0x7ff887d497eb
                                                            0x7ff887d497f0
                                                            0x7ff887d497fd
                                                            0x7ff887d497ff
                                                            0x7ff887d49808
                                                            0x7ff887d49815
                                                            0x7ff887d4981f
                                                            0x7ff887d49825
                                                            0x7ff887d4982e
                                                            0x7ff887d49842
                                                            0x7ff887d49857
                                                            0x7ff887d49859
                                                            0x7ff887d4985f
                                                            0x7ff887d49860
                                                            0x7ff887d49865
                                                            0x7ff887d4986e
                                                            0x7ff887d49877
                                                            0x7ff887d4987c
                                                            0x7ff887d49886
                                                            0x7ff887d49892
                                                            0x7ff887d4989f
                                                            0x7ff887d498a3
                                                            0x7ff887d498b3
                                                            0x7ff887d498be
                                                            0x7ff887d498c3
                                                            0x7ff887d498cc
                                                            0x7ff887d498d1
                                                            0x7ff887d498e0
                                                            0x7ff887d498ed
                                                            0x7ff887d498f1
                                                            0x7ff887d498f5
                                                            0x7ff887d498f7
                                                            0x7ff887d498fd
                                                            0x7ff887d498fe
                                                            0x7ff887d49910
                                                            0x7ff887d49915
                                                            0x7ff887d4991e
                                                            0x7ff887d49932
                                                            0x7ff887d49947
                                                            0x7ff887d49949
                                                            0x7ff887d4994f
                                                            0x7ff887d49950
                                                            0x7ff887d49970

                                                            APIs
                                                              • Part of subcall function 00007FF887D5D640: __tlregdtor.LIBCMT ref: 00007FF887D5D690
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D49859
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D498F7
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                            • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_closeport {:#x}$system
                                                            • API String ID: 333172304-1932419764
                                                            • Opcode ID: e5d8c8661186eecb9c26fef6bfbf78ce596301ad3e3beeb2c16e34fd045bf4b6
                                                            • Instruction ID: 210cde2756ff2014700954fd219bfa6aa4931755600b0f0bdd19c32ddb4ee313
                                                            • Opcode Fuzzy Hash: e5d8c8661186eecb9c26fef6bfbf78ce596301ad3e3beeb2c16e34fd045bf4b6
                                                            • Instruction Fuzzy Hash: 6F415E62A9C78682EA10DB69E44436E6371FB957D4F400335E69E46BDEDF7CE484C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D4A000 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 93COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 51%
                                                            			E00007FF87FF887D4A000(long long __rcx, void* __rbp, void* __r14) {
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				long long _v64;
				long long _v72;
				char _v82;
				short _v84;
				char _v88;
				char _v104;
				long long _v120;
				void* __rbx;
				char _t33;
				void* _t50;
				signed long long _t63;
				signed long long _t64;
				long long _t76;
				char _t85;
				long long _t93;
				intOrPtr _t98;
				intOrPtr _t101;
				void* _t104;
				void* _t105;
				void* _t106;
				signed long long _t107;
				void* _t108;

				_t106 = __rbp;
				_t63 =  *0x87d8ec78; // 0x522936145607
				_t64 = _t63 ^ _t107;
				_v24 = _t64;
				_t76 = __rcx;
				_v88 = 0;
				_v64 = 0xf;
				_v72 = 6;
				_t33 = "system"; // 0x74737973
				_v88 = _t33;
				_v84 =  *0x87d7ba84 & 0x0000ffff;
				_v82 = 0;
				_v56 = 0;
				asm("movdqa xmm0, [0x3233b]");
				asm("movdqu [esp+0x70], xmm0");
				_v56 = 0;
				E00007FF87FF887D5D640(__rcx, __rcx, _t108);
				if ( &_v56 == _t64) goto 0x87d4a09a;
				_t109 =  *((intOrPtr*)(_t64 + 0x10));
				if ( *((long long*)(_t64 + 0x18)) - 0x10 < 0) goto 0x87d4a08d;
				E00007FF87FF887D49100(_t76,  &_v56,  *_t64,  *((intOrPtr*)(_t64 + 0x10)), __r14);
				E00007FF87FF887D606F0( *((long long*)(_t64 + 0x18)) - 0x10,  *_t64,  &_v88,  *((intOrPtr*)(_t64 + 0x10)));
				_t93 = _v64;
				if (_t93 - 0x10 < 0) goto 0x87d4a0e5;
				if (_t93 + 1 - 0x1000 < 0) goto 0x87d4a0e0;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4a0e0;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				_v72 = 0;
				_v64 = 0xf;
				_v88 = 0;
				_v104 = _t76;
				_v120 =  &_v104;
				r8d = 0xc8;
				E00007FF87FF887D45DB0(0, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_enddocport {:#x}");
				E00007FF87FF887D4E730(E00007FF87FF887D4E0D0( *((intOrPtr*)(_v88 - 8)), "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp"), _t50, _t76,  &_v104, _t76, _t104, _t105, _t106,  *((intOrPtr*)(_t64 + 0x10)));
				E00007FF87FF887D606F0(_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f,  &_v104,  &_v56,  *((intOrPtr*)(_t64 + 0x10)));
				_t98 = _v32;
				if (_t98 - 0x10 < 0) goto 0x87d4a182;
				_t85 = _v56;
				if (_t98 + 1 - 0x1000 < 0) goto 0x87d4a17c;
				_t72 = _t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8;
				_t58 = _t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8 - 0x1f;
				if (_t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4a17c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				E00007FF87FF887D606F0(_t58, _t72,  &_v56, _t109);
				_t101 = _v32;
				if (_t101 - 0x10 < 0) goto 0x87d4a1d4;
				if (_t101 + 1 - 0x1000 < 0) goto 0x87d4a1ce;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4a1ce;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				return E00007FF87FF887D65E20(0, 0, _v24 ^ _t107);
			}




























                                                            0x7ff887d4a000
                                                            0x7ff887d4a009
                                                            0x7ff887d4a010
                                                            0x7ff887d4a013
                                                            0x7ff887d4a01b
                                                            0x7ff887d4a01e
                                                            0x7ff887d4a027
                                                            0x7ff887d4a030
                                                            0x7ff887d4a039
                                                            0x7ff887d4a03f
                                                            0x7ff887d4a04a
                                                            0x7ff887d4a04f
                                                            0x7ff887d4a054
                                                            0x7ff887d4a05d
                                                            0x7ff887d4a065
                                                            0x7ff887d4a06b
                                                            0x7ff887d4a070
                                                            0x7ff887d4a07d
                                                            0x7ff887d4a07f
                                                            0x7ff887d4a088
                                                            0x7ff887d4a095
                                                            0x7ff887d4a09f
                                                            0x7ff887d4a0a5
                                                            0x7ff887d4a0ae
                                                            0x7ff887d4a0c2
                                                            0x7ff887d4a0d7
                                                            0x7ff887d4a0d9
                                                            0x7ff887d4a0df
                                                            0x7ff887d4a0e0
                                                            0x7ff887d4a0e5
                                                            0x7ff887d4a0ee
                                                            0x7ff887d4a0f7
                                                            0x7ff887d4a0fc
                                                            0x7ff887d4a106
                                                            0x7ff887d4a112
                                                            0x7ff887d4a121
                                                            0x7ff887d4a131
                                                            0x7ff887d4a13c
                                                            0x7ff887d4a141
                                                            0x7ff887d4a14a
                                                            0x7ff887d4a14f
                                                            0x7ff887d4a15e
                                                            0x7ff887d4a16b
                                                            0x7ff887d4a16f
                                                            0x7ff887d4a173
                                                            0x7ff887d4a175
                                                            0x7ff887d4a17b
                                                            0x7ff887d4a17c
                                                            0x7ff887d4a18e
                                                            0x7ff887d4a193
                                                            0x7ff887d4a19c
                                                            0x7ff887d4a1b0
                                                            0x7ff887d4a1c5
                                                            0x7ff887d4a1c7
                                                            0x7ff887d4a1cd
                                                            0x7ff887d4a1ce
                                                            0x7ff887d4a1ee

                                                            APIs
                                                              • Part of subcall function 00007FF887D5D640: __tlregdtor.LIBCMT ref: 00007FF887D5D690
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4A0D9
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4A175
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                            • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_enddocport {:#x}$system
                                                            • API String ID: 333172304-3202253893
                                                            • Opcode ID: f67c89eb7bd3bec54ba0237cedce4b43c66fcbe91a0e68528c45ec1747136fc5
                                                            • Instruction ID: b4bdcb364f92154adb0ac5ce290d090b39e1057a47bf952a1bb0ebbdda8f2a28
                                                            • Opcode Fuzzy Hash: f67c89eb7bd3bec54ba0237cedce4b43c66fcbe91a0e68528c45ec1747136fc5
                                                            • Instruction Fuzzy Hash: 1341AE62A98B8582FA50DB64E44836E6371FB857D0F400335EAAE06BDDDF7CE084C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D568F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FF887D5695B
                                                              • Part of subcall function 00007FF887D582A0: ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D582B2
                                                              • Part of subcall function 00007FF887D582A0: ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D582CC
                                                              • Part of subcall function 00007FF887D582A0: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D582F6
                                                              • Part of subcall function 00007FF887D582A0: ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D58320
                                                              • Part of subcall function 00007FF887D582A0: std::_Facet_Register.LIBCPMT ref: 00007FF887D58339
                                                              • Part of subcall function 00007FF887D582A0: ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D58358
                                                            • ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@DD@Z.MSVCP140 ref: 00007FF887D569CB
                                                            • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF887D56A00
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: U?$char_traits@$V?$ostreambuf_iterator@$D@std@@@std@@@std@@Lockit@std@@$??0_??1_?flush@?$basic_ostream@?getloc@ios_base@std@@?put@?$time_put@Bid@locale@std@@D@std@@@2@D@std@@@std@@Facet_Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@RegisterUtm@@V12@V32@V42@@Vfacet@locale@2@Vios_base@2@Vlocale@2@std::_
                                                            • String ID: $B
                                                            • API String ID: 2374335714-2922798824
                                                            • Opcode ID: 4c90dcd5b17b733bbf7a0741c09f34c9d962b6272dfb0017e2fd1e9677194e17
                                                            • Instruction ID: 3af8f637b112e1b805c27d5646d17a33ea8dda89a1ed7576c2366569c82e4063
                                                            • Opcode Fuzzy Hash: 4c90dcd5b17b733bbf7a0741c09f34c9d962b6272dfb0017e2fd1e9677194e17
                                                            • Instruction Fuzzy Hash: 96312462609BC182EB10CB65E4903ADB770FBD5B88F545226DB8E4775ADF7CD085C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D567C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FF887D5682B
                                                              • Part of subcall function 00007FF887D582A0: ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D582B2
                                                              • Part of subcall function 00007FF887D582A0: ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D582CC
                                                              • Part of subcall function 00007FF887D582A0: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D582F6
                                                              • Part of subcall function 00007FF887D582A0: ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D58320
                                                              • Part of subcall function 00007FF887D582A0: std::_Facet_Register.LIBCPMT ref: 00007FF887D58339
                                                              • Part of subcall function 00007FF887D582A0: ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D58358
                                                            • ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@DD@Z.MSVCP140 ref: 00007FF887D5689B
                                                            • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF887D568D0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: U?$char_traits@$V?$ostreambuf_iterator@$D@std@@@std@@@std@@Lockit@std@@$??0_??1_?flush@?$basic_ostream@?getloc@ios_base@std@@?put@?$time_put@Bid@locale@std@@D@std@@@2@D@std@@@std@@Facet_Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@RegisterUtm@@V12@V32@V42@@Vfacet@locale@2@Vios_base@2@Vlocale@2@std::_
                                                            • String ID: $A
                                                            • API String ID: 2374335714-926879570
                                                            • Opcode ID: 23fbfba1f362895d4738c1b54d018f1fa61c5d990b0208e7b8aa9063b041dc4d
                                                            • Instruction ID: 1da75e0f9efa964996c86cd6b30928146ed547cc2f2500d7cec509389b4ec9e8
                                                            • Opcode Fuzzy Hash: 23fbfba1f362895d4738c1b54d018f1fa61c5d990b0208e7b8aa9063b041dc4d
                                                            • Instruction Fuzzy Hash: 7C311262A09BC182EB10CB65E4943ADB770FBD5B88F545226DB8E4775ADF7CD088C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D56B50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FF887D56BBB
                                                              • Part of subcall function 00007FF887D582A0: ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D582B2
                                                              • Part of subcall function 00007FF887D582A0: ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D582CC
                                                              • Part of subcall function 00007FF887D582A0: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D582F6
                                                              • Part of subcall function 00007FF887D582A0: ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D58320
                                                              • Part of subcall function 00007FF887D582A0: std::_Facet_Register.LIBCPMT ref: 00007FF887D58339
                                                              • Part of subcall function 00007FF887D582A0: ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D58358
                                                            • ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@DD@Z.MSVCP140 ref: 00007FF887D56C2B
                                                            • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF887D56C60
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: U?$char_traits@$V?$ostreambuf_iterator@$D@std@@@std@@@std@@Lockit@std@@$??0_??1_?flush@?$basic_ostream@?getloc@ios_base@std@@?put@?$time_put@Bid@locale@std@@D@std@@@2@D@std@@@std@@Facet_Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@RegisterUtm@@V12@V32@V42@@Vfacet@locale@2@Vios_base@2@Vlocale@2@std::_
                                                            • String ID: $b
                                                            • API String ID: 2374335714-2505604640
                                                            • Opcode ID: c6cd45424e9051ab469fa1244db57bbf8476600e3f5e0e57702211fa5840139c
                                                            • Instruction ID: 76eb803a899f37442d2cc260b821f9857b01d260fc127927a56fa8739de2346d
                                                            • Opcode Fuzzy Hash: c6cd45424e9051ab469fa1244db57bbf8476600e3f5e0e57702211fa5840139c
                                                            • Instruction Fuzzy Hash: 5C312562609BC182EB10CB65E4943ADB770FBD5B88F545226DB8E4775ADF7CD085C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D56A20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FF887D56A8B
                                                              • Part of subcall function 00007FF887D582A0: ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D582B2
                                                              • Part of subcall function 00007FF887D582A0: ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D582CC
                                                              • Part of subcall function 00007FF887D582A0: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D582F6
                                                              • Part of subcall function 00007FF887D582A0: ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D58320
                                                              • Part of subcall function 00007FF887D582A0: std::_Facet_Register.LIBCPMT ref: 00007FF887D58339
                                                              • Part of subcall function 00007FF887D582A0: ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,00007FF887D6AECA), ref: 00007FF887D58358
                                                            • ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@DD@Z.MSVCP140 ref: 00007FF887D56AFB
                                                            • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF887D56B30
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: U?$char_traits@$V?$ostreambuf_iterator@$D@std@@@std@@@std@@Lockit@std@@$??0_??1_?flush@?$basic_ostream@?getloc@ios_base@std@@?put@?$time_put@Bid@locale@std@@D@std@@@2@D@std@@@std@@Facet_Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@RegisterUtm@@V12@V32@V42@@Vfacet@locale@2@Vios_base@2@Vlocale@2@std::_
                                                            • String ID: $a
                                                            • API String ID: 2374335714-206647194
                                                            • Opcode ID: 40208c702b3025eb7d6e4bcea59c6ce640fd8d329c515ba2f42296a91b8afa97
                                                            • Instruction ID: 741ff79b1f6b764aa7ab3bbf3516772e24eb7a3e26515245e3b8afd7ad350aba
                                                            • Opcode Fuzzy Hash: 40208c702b3025eb7d6e4bcea59c6ce640fd8d329c515ba2f42296a91b8afa97
                                                            • Instruction Fuzzy Hash: DC312262609BC186EB10CB65E4903AEB770FBD9B88F545226DB8E47B5ADF7CD184C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D4E5B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 16%
                                                            			E00007FF87FF887D4E5B0(void* __eax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long _a8, long long _a24) {
				void* _v8;
				signed int _v16;
				long long _v80;
				void* _t15;
				signed long long _t21;
				intOrPtr* _t23;
				void* _t28;
				intOrPtr* _t35;
				void* _t40;

				_t28 = __rcx;
				_a8 = __rbx;
				_a24 = __rsi;
				_t41 = _t40 - 0x70;
				_t21 =  *0x87d8ec78; // 0x522936145607
				_v16 = _t21 ^ _t40 - 0x00000070;
				_t4 = _t28 + 0x70; // 0x70
				_v80 = _t4;
				0x87d65430();
				if (__eax != 0) goto 0x87d4e636;
				_t35 =  *((intOrPtr*)(__rcx + 0x60));
				_t23 =  *_t35;
				if (_t23 == _t35) goto 0x87d4e63e;
				if ( *((intOrPtr*)(_t23 + 0x10)) == __rdx) goto 0x87d4e608;
				if ( *_t23 == _t35) goto 0x87d4e63e;
				goto 0x87d4e5f5;
				 *((char*)(__rdx + 0xa0)) = 0;
				0x87d65436();
				return E00007FF87FF887D65E20(__eax, _t15, _v16 ^ _t41);
			}












                                                            0x7ff887d4e5b0
                                                            0x7ff887d4e5b0
                                                            0x7ff887d4e5b5
                                                            0x7ff887d4e5bb
                                                            0x7ff887d4e5bf
                                                            0x7ff887d4e5c9
                                                            0x7ff887d4e5d4
                                                            0x7ff887d4e5d8
                                                            0x7ff887d4e5e0
                                                            0x7ff887d4e5e7
                                                            0x7ff887d4e5e9
                                                            0x7ff887d4e5ed
                                                            0x7ff887d4e5f3
                                                            0x7ff887d4e5f9
                                                            0x7ff887d4e604
                                                            0x7ff887d4e606
                                                            0x7ff887d4e608
                                                            0x7ff887d4e612
                                                            0x7ff887d4e635

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: C_error@std@@ExceptionMtx_lockMtx_unlockThrowThrow_
                                                            • String ID: port object {:#x} is not present in the list
                                                            • API String ID: 2666407778-719059081
                                                            • Opcode ID: 7a01bff67824c97406ef6f3f9ff31e7dfe46c6d7f30b8d93a14c55eb0ff5df53
                                                            • Instruction ID: 4d851b4300466fc9c1834f56d146151b440810eb16de398ecc8b6fdf91dad955
                                                            • Opcode Fuzzy Hash: 7a01bff67824c97406ef6f3f9ff31e7dfe46c6d7f30b8d93a14c55eb0ff5df53
                                                            • Instruction Fuzzy Hash: D0116032B98B4691EA54DB25E5500AE63B0FF84BC0F944631EA9F47B6DDE3CE581C740
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D59720 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 24%
                                                            			E00007FF87FF887D59720(signed long long __rcx) {
				signed int _v24;
				long long _v32;
				long long _v40;
				signed long long _v56;
				char _v64;
				signed long long _v72;
				void* _t17;
				intOrPtr _t19;
				void* _t21;
				signed long long _t28;
				signed long long _t29;
				long long* _t37;
				signed long long _t39;
				intOrPtr _t46;
				signed long long _t49;

				_t28 =  *0x87d8ec78; // 0x522936145607
				_t29 = _t28 ^ _t49;
				_v24 = _t29;
				_t37 = __rcx;
				_v72 = __rcx;
				E00007FF87FF887D656A8(_t17, _t29, __rcx);
				asm("movups xmm0, [0x23932]");
				_t39 = _t29;
				_v40 = 0x26;
				_v32 = 0x2f;
				asm("movups [eax], xmm0");
				_v72 = _t39;
				asm("movups xmm1, [0x2391a]");
				_v64 = 1;
				asm("xorps xmm0, xmm0");
				asm("movups [eax+0x10], xmm1");
				_t19 = M00007FF87FF887D7D0A0; // 0x39392e2e
				 *((intOrPtr*)(_t39 + 0x20)) = _t19;
				 *((short*)(_t39 + 0x24)) =  *0x87d7d0a4 & 0x0000ffff;
				 *((char*)(_t39 + 0x26)) = 0;
				_v56 = _t39;
				 *_t37 = 0x87d7b9e8;
				asm("movups [edx], xmm0");
				0x87d770e3();
				_t46 = _v32;
				 *_t37 = 0x87d7cfa0;
				if (_t46 - 0x10 < 0) goto 0x87d59800;
				if (_t46 + 1 - 0x1000 < 0) goto 0x87d597fb;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d597fb;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t21 = E00007FF87FF887D656E4();
				 *_t37 = 0x87d7d070;
				return E00007FF87FF887D65E20(_t21, 0x30, _v24 ^ _t49);
			}


















                                                            0x7ff887d59726
                                                            0x7ff887d5972d
                                                            0x7ff887d59730
                                                            0x7ff887d59735
                                                            0x7ff887d59738
                                                            0x7ff887d59742
                                                            0x7ff887d59747
                                                            0x7ff887d5974e
                                                            0x7ff887d59751
                                                            0x7ff887d5975a
                                                            0x7ff887d59767
                                                            0x7ff887d5976a
                                                            0x7ff887d5976f
                                                            0x7ff887d59776
                                                            0x7ff887d5977b
                                                            0x7ff887d5977e
                                                            0x7ff887d59782
                                                            0x7ff887d59788
                                                            0x7ff887d59792
                                                            0x7ff887d5979d
                                                            0x7ff887d597a1
                                                            0x7ff887d597ab
                                                            0x7ff887d597ae
                                                            0x7ff887d597b1
                                                            0x7ff887d597b6
                                                            0x7ff887d597c2
                                                            0x7ff887d597c9
                                                            0x7ff887d597dd
                                                            0x7ff887d597f2
                                                            0x7ff887d597f4
                                                            0x7ff887d597fa
                                                            0x7ff887d597fb
                                                            0x7ff887d59807
                                                            0x7ff887d5981f

                                                            APIs
                                                              • Part of subcall function 00007FF887D656A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887D48F4E), ref: 00007FF887D656C2
                                                            • __std_exception_copy.VCRUNTIME140 ref: 00007FF887D597B1
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D597F4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturnmalloc
                                                            • String ID: &$..9999$/
                                                            • API String ID: 4226527432-2119091122
                                                            • Opcode ID: 81d1829f8e264f58d2a2cc28af89bcd8bfff8cd77fa475b3c54e2f2bdf5b4a77
                                                            • Instruction ID: f1247ee3db07f03f7939b89b3bbf4b13db29a61e8d5ce76eb4a7cac2772f279e
                                                            • Opcode Fuzzy Hash: 81d1829f8e264f58d2a2cc28af89bcd8bfff8cd77fa475b3c54e2f2bdf5b4a77
                                                            • Instruction Fuzzy Hash: E3215E62959B8586EB11CB24E84436D73B0FB987D8F405335EA9E163A9EF7CE191C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D60F50 Relevance: 7.6, APIs: 5, Instructions: 150windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 19%
                                                            			E00007FF87FF887D60F50(int __edx, long long __rbx, long long __rcx, long long _a24) {
				signed int _v56;
				long long _v64;
				long long _v72;
				char _v88;
				long long _v96;
				void* _v104;
				long long _v112;
				long long _v120;
				intOrPtr _v128;
				long long _v136;
				void* __rbp;
				void* __r14;
				int _t51;
				int _t54;
				void* _t56;
				int _t71;
				signed long long _t89;
				int _t113;
				void* _t119;
				long long _t121;
				void* _t125;
				long long _t127;
				void* _t129;
				intOrPtr _t133;
				void* _t134;
				char _t136;
				void* _t137;
				long long _t139;

				_a24 = __rbx;
				_t89 =  *0x87d8ec78; // 0x522936145607
				_v56 = _t89 ^ _t129 - 0x00000080;
				_t71 = __edx;
				_t127 = __rcx;
				_v104 = __rcx;
				r15d = 0;
				_v104 = _t139;
				_v120 = _t139;
				_v128 = r15d;
				_v136 =  &_v104;
				r9d = 0x400;
				r8d = __edx;
				if (FormatMessageW(??, ??, ??, ??, ??, ??, ??) != 0) goto 0x87d60fc0;
				E00007FF87FF887D61450(__edx, FormatMessageW(??, ??, ??, ??, ??, ??, ??), __rcx, _t119, _t129, _t134, _t137);
				goto 0x87d61159;
				_v96 = _v104;
				_v112 = _t139;
				_v120 = _t139;
				_v128 = r15d;
				_v136 = _t139;
				r9d = 0xffffffff;
				_t51 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				_t138 = _t51;
				if (_t51 != 0) goto 0x87d61005;
				E00007FF87FF887D61450(__edx, _t51, __rcx, _t119, _t129, _t134, _t51);
				goto 0x87d61150;
				_v88 = _t139;
				_v72 = _t139;
				_v64 = 0xf;
				_v88 = 0;
				r8d = 0;
				E00007FF87FF887D5C1D0(_v104,  &_v88, _t51, _t51);
				_t93 =  >=  ? _v88 :  &_v88;
				_v112 = _t139;
				_v120 = _t139;
				_v128 = r14d;
				_v136 =  >=  ? _v88 :  &_v88;
				r9d = 0xffffffff;
				_t133 = _v104;
				_t54 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				r8d = _t54;
				if (_t54 != 0) goto 0x87d610b8;
				E00007FF87FF887D61450(_t71, _t54, _t127, _t51, _t129, _t134, _t138);
				_t121 = _v64;
				if (_t121 - 0x10 < 0) goto 0x87d61140;
				if (_t121 + 1 - 0x1000 < 0) goto 0x87d610ae;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d610ae;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t56 = E00007FF87FF887D656E4();
				goto 0x87d61140;
				r8d = r8d - 1;
				_t113 = r8d;
				_t136 = _v88;
				if (r8d <= 0) goto 0x87d61122;
				_t98 =  >=  ? _t136 :  &_v88;
				if ( *((char*)(_t113 + ( >=  ? _t136 :  &_v88) - 1)) == 0xa) goto 0x87d610f6;
				_t100 =  >=  ? _t136 :  &_v88;
				if ( *((char*)(_t113 + ( >=  ? _t136 :  &_v88) - 1)) != 0xd) goto 0x87d61101;
				r8d = r8d - 1;
				if (_t113 - 1 > 0) goto 0x87d610d0;
				if (r8d <= 0) goto 0x87d61122;
				_t125 =  >=  ? _t136 :  &_v88;
				_t40 = _t133 - 1; // -3
				r8d =  ==  ? _t40 : r8d;
				r8d = 0;
				E00007FF87FF887D60430(_t56,  &_v88, r8d);
				asm("movups xmm0, [ebp-0x30]");
				asm("movups [edi], xmm0");
				asm("movups xmm1, [ebp-0x20]");
				asm("movups [edi+0x10], xmm1");
				_v88 = 0;
				_v64 = 0xf;
				_v72 = _t139;
				return E00007FF87FF887D65E20(LocalFree(??), _t40, _v56 ^ _t129 - 0x00000080);
			}































                                                            0x7ff887d60f50
                                                            0x7ff887d60f66
                                                            0x7ff887d60f70
                                                            0x7ff887d60f74
                                                            0x7ff887d60f76
                                                            0x7ff887d60f79
                                                            0x7ff887d60f7d
                                                            0x7ff887d60f80
                                                            0x7ff887d60f84
                                                            0x7ff887d60f89
                                                            0x7ff887d60f92
                                                            0x7ff887d60f97
                                                            0x7ff887d60f9d
                                                            0x7ff887d60faf
                                                            0x7ff887d60fb6
                                                            0x7ff887d60fbb
                                                            0x7ff887d60fc4
                                                            0x7ff887d60fc8
                                                            0x7ff887d60fcd
                                                            0x7ff887d60fd2
                                                            0x7ff887d60fd7
                                                            0x7ff887d60fdc
                                                            0x7ff887d60fe9
                                                            0x7ff887d60fef
                                                            0x7ff887d60ff4
                                                            0x7ff887d60ffb
                                                            0x7ff887d61000
                                                            0x7ff887d61005
                                                            0x7ff887d61009
                                                            0x7ff887d6100d
                                                            0x7ff887d61015
                                                            0x7ff887d6101c
                                                            0x7ff887d61023
                                                            0x7ff887d61032
                                                            0x7ff887d61037
                                                            0x7ff887d6103c
                                                            0x7ff887d61041
                                                            0x7ff887d61046
                                                            0x7ff887d6104b
                                                            0x7ff887d61051
                                                            0x7ff887d61059
                                                            0x7ff887d6105f
                                                            0x7ff887d61064
                                                            0x7ff887d6106b
                                                            0x7ff887d61071
                                                            0x7ff887d61079
                                                            0x7ff887d61090
                                                            0x7ff887d610a5
                                                            0x7ff887d610a7
                                                            0x7ff887d610ad
                                                            0x7ff887d610ae
                                                            0x7ff887d610b3
                                                            0x7ff887d610b8
                                                            0x7ff887d610bb
                                                            0x7ff887d610c2
                                                            0x7ff887d610c9
                                                            0x7ff887d610d8
                                                            0x7ff887d610e1
                                                            0x7ff887d610eb
                                                            0x7ff887d610f4
                                                            0x7ff887d610f6
                                                            0x7ff887d610ff
                                                            0x7ff887d61104
                                                            0x7ff887d6110e
                                                            0x7ff887d61112
                                                            0x7ff887d6111e
                                                            0x7ff887d61125
                                                            0x7ff887d6112c
                                                            0x7ff887d61131
                                                            0x7ff887d61135
                                                            0x7ff887d61138
                                                            0x7ff887d6113c
                                                            0x7ff887d61140
                                                            0x7ff887d61144
                                                            0x7ff887d6114c
                                                            0x7ff887d6117e

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ByteCharFormatFreeLocalMessageMultiWide
                                                            • String ID:
                                                            • API String ID: 2906450291-0
                                                            • Opcode ID: af953d9cff2a8f05137041803a2c7d5d08e1c9e19b80ec48ea067704dbc0be7f
                                                            • Instruction ID: 57562cb936d2ac8b04a58ad420b9a5dc994983fb8e574337204f2cbf2aed1a3d
                                                            • Opcode Fuzzy Hash: af953d9cff2a8f05137041803a2c7d5d08e1c9e19b80ec48ea067704dbc0be7f
                                                            • Instruction Fuzzy Hash: 7451B022B68B6189FB20CBA5A8407AD26B1BB44BD8F505635EE4E13A9DDF3DE041C740
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D53FF0 Relevance: 7.6, APIs: 5, Instructions: 140COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FF887D53B6C), ref: 00007FF887D5404F
                                                            • memset.VCRUNTIME140(?,?,?,?,00000000,?,?,?,00000000,00007FF887D53B6C), ref: 00007FF887D540AC
                                                            • MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FF887D53B6C), ref: 00007FF887D540EA
                                                            • MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FF887D53B6C), ref: 00007FF887D54117
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000,?,?,?,00000000,00007FF887D53B6C), ref: 00007FF887D54178
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide$_invalid_parameter_noinfo_noreturnmemset
                                                            • String ID:
                                                            • API String ID: 2536929686-0
                                                            • Opcode ID: afe144113961a97d98ef3f5f0637efb7c2706ae311b8a217db6a83da57d6f214
                                                            • Instruction ID: 6a53820d516345b8791836ada4a25ad8d48af0c25170a6793367820626e4dcc5
                                                            • Opcode Fuzzy Hash: afe144113961a97d98ef3f5f0637efb7c2706ae311b8a217db6a83da57d6f214
                                                            • Instruction Fuzzy Hash: 5041B322A5978282E620DF12A804A2EB6E4BF54BE4F254735DEAE17BD9DF3CD441C301
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D57ED0 Relevance: 7.6, APIs: 5, Instructions: 127COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FF887D59000: __std_exception_copy.VCRUNTIME140(?,?,?,00007FF887D57EE1), ref: 00007FF887D5902F
                                                            • _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF887D5E5AE), ref: 00007FF887D57EED
                                                            • _CxxThrowException.VCRUNTIME140 ref: 00007FF887D57F20
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ExceptionThrow$__std_exception_copy
                                                            • String ID:
                                                            • API String ID: 174860668-0
                                                            • Opcode ID: c1cb6d9bcfe73680954b05bd2f00705a56892c5753c6a787038471f4f98fb298
                                                            • Instruction ID: 48e4d5acb76706e99e7a082b8d98a5c0a40da8a9ec327a0554e6d6b7c17c7c42
                                                            • Opcode Fuzzy Hash: c1cb6d9bcfe73680954b05bd2f00705a56892c5753c6a787038471f4f98fb298
                                                            • Instruction Fuzzy Hash: 31416A22649AC282EA14DB25D5903BEA770FB85FC5F588632DE4E57B69CF3CD446C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D48330 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 119COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memmove
                                                            • String ID: false
                                                            • API String ID: 2162964266-734881840
                                                            • Opcode ID: bc025fc7f03d0eb2bbeeb250945b171c69d13fae9fd529cdf8a4856c7184f660
                                                            • Instruction ID: 987688de30c8946d27725d79687efd16d688fb450e8afad92640bb2039704d46
                                                            • Opcode Fuzzy Hash: bc025fc7f03d0eb2bbeeb250945b171c69d13fae9fd529cdf8a4856c7184f660
                                                            • Instruction Fuzzy Hash: 6D41B062B84A8586DA54DF66D5480ADA372FB4AFD4B08C132CF4E57B4ECE3CE542C340
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D5CBA0 Relevance: 7.6, APIs: 5, Instructions: 117COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D5CBDC
                                                            • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF887D5CC39
                                                            • ??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF887D5CC46
                                                            • ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF887D5CC50
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D5CCBF
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: D@std@@@std@@U?$char_traits@$_invalid_parameter_noinfo_noreturn$??1?$basic_streambuf@?flush@?$basic_ostream@D?$basic_ostream@V12@
                                                            • String ID:
                                                            • API String ID: 2012728387-0
                                                            • Opcode ID: e1402780647fd9f5ba4265f82a7b71ad14e8cddf1fc0af9fd9e8ab2e09c68d73
                                                            • Instruction ID: 7690ff870cccb636b2d9140f5cbe39bca31a719494b721ccc244435d096f9547
                                                            • Opcode Fuzzy Hash: e1402780647fd9f5ba4265f82a7b71ad14e8cddf1fc0af9fd9e8ab2e09c68d73
                                                            • Instruction Fuzzy Hash: 0D41AD62A4A68682EF548F25E44437C2271FB44FD8F589231DA5E0B798CF7CD8D6C340
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D56C80 Relevance: 7.6, APIs: 5, Instructions: 103COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF887D56CE1
                                                            • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF887D56D09
                                                            • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FF887D56D35
                                                            • ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FF887D56DAC
                                                            • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF887D56DB8
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: D@std@@@std@@U?$char_traits@$?flush@?$basic_ostream@V12@$?getloc@ios_base@std@@?uncaught_exception@std@@Osfx@?$basic_ostream@Vlocale@2@
                                                            • String ID:
                                                            • API String ID: 3671896189-0
                                                            • Opcode ID: 4e65773688b1f2c42ebbc07e31e0dda28c504954d5f195be2978443c76955207
                                                            • Instruction ID: 535398162c3082c45244315e1740259b7dc525681a82a7cff36dd2c334591564
                                                            • Opcode Fuzzy Hash: 4e65773688b1f2c42ebbc07e31e0dda28c504954d5f195be2978443c76955207
                                                            • Instruction Fuzzy Hash: 1741162664AA8582EA54CF25D09437D67B0FB86FC9F188636DE4F07B69CF2CE456C300
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D73EBC Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: EventExceptionThrow$CloseCurrentHandleOpenProcess
                                                            • String ID:
                                                            • API String ID: 1106008904-0
                                                            • Opcode ID: b2a194da56109f0ab5883906832dcec0df51a9c864678fda844bfaa8af52e3a9
                                                            • Instruction ID: fed50785da72e690b664e995fc22045fcaf05ce0b8e68d9ee5762010f7d16663
                                                            • Opcode Fuzzy Hash: b2a194da56109f0ab5883906832dcec0df51a9c864678fda844bfaa8af52e3a9
                                                            • Instruction Fuzzy Hash: 7621B062B58A8292EE24DB25E4442BD6370FF49BD4F844631DB5E0B6ADEF3CE154C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D79B80 Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ExceptionThrow$LockShared$AcquireReleasefree
                                                            • String ID:
                                                            • API String ID: 3699279316-0
                                                            • Opcode ID: 31515549c75ed788ea0c1695023ac1dc9ebf407b0dee6fe39a9ddf696b84dbfb
                                                            • Instruction ID: 6d61204f927ac45b88fbc4326457ed32d3fb3f203e34b9b4cc9d8ca9d4dd01b6
                                                            • Opcode Fuzzy Hash: 31515549c75ed788ea0c1695023ac1dc9ebf407b0dee6fe39a9ddf696b84dbfb
                                                            • Instruction Fuzzy Hash: 76117027A4A64189EB98EF3198153BD1371BF957C5F089639EE4F4A68ECF3CE045C200
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D64BC0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00007FF87FF887D64BC0(void* __edx, long long __rbx, long long* __rcx, long long _a8) {
				intOrPtr _t27;

				_a8 = __rbx;
				 *__rcx = 0x87d7e0f8;
				_t27 =  *((intOrPtr*)(__rcx + 8));
				if (_t27 == __rcx + 0x20) goto 0x87d64c14;
				if ( *(__rcx + 0x18) << 2 - 0x1000 < 0) goto 0x87d64c0f;
				if (_t27 -  *((intOrPtr*)(_t27 - 8)) - 8 - 0x1f > 0) goto 0x87d64c35;
				E00007FF87FF887D656E4();
				if ((dil & 0x00000001) == 0) goto 0x87d64c27;
				return E00007FF87FF887D656E4();
			}




                                                            0x7ff887d64bc0
                                                            0x7ff887d64bd4
                                                            0x7ff887d64bd9
                                                            0x7ff887d64be4
                                                            0x7ff887d64bf5
                                                            0x7ff887d64c0a
                                                            0x7ff887d64c0f
                                                            0x7ff887d64c18
                                                            0x7ff887d64c34

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: free$??1facet@locale@std@@_invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 3103965028-0
                                                            • Opcode ID: 0f3a1de6d07cd520c0ec4f5498015560fe15efa5a9c32b99f513729eb7fec998
                                                            • Instruction ID: dccdc81944c2db5253e6a05802973a9c106d98330a84c8b8806d9ff67cad4f26
                                                            • Opcode Fuzzy Hash: 0f3a1de6d07cd520c0ec4f5498015560fe15efa5a9c32b99f513729eb7fec998
                                                            • Instruction Fuzzy Hash: CD218E22B59A4682EB04DB26E49427C2371FB88FC8F584231DA4F07B69DE2CE895C300
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D6AC20 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 195COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 46%
                                                            			E00007FF87FF887D6AC20(void* __eax, void* __edi, long long __rcx, void* __rdx, long long __r8, void* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* _t57;
				void* _t70;
				signed long long _t87;
				void* _t90;
				void* _t98;
				void* _t102;
				void* _t109;
				long long _t111;
				long long _t117;
				void* _t134;
				intOrPtr _t135;
				signed char* _t139;
				long long _t141;
				void* _t143;
				void* _t144;
				signed long long _t145;
				long long _t161;
				void* _t162;
				long long _t167;

				_t143 = _t144 - 0x98;
				_t145 = _t144 - 0x198;
				_t87 =  *0x87d8ec78; // 0x522936145607
				 *(_t143 + 0x80) = _t87 ^ _t145;
				_t167 = __r8;
				_t161 = __rcx;
				 *((long long*)(_t145 + 0x48)) = __rcx;
				 *((long long*)(_t145 + 0x50)) = _t141;
				r13d = 0x100;
				_t90 =  >  ? _t162 : __r9;
				if (__rcx == __rdx) goto 0x87d6ae59;
				if (_t90 == 0) goto 0x87d6ae59;
				_t6 = _t143 - 0x80; // 0x80
				 *((long long*)(_t145 + 0x40)) = _t6;
				_t8 = _t143 - 0x80; // 0x80
				 *((long long*)(_t145 + 0x38)) = _t145 + 0x40;
				 *((long long*)(_t145 + 0x30)) = _t90 + _t8;
				_t12 = _t143 - 0x80; // 0x80
				 *((long long*)(_t145 + 0x28)) = _t12;
				 *((long long*)(_t145 + 0x20)) = _t145 + 0x48;
				__imp__?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z();
				_t70 = __eax;
				if (_t70 == 0) goto 0x87d6acfe;
				if (_t70 != 0) goto 0x87d6ad39;
				_t17 = _t143 - 0x80; // 0x80
				if ( *((intOrPtr*)(_t145 + 0x40)) != _t17) goto 0x87d6ad03;
				if ( *((intOrPtr*)(_t145 + 0x48)) != __rdx) goto 0x87d6ae85;
				goto 0x87d6ae59;
				_t21 = _t143 - 0x80; // 0x80
				_t117 = __r8;
				_t57 = E00007FF87FF887D53030(__r9, __r8, _t141,  *((intOrPtr*)(_t145 + 0x40)) - _t21);
				_t24 = _t143 - 0x80; // 0x80
				_t109 = __r9 -  *((intOrPtr*)(_t145 + 0x40)) + _t24;
				_t98 =  >  ? _t162 : _t109;
				goto 0x87d6ac82;
				if (_t57 != 2) goto 0x87d6ae85;
				_t139 =  *((intOrPtr*)(_t145 + 0x48));
				_t110 =  <  ? __rdx - _t139 >> 1 : _t109;
				_t166 = ( <  ? __rdx - _t139 >> 1 : _t109) + _t110;
				_t111 = ( <  ? __rdx - _t139 >> 1 : _t109) + _t110 + _t139;
				 *((long long*)(_t145 + 0x70)) = _t141;
				 *((long long*)(_t145 + 0x78)) = _t117;
				 *((intOrPtr*)(_t145 + 0x60)) = sil;
				if (_t111 - _t139 >> 1 - 0x10 < 0) goto 0x87d6ad96;
				r8d = 0;
				E00007FF87FF887D6AAD0(_t111, _t145 + 0x60, _t111 - _t139 >> 1, _t141);
				 *((long long*)(_t145 + 0x70)) = _t141;
				 *((long long*)(_t145 + 0x58)) = _t145 + 0x60;
				if (_t139 == _t111) goto 0x87d6adf5;
				r9d =  *_t139 & 0x000000ff;
				if (_t141 -  *((intOrPtr*)(_t145 + 0x78)) >= 0) goto 0x87d6add1;
				_t37 = _t141 + 1; // 0x1
				 *((long long*)(_t145 + 0x70)) = _t37;
				_t102 =  >=  ?  *((void*)(_t145 + 0x60)) : _t145 + 0x60;
				 *((intOrPtr*)(_t102 + _t141)) = r9b;
				 *((char*)(_t102 + _t141 + 1)) = 0;
				goto 0x87d6ade2;
				r8d = 0;
				E00007FF87FF887D529B0(_t111, _t145 + 0x60, _t111 - _t139 >> 1, _t139, _t161);
				if ( &(_t139[2]) != _t111) goto 0x87d6ada5;
				_t134 =  >=  ?  *((void*)(_t145 + 0x60)) : _t145 + 0x60;
				E00007FF87FF887D53030(_t111, _t167,  *((intOrPtr*)(_t145 + 0x70)),  *((intOrPtr*)(_t145 + 0x70)));
				_t135 =  *((intOrPtr*)(_t145 + 0x78));
				if (_t135 - 0x10 < 0) goto 0x87d6ae51;
				if (_t135 + 1 - 0x1000 < 0) goto 0x87d6ae4b;
				if ( *((intOrPtr*)(_t145 + 0x60)) -  *((intOrPtr*)( *((intOrPtr*)(_t145 + 0x60)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d6ae4b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887D65E20(E00007FF87FF887D656E4(), 0xf,  *(_t143 + 0x80) ^ _t145);
			}



























                                                            0x7ff887d6ac2d
                                                            0x7ff887d6ac35
                                                            0x7ff887d6ac3c
                                                            0x7ff887d6ac46
                                                            0x7ff887d6ac50
                                                            0x7ff887d6ac56
                                                            0x7ff887d6ac5c
                                                            0x7ff887d6ac6a
                                                            0x7ff887d6ac72
                                                            0x7ff887d6ac7b
                                                            0x7ff887d6ac82
                                                            0x7ff887d6ac8b
                                                            0x7ff887d6ac91
                                                            0x7ff887d6ac95
                                                            0x7ff887d6ac9a
                                                            0x7ff887d6aca6
                                                            0x7ff887d6acab
                                                            0x7ff887d6acb0
                                                            0x7ff887d6acb4
                                                            0x7ff887d6acbe
                                                            0x7ff887d6acce
                                                            0x7ff887d6acd4
                                                            0x7ff887d6acd6
                                                            0x7ff887d6acdb
                                                            0x7ff887d6acdd
                                                            0x7ff887d6ace9
                                                            0x7ff887d6acf3
                                                            0x7ff887d6acf9
                                                            0x7ff887d6ad03
                                                            0x7ff887d6ad0e
                                                            0x7ff887d6ad11
                                                            0x7ff887d6ad1b
                                                            0x7ff887d6ad1f
                                                            0x7ff887d6ad28
                                                            0x7ff887d6ad34
                                                            0x7ff887d6ad3c
                                                            0x7ff887d6ad42
                                                            0x7ff887d6ad50
                                                            0x7ff887d6ad54
                                                            0x7ff887d6ad58
                                                            0x7ff887d6ad5c
                                                            0x7ff887d6ad66
                                                            0x7ff887d6ad6b
                                                            0x7ff887d6ad7d
                                                            0x7ff887d6ad7f
                                                            0x7ff887d6ad87
                                                            0x7ff887d6ad8c
                                                            0x7ff887d6ad9b
                                                            0x7ff887d6ada3
                                                            0x7ff887d6ada5
                                                            0x7ff887d6adac
                                                            0x7ff887d6adae
                                                            0x7ff887d6adb2
                                                            0x7ff887d6adc0
                                                            0x7ff887d6adc6
                                                            0x7ff887d6adca
                                                            0x7ff887d6adcf
                                                            0x7ff887d6add1
                                                            0x7ff887d6addd
                                                            0x7ff887d6adf3
                                                            0x7ff887d6adfe
                                                            0x7ff887d6ae0a
                                                            0x7ff887d6ae10
                                                            0x7ff887d6ae19
                                                            0x7ff887d6ae2d
                                                            0x7ff887d6ae42
                                                            0x7ff887d6ae44
                                                            0x7ff887d6ae4a
                                                            0x7ff887d6ae84

                                                            APIs
                                                            • ?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z.MSVCP140 ref: 00007FF887D6ACCE
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D6AE44
                                                              • Part of subcall function 00007FF887D6AAD0: memmove.VCRUNTIME140(?,?,00007FF887D6AD8C), ref: 00007FF887D6ABAE
                                                              • Part of subcall function 00007FF887D529B0: memmove.VCRUNTIME140(?,?,?,?,?,?,00000000,00007FF887D64980), ref: 00007FF887D52A8F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memmove$?out@?$codecvt@_Mbstatet@@Mbstatet@@@std@@_invalid_parameter_noinfo_noreturn
                                                            • String ID: Could not convert character encoding$libs\log\src\code_conversion.cpp
                                                            • API String ID: 2223218856-1764552477
                                                            • Opcode ID: b4ca010a03664398e9c2d555ce7183f5ee86bda077ef919516c3c594d6c8e1c8
                                                            • Instruction ID: 951f24fde3b4891f8ef7745dc794a67737bc1dff955779de85da3d34a18a7a13
                                                            • Opcode Fuzzy Hash: b4ca010a03664398e9c2d555ce7183f5ee86bda077ef919516c3c594d6c8e1c8
                                                            • Instruction Fuzzy Hash: 2F719F76B18B8585EA10CB65E4402AEA775FB85BC4F944632EB8E13B9DDF3CE144CB40
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D4BB20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ExceptionThrow__std_exception_copymemmove
                                                            • String ID: string pointer is null
                                                            • API String ID: 1395217600-3607014066
                                                            • Opcode ID: fb3f8f756672564908c9e7ba31fd6963de6eb85cf41dbd966318a02d497566a4
                                                            • Instruction ID: 469d281918275351e437972a1c27e82cd1678e79ac9c873d20b4f0b805ba6d55
                                                            • Opcode Fuzzy Hash: fb3f8f756672564908c9e7ba31fd6963de6eb85cf41dbd966318a02d497566a4
                                                            • Instruction Fuzzy Hash: C731A122658A8685DA60DF11E4802ADB770FB94BD4F588236EE9E476A9DF3CD181C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D595E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 22%
                                                            			E00007FF87FF887D595E0(signed long long __rcx) {
				signed int _v24;
				long long _v32;
				long long _v40;
				signed long long _v56;
				char _v64;
				signed long long _v72;
				void* _t16;
				void* _t19;
				signed long long _t26;
				signed long long _t27;
				long long* _t35;
				signed long long _t37;
				intOrPtr _t44;
				signed long long _t47;

				_t26 =  *0x87d8ec78; // 0x522936145607
				_t27 = _t26 ^ _t47;
				_v24 = _t27;
				_t35 = __rcx;
				_v72 = __rcx;
				E00007FF87FF887D656A8(_t16, _t27, __rcx);
				asm("movups xmm0, [0x23ab2]");
				_t37 = _t27;
				_v40 = 0x22;
				_v32 = 0x2f;
				asm("movups [eax], xmm0");
				_v72 = _t37;
				asm("movups xmm1, [0x23a9a]");
				_v64 = 1;
				asm("xorps xmm0, xmm0");
				asm("movups [eax+0x10], xmm1");
				 *((short*)(_t37 + 0x20)) =  *0x87d7d0e0 & 0x0000ffff;
				 *((char*)(_t37 + 0x22)) = 0;
				_v56 = _t37;
				 *_t35 = 0x87d7b9e8;
				asm("movups [edx], xmm0");
				0x87d770e3();
				_t44 = _v32;
				 *_t35 = 0x87d7cfa0;
				if (_t44 - 0x10 < 0) goto 0x87d596b7;
				if (_t44 + 1 - 0x1000 < 0) goto 0x87d596b2;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d596b2;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t19 = E00007FF87FF887D656E4();
				 *_t35 = 0x87d7d0b0;
				return E00007FF87FF887D65E20(_t19, 0x30, _v24 ^ _t47);
			}

















                                                            0x7ff887d595e6
                                                            0x7ff887d595ed
                                                            0x7ff887d595f0
                                                            0x7ff887d595f5
                                                            0x7ff887d595f8
                                                            0x7ff887d59602
                                                            0x7ff887d59607
                                                            0x7ff887d5960e
                                                            0x7ff887d59611
                                                            0x7ff887d5961a
                                                            0x7ff887d59627
                                                            0x7ff887d5962a
                                                            0x7ff887d5962f
                                                            0x7ff887d59636
                                                            0x7ff887d5963b
                                                            0x7ff887d5963e
                                                            0x7ff887d59649
                                                            0x7ff887d59654
                                                            0x7ff887d59658
                                                            0x7ff887d59662
                                                            0x7ff887d59665
                                                            0x7ff887d59668
                                                            0x7ff887d5966d
                                                            0x7ff887d59679
                                                            0x7ff887d59680
                                                            0x7ff887d59694
                                                            0x7ff887d596a9
                                                            0x7ff887d596ab
                                                            0x7ff887d596b1
                                                            0x7ff887d596b2
                                                            0x7ff887d596be
                                                            0x7ff887d596d6

                                                            APIs
                                                              • Part of subcall function 00007FF887D656A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887D48F4E), ref: 00007FF887D656C2
                                                            • __std_exception_copy.VCRUNTIME140 ref: 00007FF887D59668
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D596AB
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturnmalloc
                                                            • String ID: "$/
                                                            • API String ID: 4226527432-2662438755
                                                            • Opcode ID: 25be6593ff39839adf9dae0128da7741ad21c040c35b5679c3610abc14d7f62f
                                                            • Instruction ID: 5f76d03fe286162a77a72b03f3ddd8f3dc2bd8c45b491d6ec379e5ceeed3f38c
                                                            • Opcode Fuzzy Hash: 25be6593ff39839adf9dae0128da7741ad21c040c35b5679c3610abc14d7f62f
                                                            • Instruction Fuzzy Hash: 6F21AD62A5CB8581EB118B24E85436D7370FBA9BD8F405335EA9E027A9EF7CE1D4C300
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D594A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FF887D656A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887D48F4E), ref: 00007FF887D656C2
                                                            • __std_exception_copy.VCRUNTIME140 ref: 00007FF887D59527
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D5956A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturnmalloc
                                                            • String ID: ($/
                                                            • API String ID: 4226527432-2468745909
                                                            • Opcode ID: 0f5e06a4e1f9924c716afe6e1175edec89951b74fb7e40c62514e7ce66276040
                                                            • Instruction ID: 294dead2535cbe2d42cb7d9d415580a3e2f6fd46023fdd6679592c1a29eb2b56
                                                            • Opcode Fuzzy Hash: 0f5e06a4e1f9924c716afe6e1175edec89951b74fb7e40c62514e7ce66276040
                                                            • Instruction Fuzzy Hash: 4B216B62959B8582EA118B24E84436D7370FB997E8F405331EA9E063AAEF7CE1D4C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D7A8A0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ExclusiveLock$AcquireRelease_invalid_parameter_noinfo_noreturn
                                                            • String ID: _old.txt
                                                            • API String ID: 2194057460-616907513
                                                            • Opcode ID: 19375733d42b06231c66649bbc83495ebd19588091db51a5034f5594767d68ad
                                                            • Instruction ID: 45e5f8141cc80ed66f808b3d1a085d67b4e519f2c762daa7585065c1c8c0bf97
                                                            • Opcode Fuzzy Hash: 19375733d42b06231c66649bbc83495ebd19588091db51a5034f5594767d68ad
                                                            • Instruction Fuzzy Hash: 78113D54E9868380FE04976CE85633C1672BF867E9F805331E5AF056EDEF6D6491D200
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D6FD40 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 26memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00007FF87FF887D6FD40(long* __rcx) {
				long _t1;

				_t1 = TlsAlloc();
				 *__rcx = _t1;
				if (_t1 == 0xffffffff) goto 0x87d6fd5f;
				return _t1;
			}




                                                            0x7ff887d6fd49
                                                            0x7ff887d6fd4f
                                                            0x7ff887d6fd54
                                                            0x7ff887d6fd5e

                                                            APIs
                                                            • TlsAlloc.KERNEL32(?,?,?,00007FF887D6F2EA,?,?,?,00007FF887D6F238,?,?,00000000,00007FF887D69BEB), ref: 00007FF887D6FD49
                                                            • TlsFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF887D6F238,?,?,00000000), ref: 00007FF887D6FD86
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: AllocFree
                                                            • String ID: TLS capacity depleted$libs\log\src\thread_specific.cpp
                                                            • API String ID: 265982327-1379514790
                                                            • Opcode ID: 2da7fdbe9f74d92ae2a317cc93a0c19ac98a3e4cc68a1e0e506d05d2aa7d149e
                                                            • Instruction ID: edbc9a0e8c7eb14ff90324d7efe683d48899962d887ba378cbf290339d5b046a
                                                            • Opcode Fuzzy Hash: 2da7fdbe9f74d92ae2a317cc93a0c19ac98a3e4cc68a1e0e506d05d2aa7d149e
                                                            • Instruction Fuzzy Hash: 06E09B31A4454AC6E6185B71E44957C2331FB597D9F980730CA1F0B6F4DE3C719ACB41
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D415C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: AddressHandleModuleProc
                                                            • String ID: CreateSymbolicLinkW$kernel32.dll
                                                            • API String ID: 1646373207-1962376091
                                                            • Opcode ID: 9ce60637c7c4a04aeee00a5780b9a9fa102b5b6ddd0c21e76d712e7f5f0034dd
                                                            • Instruction ID: 4c246cf1cbd7f0bd28816e5a4264570ea6990155434c2b29fc8f7304e7cfee57
                                                            • Opcode Fuzzy Hash: 9ce60637c7c4a04aeee00a5780b9a9fa102b5b6ddd0c21e76d712e7f5f0034dd
                                                            • Instruction Fuzzy Hash: C6D0C924E89A02D1E604AB02EC8507C23B0BF587D5F900635C80F02338EE2CA59AC350
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D41590 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: AddressHandleModuleProc
                                                            • String ID: CreateHardLinkW$kernel32.dll
                                                            • API String ID: 1646373207-294928789
                                                            • Opcode ID: f533e6e589203d47c4bec02eb5c913d7c44bec4a566d467f0d3de59559b5d85c
                                                            • Instruction ID: 3a7aee9ee3ccf583d6012e4476981cd2dd7cba2f062a92cdf52a40e0b7334145
                                                            • Opcode Fuzzy Hash: f533e6e589203d47c4bec02eb5c913d7c44bec4a566d467f0d3de59559b5d85c
                                                            • Instruction Fuzzy Hash: 45D0E924E9AA12D1E605AB52EC5517C23B1BF597D5FC01735C80F06338EF2CA59AC740
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D444C1 Relevance: 6.4, APIs: 5, Instructions: 138COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 58%
                                                            			E00007FF87FF887D444C1(long long* __rax, long long __rbx, long long __rsi, char* __r9, void* __r15) {
				void* _t48;
				char* _t57;
				intOrPtr* _t61;
				long long* _t62;
				intOrPtr _t66;
				void* _t77;
				char* _t83;
				void* _t87;
				signed long long _t89;

				_t62 = __rbx;
				asm("dec ax");
				asm("psrldq xmm0, 0x8");
				asm("dec ax");
				 *__rax();
				goto 0x87d445a6;
				 *(_t87 - 0x14) =  *(_t87 - 0x14) & 0xffffff80;
				 *(_t87 - 0x10) =  *(_t87 - 0x10) & 0x000000fe;
				 *((intOrPtr*)(_t87 - 0xf)) = 0;
				 *((intOrPtr*)(_t87 - 0x20)) = 0;
				 *((long long*)(_t89 + 0x70)) = _t87 - 0x20;
				_t57 = _t89 + 0x70;
				 *((intOrPtr*)(_t87 - 0x1c)) = 0xffffffff;
				 *((long long*)(_t87 - 0x78)) = _t57;
				 *((intOrPtr*)(_t87 - 0x70)) =  *((intOrPtr*)(__rsi + 0x58));
				 *((char*)(_t87 - 0x18)) = 0;
				 *((char*)(_t87 - 0xf)) = 0x20;
				 *((char*)(_t87 - 0xb)) = 1;
				 *((long long*)(_t89 + 0x78)) = __rsi;
				 *((long long*)(_t87 - 0x80)) = __rbx;
				E00007FF87FF887D43CC0(_t57, __rbx, __r9, __r15, _t89 + 0x70);
				_t83 = _t57;
				if (_t57 == __r15) goto 0x87d44547;
				if ( *_t57 == 0x7d) goto 0x87d44556;
				E00007FF87FF887D650C0(_t62, "missing \'}\' in format string");
				_t66 =  *((intOrPtr*)(__rsi));
				 *((long long*)(_t89 + 0x40)) = _t62;
				_t77 = _t83 - _t66;
				 *((long long*)(_t89 + 0x48)) = __rsi;
				 *((long long*)(__rsi)) = _t77 + _t66;
				 *((intOrPtr*)(__rsi + 8)) =  *((intOrPtr*)(__rsi + 8)) - _t77;
				 *((long long*)(_t89 + 0x28)) =  *_t62;
				 *((long long*)(_t89 + 0x30)) =  *((intOrPtr*)(_t62 + 0x28));
				_t61 = _t87 - 0x20;
				 *((long long*)(_t89 + 0x38)) = _t61;
				E00007FF87FF887D44AF0();
				 *_t62 =  *_t61;
				if (_t83 == __r15) goto 0x87d445d0;
				if ( *_t83 != 0x7d) goto 0x87d445d0;
				_t33 = _t83 + 1; // 0x2
				if (_t33 == __r15) goto 0x87d445e8;
				goto 0x87d44022;
				E00007FF87FF887D48C80(_t61, _t62, _t89 + 0x58, _t33, _t87, __r15, __r15);
				goto 0x87d445e8;
				goto 0x87d445e0;
				return E00007FF87FF887D65E20(E00007FF87FF887D650C0(_t62, "invalid format string"), _t48,  *(_t87 - 8) ^ _t89);
			}












                                                            0x7ff887d444c1
                                                            0x7ff887d444c9
                                                            0x7ff887d444ce
                                                            0x7ff887d444d3
                                                            0x7ff887d444d8
                                                            0x7ff887d444dd
                                                            0x7ff887d444e2
                                                            0x7ff887d444eb
                                                            0x7ff887d444f1
                                                            0x7ff887d444fb
                                                            0x7ff887d44502
                                                            0x7ff887d4450a
                                                            0x7ff887d4450f
                                                            0x7ff887d44516
                                                            0x7ff887d4451d
                                                            0x7ff887d44520
                                                            0x7ff887d44524
                                                            0x7ff887d44528
                                                            0x7ff887d4452c
                                                            0x7ff887d44531
                                                            0x7ff887d44535
                                                            0x7ff887d4453a
                                                            0x7ff887d44540
                                                            0x7ff887d44545
                                                            0x7ff887d44551
                                                            0x7ff887d44556
                                                            0x7ff887d44560
                                                            0x7ff887d44565
                                                            0x7ff887d44568
                                                            0x7ff887d44571
                                                            0x7ff887d44578
                                                            0x7ff887d44584
                                                            0x7ff887d4458d
                                                            0x7ff887d44592
                                                            0x7ff887d44596
                                                            0x7ff887d4459b
                                                            0x7ff887d445a3
                                                            0x7ff887d445a9
                                                            0x7ff887d445ae
                                                            0x7ff887d445b0
                                                            0x7ff887d445b7
                                                            0x7ff887d445b9
                                                            0x7ff887d445c9
                                                            0x7ff887d445ce
                                                            0x7ff887d445d7
                                                            0x7ff887d44621

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memchr$memmove
                                                            • String ID:
                                                            • API String ID: 4199700744-0
                                                            • Opcode ID: 73a91e6077936b72f932de7d3562217ea11923a2af180b412c3a42b8658b6dad
                                                            • Instruction ID: d2edc3b6917b80dc1c22874a9523c41e62d5f5dab2cb01240c0a03d48c3593ca
                                                            • Opcode Fuzzy Hash: 73a91e6077936b72f932de7d3562217ea11923a2af180b412c3a42b8658b6dad
                                                            • Instruction Fuzzy Hash: F5518D62A88B8582DB60CF25E44026DA7B1FB44BD4F584236DF9E17B9ADF3CE594C340
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D58800 Relevance: 6.4, APIs: 5, Instructions: 131COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memmove
                                                            • String ID:
                                                            • API String ID: 2162964266-0
                                                            • Opcode ID: adc04215cd4fd4c0a0b031881e90294048e23f6722abfe3fe1c836f0e6035876
                                                            • Instruction ID: 216820171eca10616c04b1f48e662719f6e4fb30de8ea5c3f16874ff3fa8e24c
                                                            • Opcode Fuzzy Hash: adc04215cd4fd4c0a0b031881e90294048e23f6722abfe3fe1c836f0e6035876
                                                            • Instruction Fuzzy Hash: F4418B22A09BC182EB149F26E5841AD6371F715BD4F549A35DFAE0778ACF7CE190C380
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D604D0 Relevance: 6.4, APIs: 5, Instructions: 107COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ExceptionThrow$__std_exception_copy
                                                            • String ID:
                                                            • API String ID: 174860668-0
                                                            • Opcode ID: 2b85e97540acae1fd1ae92cc4f75c51f67c6c691b0947c5b1685b7861ca35d75
                                                            • Instruction ID: 32f7faf041b0375e82b45f7c18b9ed8ed5a0fda5fa9f0b524980c477ad3b4bc2
                                                            • Opcode Fuzzy Hash: 2b85e97540acae1fd1ae92cc4f75c51f67c6c691b0947c5b1685b7861ca35d75
                                                            • Instruction Fuzzy Hash: 9F11725266958292EE24F720D8851EE6330FB947C5FE04731D59F0A9BEDE3CE209CB00
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D64470 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 193COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memmove
                                                            • String ID: #$%
                                                            • API String ID: 2162964266-2141590602
                                                            • Opcode ID: 34b4d6372bd322e99289d8db90c65af6c82bb6af3c9b5a6835dcb834b3bcb206
                                                            • Instruction ID: b0bca6a71df3c0e268202e9ca5a4ed8f26d446fbf5299a6a7e8ce8aa0e5d4985
                                                            • Opcode Fuzzy Hash: 34b4d6372bd322e99289d8db90c65af6c82bb6af3c9b5a6835dcb834b3bcb206
                                                            • Instruction Fuzzy Hash: 3E71F262A48A8585EB118F25D5043BEBBB1BB51FC8F455232EE0A0739ECF7CE655C380
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D64200 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 191COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memmove
                                                            • String ID: #$%
                                                            • API String ID: 2162964266-2141590602
                                                            • Opcode ID: 88576e8595118c141d0c5084a1eeabb62c25855a64c728a16ca8d9d51b900290
                                                            • Instruction ID: dfbe012c9b9fd7b79d8ad94429074c3860cf6c866558ee5f723a13ffffcd2d36
                                                            • Opcode Fuzzy Hash: 88576e8595118c141d0c5084a1eeabb62c25855a64c728a16ca8d9d51b900290
                                                            • Instruction Fuzzy Hash: B0711622A58A8585EB118F25D5043BDB7B2FB95FC8F445232EE0B0729ACF7CE655C380
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D6DC80 Relevance: 6.2, APIs: 4, Instructions: 187COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FF887D5E130: ?exceptions@ios_base@std@@QEAAXH@Z.MSVCP140 ref: 00007FF887D5E154
                                                              • Part of subcall function 00007FF887D5E130: ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF887D5E180
                                                            • ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z.MSVCP140 ref: 00007FF887D6DCB3
                                                            • ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z.MSVCP140 ref: 00007FF887D6DCD9
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D6DDC9
                                                            • ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF887D6DE99
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@$?exceptions@ios_base@std@@?imbue@?$basic_ios@Init@locale@std@@Locimp@12@_V32@@Vlocale@2@_invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 978063264-0
                                                            • Opcode ID: 7c179fa7e38723518c3218bd85d501dedec9c9c6932b32ffb1529c17292451b2
                                                            • Instruction ID: 1579d6bd3070c11c08eb09add069e92882d122f28dc74243ed08ceeadbf6dd11
                                                            • Opcode Fuzzy Hash: 7c179fa7e38723518c3218bd85d501dedec9c9c6932b32ffb1529c17292451b2
                                                            • Instruction Fuzzy Hash: 38816522B49B458AEF14DF25E0503AC23B1FB58B98F048635EA1E57B99DF38E495C380
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D6D5B0 Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ExceptionThrow__std_type_info_compare
                                                            • String ID:
                                                            • API String ID: 3388463524-0
                                                            • Opcode ID: c35758f14d44a799a8c35d17a8bcf98a6c816de844ec3c8dc4c5bbe731fe70a6
                                                            • Instruction ID: 57e34b65dc7df5b22f7812b36ba7f2d7099b57ca1e51af5f60ea7477f98a62ff
                                                            • Opcode Fuzzy Hash: c35758f14d44a799a8c35d17a8bcf98a6c816de844ec3c8dc4c5bbe731fe70a6
                                                            • Instruction Fuzzy Hash: 70519732618B8182EB10DF16E84026D77B5FB88BD4F598631EE8E07768DF38E450C780
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D42760 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 149COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 00007FF887D4276F
                                                            • d, xrefs: 00007FF887D428DC
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memmove
                                                            • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899$d
                                                            • API String ID: 2162964266-2578503166
                                                            • Opcode ID: d9538af6f6fb65ed1b744a2bdaafe5a0bfe8cf28f0b10d7f76bfbc04cc0fbc31
                                                            • Instruction ID: a3b1ca5005fa7f70a86cc6f3112f3a40dc8920a1ba83233f5a297b4cc193abbb
                                                            • Opcode Fuzzy Hash: d9538af6f6fb65ed1b744a2bdaafe5a0bfe8cf28f0b10d7f76bfbc04cc0fbc31
                                                            • Instruction Fuzzy Hash: E851BB73A88A8486DB15CB6AE4401BEBB70F789BC0B088532CF8E47765DF38E595C710
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D6FA00 Relevance: 6.1, APIs: 4, Instructions: 140timeCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 52%
                                                            			E00007FF87FF887D6FA00(void* __esi, long long __rbx, intOrPtr* __rcx, unsigned int __rdx, long long _a24) {
				signed int _v40;
				void* _v80;
				signed long long _v88;
				long long _v96;
				long long _v104;
				long long _v112;
				signed long long _v120;
				void* _v124;
				void* _v128;
				signed short _v134;
				signed int _v136;
				signed int _t37;
				signed short _t52;
				signed long long _t61;
				signed long long _t89;
				void* _t90;

				_a24 = __rbx;
				_t61 =  *0x87d8ec78; // 0x522936145607
				_v40 = _t61 ^ _t90 - 0x00000090;
				GetSystemTimeAsFileTime(??);
				_t89 = __rdx >> 0x12;
				_v120 = _t89;
				 *__rdx();
				_t37 =  *0x431BDE82D7B634E7 & 0x0000ffff;
				if (0x431bde82d7b634dc - 2 < 0) goto 0x87d6fb6a;
				if (_t37 - 0x1f > 0) goto 0x87d6fb7b;
				_t52 = ( *0x431BDE82D7B634EB & 0x0000ffff) + 1;
				if ((_t52 & 0x0000ffff) + 1 - 2 < 0) goto 0x87d6fb8c;
				if (_t52 - 0xc > 0) goto 0x87d6fb9a;
				r9d =  *0x431BDE82D7B634EF & 0x0000ffff;
				r9w = r9w + 0x76c;
				if ((r9w & 0xffffffff) + 1 - 0x579 < 0) goto 0x87d6fba8;
				if (r9w - 0x270f > 0) goto 0x87d6fbba;
				_v112 =  *((intOrPtr*)(0x431bde82d7b634e3));
				_v104 =  *((intOrPtr*)(0x431bde82d7b634df));
				asm("movups xmm0, [esp+0x38]");
				_v96 =  *0xd7b634db;
				asm("movups [edi+0x8], xmm0");
				_v136 = r9w;
				_v134 = _t52;
				_v88 = _t89 * 0xf4240;
				asm("movups xmm1, [esp+0x48]");
				 *((intOrPtr*)(__rcx)) = _v136;
				 *(__rcx + 4) = _t37;
				asm("movups [edi+0x18], xmm1");
				return E00007FF87FF887D65E20(_t37, _v136, _v40 ^ _t90 - 0x00000090);
			}



















                                                            0x7ff887d6fa00
                                                            0x7ff887d6fa0f
                                                            0x7ff887d6fa19
                                                            0x7ff887d6fa2c
                                                            0x7ff887d6fa7c
                                                            0x7ff887d6fa80
                                                            0x7ff887d6fa85
                                                            0x7ff887d6fa8a
                                                            0x7ff887d6fa94
                                                            0x7ff887d6fa9d
                                                            0x7ff887d6faa8
                                                            0x7ff887d6fab3
                                                            0x7ff887d6fabd
                                                            0x7ff887d6fac3
                                                            0x7ff887d6facd
                                                            0x7ff887d6fadd
                                                            0x7ff887d6faec
                                                            0x7ff887d6faf6
                                                            0x7ff887d6faff
                                                            0x7ff887d6fb07
                                                            0x7ff887d6fb0c
                                                            0x7ff887d6fb18
                                                            0x7ff887d6fb1c
                                                            0x7ff887d6fb25
                                                            0x7ff887d6fb2c
                                                            0x7ff887d6fb31
                                                            0x7ff887d6fb3a
                                                            0x7ff887d6fb3c
                                                            0x7ff887d6fb43
                                                            0x7ff887d6fb69

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: Time$EventFileSystem__acrt_iob_funcfflush
                                                            • String ID:
                                                            • API String ID: 1736211985-0
                                                            • Opcode ID: 8fbe9deb50a2553d171e416f978606913200a09efcb97367198c30951ce863af
                                                            • Instruction ID: 1eb3b147d4fddf673a7846e49c5e4540a79c20b77b09fe4751b9678b13e0a246
                                                            • Opcode Fuzzy Hash: 8fbe9deb50a2553d171e416f978606913200a09efcb97367198c30951ce863af
                                                            • Instruction Fuzzy Hash: 0751F522E1869587EB188B19E46577D6371FB997C4F504139FB8F47B9ACE2CE090CB40
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D59AD0 Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140(?,?,00000000,?,?,00007FF887D5610B), ref: 00007FF887D59B1D
                                                            • ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140(?,?,00000000,?,?,00007FF887D5610B), ref: 00007FF887D59C07
                                                            • ?exceptions@ios_base@std@@QEAAXH@Z.MSVCP140(?,?,00000000,?,?,00007FF887D5610B), ref: 00007FF887D59C4A
                                                            • ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z.MSVCP140(?,?,00000000,?,?,00007FF887D5610B), ref: 00007FF887D59C6D
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_ostream@??0?$basic_streambuf@?exceptions@ios_base@std@@?imbue@?$basic_ios@D@std@@@1@_V32@@V?$basic_streambuf@Vlocale@2@
                                                            • String ID:
                                                            • API String ID: 3082451130-0
                                                            • Opcode ID: dfa9646fe9e0be64b99a0445435a78fa881cac96ef5718e27f178ab5221fabdc
                                                            • Instruction ID: 639c707b343939ed351c3170053bae63bbdc6d8fdb3298147ccd1a7eea35d8f5
                                                            • Opcode Fuzzy Hash: dfa9646fe9e0be64b99a0445435a78fa881cac96ef5718e27f178ab5221fabdc
                                                            • Instruction Fuzzy Hash: 8C510332641B8486EB049F2AE89036D77B4FB58FD8F588625CE5E077A9DF38D4A5C340
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D47C90 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 130COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memset$memmove
                                                            • String ID: 0123456789ABCDEF$0123456789abcdef
                                                            • API String ID: 3527438329-885041942
                                                            • Opcode ID: 14467a850397d71f4521ba6fb74fd089cd7297abefd54ac757396e2f3bfaa3af
                                                            • Instruction ID: c7788c7c7f0fbfc73d5c462a4a471c2bb5dc8c3b8e4bd5faa51bd222ac8f8b63
                                                            • Opcode Fuzzy Hash: 14467a850397d71f4521ba6fb74fd089cd7297abefd54ac757396e2f3bfaa3af
                                                            • Instruction Fuzzy Hash: B1419E62B98A5582DA549F2AE4401AD6770FB49FE4B4C8132DF4E0BB5ADF38D4A6C300
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D47E50 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memset$memmove
                                                            • String ID: 0123456789ABCDEF$0123456789abcdef
                                                            • API String ID: 3527438329-885041942
                                                            • Opcode ID: dc2d0f8758767eedb8bc0c1c55c45d24d763a193a406e3e405cb67d4d1cce00b
                                                            • Instruction ID: fa2177bf94e31e3f62029c8de651e55fcf83b7ebde767d847303c443ac85c6a2
                                                            • Opcode Fuzzy Hash: dc2d0f8758767eedb8bc0c1c55c45d24d763a193a406e3e405cb67d4d1cce00b
                                                            • Instruction Fuzzy Hash: 2F418F62B88A9582DA54DF16E4401ADB770FB49FD4B484532DF5E0BB5ADF3CD4A6C300
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D5C1D0 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 68%
                                                            			E00007FF87FF887D5C1D0(long long __rbx, long long* __rcx, signed int __rdx, long long __r14) {
				void* _t21;
				void* _t22;
				void* _t25;
				void* _t43;
				long long _t44;
				long long* _t48;
				signed long long _t53;
				unsigned long long _t63;
				int _t66;
				int _t73;
				long long _t76;
				unsigned long long _t77;
				void* _t79;
				long long _t88;
				void* _t90;

				 *((long long*)(_t79 + 0x10)) = __rbx;
				 *((long long*)(_t79 + 0x18)) = _t76;
				_t77 =  *((intOrPtr*)(__rcx + 0x18));
				r15d = r8b;
				_t48 = __rcx;
				if (__rdx - _t77 > 0) goto 0x87d5c21c;
				if (_t77 - 0x10 < 0) goto 0x87d5c201;
				 *((long long*)(__rcx + 0x10)) = __rdx;
				_t21 = memset(_t90, _t66, _t73);
				 *((char*)( *((intOrPtr*)(__rcx)) + __rdx)) = 0;
				goto 0x87d5c30b;
				if (__rdx - 0xffffffff > 0) goto 0x87d5c328;
				 *((long long*)(_t79 - 0x20 + 0x40)) = __r14;
				_t53 = __rdx | 0x0000000f;
				if (_t53 - 0xffffffff > 0) goto 0x87d5c27a;
				_t63 = _t77 >> 1;
				if (_t77 - 0xffffffff - _t63 > 0) goto 0x87d5c27a;
				_t43 = _t63 + _t77;
				_t8 = ( <  ? _t43 : _t53) + 1; // 0x9
				_t44 = _t8;
				if (_t44 - 0x1000 < 0) goto 0x87d5c2a0;
				_t9 = _t44 + 0x27; // 0x30
				if (_t9 - _t44 <= 0) goto 0x87d5c32e;
				goto 0x87d5c284;
				_t22 = E00007FF87FF887D656A8(_t21, _t44, 0x27);
				if (_t44 == 0) goto 0x87d5c321;
				_t10 = _t44 + 0x27; // 0x27
				 *((long long*)((_t10 & 0xffffffe0) - 8)) = _t44;
				goto 0x87d5c2b5;
				if (_t44 == 0) goto 0x87d5c2b2;
				E00007FF87FF887D656A8(_t22, _t44, _t44);
				_t88 = _t44;
				goto 0x87d5c2b5;
				r14d = 0;
				 *((long long*)(_t48 + 0x10)) = __rdx;
				 *((long long*)(_t48 + 0x18)) =  <  ? _t43 : _t53;
				memset(??, ??, ??);
				 *((char*)(_t88 + __rdx)) = 0;
				if (_t77 - 0x10 < 0) goto 0x87d5c303;
				if (_t77 + 1 - 0x1000 < 0) goto 0x87d5c2fe;
				if ( *_t48 -  *((intOrPtr*)( *_t48 - 8)) - 8 - 0x1f > 0) goto 0x87d5c321;
				_t25 = E00007FF87FF887D656E4();
				 *_t48 = _t88;
				return _t25;
			}


















                                                            0x7ff887d5c1d0
                                                            0x7ff887d5c1d5
                                                            0x7ff887d5c1e2
                                                            0x7ff887d5c1e9
                                                            0x7ff887d5c1ed
                                                            0x7ff887d5c1f3
                                                            0x7ff887d5c1fc
                                                            0x7ff887d5c201
                                                            0x7ff887d5c20e
                                                            0x7ff887d5c213
                                                            0x7ff887d5c217
                                                            0x7ff887d5c229
                                                            0x7ff887d5c232
                                                            0x7ff887d5c237
                                                            0x7ff887d5c23e
                                                            0x7ff887d5c246
                                                            0x7ff887d5c24f
                                                            0x7ff887d5c251
                                                            0x7ff887d5c25f
                                                            0x7ff887d5c25f
                                                            0x7ff887d5c269
                                                            0x7ff887d5c26b
                                                            0x7ff887d5c272
                                                            0x7ff887d5c278
                                                            0x7ff887d5c284
                                                            0x7ff887d5c28c
                                                            0x7ff887d5c292
                                                            0x7ff887d5c29a
                                                            0x7ff887d5c29e
                                                            0x7ff887d5c2a3
                                                            0x7ff887d5c2a8
                                                            0x7ff887d5c2ad
                                                            0x7ff887d5c2b0
                                                            0x7ff887d5c2b2
                                                            0x7ff887d5c2b8
                                                            0x7ff887d5c2bf
                                                            0x7ff887d5c2c6
                                                            0x7ff887d5c2cb
                                                            0x7ff887d5c2d4
                                                            0x7ff887d5c2e4
                                                            0x7ff887d5c2f9
                                                            0x7ff887d5c2fe
                                                            0x7ff887d5c303
                                                            0x7ff887d5c320

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memset$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
                                                            • String ID:
                                                            • API String ID: 674427795-0
                                                            • Opcode ID: e342e99b685ff44c21d1a7456a9f6da6b9c40bf2ea54ffcf52156b01f710bb59
                                                            • Instruction ID: 0f017e20bb4b427462d9471b277fe2317ebdb8bb12490906569d10d973029d31
                                                            • Opcode Fuzzy Hash: e342e99b685ff44c21d1a7456a9f6da6b9c40bf2ea54ffcf52156b01f710bb59
                                                            • Instruction Fuzzy Hash: D531AD22B4AAC686FE149B95D50437C62A2BB04BE4F544731DA6E0BBDDDE7CE482C340
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D529B0 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 45%
                                                            			E00007FF87FF887D529B0(long long __rbx, long long* __rcx, void* __rdx, long long __rdi, long long __r12) {
				void* _t28;
				void* _t29;
				void* _t33;
				long long _t51;
				long long _t57;
				unsigned long long _t64;
				signed long long _t73;
				long long _t81;
				int _t83;
				long long* _t84;
				long long _t86;
				unsigned long long _t87;
				void* _t89;
				void* _t90;
				signed long long _t94;
				void* _t96;
				intOrPtr _t97;
				void* _t99;

				 *((long long*)(_t89 + 0x20)) = __rbx;
				_t90 = _t89 - 0x20;
				_t97 =  *((intOrPtr*)(__rcx + 0x10));
				r15d = r9b & 0xffffffff;
				_t84 = __rcx;
				if (0xffffffff - _t97 - __rdx < 0) goto 0x87d52b0a;
				 *((long long*)(_t90 + 0x40)) = _t86;
				_t87 =  *((intOrPtr*)(__rcx + 0x18));
				 *((long long*)(_t90 + 0x48)) = __rdi;
				 *((long long*)(_t90 + 0x50)) = __r12;
				_t94 = _t97 + __rdx;
				_t73 = _t94 | 0x0000000f;
				if (_t73 - 0xffffffff > 0) goto 0x87d52a3f;
				_t64 = _t87 >> 1;
				if (_t87 - 0xffffffff - _t64 > 0) goto 0x87d52a3f;
				_t57 =  <  ? _t64 + _t87 : _t73;
				_t51 = _t57 + 1;
				if (_t51 - 0x1000 < 0) goto 0x87d52a61;
				_t10 = _t51 + 0x27; // 0x27
				if (_t10 - _t51 <= 0) goto 0x87d52b10;
				goto 0x87d52a49;
				_t29 = E00007FF87FF887D656A8(_t28, _t51, 0x27);
				if (_t51 == 0) goto 0x87d52acd;
				_t11 = _t51 + 0x27; // 0x27
				 *((long long*)((_t11 & 0xffffffe0) - 8)) = _t51;
				goto 0x87d52a75;
				if (_t51 == 0) goto 0x87d52a73;
				E00007FF87FF887D656A8(_t29, _t51, _t51);
				_t81 = _t51;
				goto 0x87d52a75;
				 *(_t84 + 0x10) = _t94;
				 *((long long*)(_t84 + 0x18)) = _t57;
				if (_t87 - 0x10 < 0) goto 0x87d52ad4;
				memmove(_t99, _t96, _t83);
				 *((intOrPtr*)(_t81 + _t97)) = r15b;
				 *((char*)(_t81 + _t97 + 1)) = 0;
				if (_t87 + 1 - 0x1000 < 0) goto 0x87d52ac3;
				_t20 =  *_t84 -  *((intOrPtr*)( *_t84 - 8)) - 8; // 0x7ffffffffffffff7
				if (_t20 - 0x1f > 0) goto 0x87d52acd;
				E00007FF87FF887D656E4();
				goto 0x87d52ae6;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t33 = memmove(??, ??, ??);
				 *((intOrPtr*)(_t81 + _t97)) = r15b;
				 *((char*)(_t81 + _t97 + 1)) = 0;
				 *_t84 = _t81;
				return _t33;
			}





















                                                            0x7ff887d529b0
                                                            0x7ff887d529ba
                                                            0x7ff887d529be
                                                            0x7ff887d529cf
                                                            0x7ff887d529d6
                                                            0x7ff887d529dc
                                                            0x7ff887d529e2
                                                            0x7ff887d529e7
                                                            0x7ff887d529eb
                                                            0x7ff887d529f0
                                                            0x7ff887d529f5
                                                            0x7ff887d529fc
                                                            0x7ff887d52a03
                                                            0x7ff887d52a0b
                                                            0x7ff887d52a14
                                                            0x7ff887d52a20
                                                            0x7ff887d52a24
                                                            0x7ff887d52a2e
                                                            0x7ff887d52a30
                                                            0x7ff887d52a37
                                                            0x7ff887d52a3d
                                                            0x7ff887d52a49
                                                            0x7ff887d52a51
                                                            0x7ff887d52a53
                                                            0x7ff887d52a5b
                                                            0x7ff887d52a5f
                                                            0x7ff887d52a64
                                                            0x7ff887d52a69
                                                            0x7ff887d52a6e
                                                            0x7ff887d52a71
                                                            0x7ff887d52a75
                                                            0x7ff887d52a7c
                                                            0x7ff887d52a87
                                                            0x7ff887d52a8f
                                                            0x7ff887d52a98
                                                            0x7ff887d52a9c
                                                            0x7ff887d52aa9
                                                            0x7ff887d52ab6
                                                            0x7ff887d52abe
                                                            0x7ff887d52ac6
                                                            0x7ff887d52acb
                                                            0x7ff887d52acd
                                                            0x7ff887d52ad3
                                                            0x7ff887d52ad7
                                                            0x7ff887d52adc
                                                            0x7ff887d52ae0
                                                            0x7ff887d52ae6
                                                            0x7ff887d52b09

                                                            APIs
                                                            • memmove.VCRUNTIME140(?,?,?,?,?,?,00000000,00007FF887D64980), ref: 00007FF887D52A8F
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,00007FF887D64980), ref: 00007FF887D52ACD
                                                            • memmove.VCRUNTIME140(?,?,?,?,?,?,00000000,00007FF887D64980), ref: 00007FF887D52AD7
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887D52B10
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                            • String ID:
                                                            • API String ID: 2016347663-0
                                                            • Opcode ID: 886e374365119e1221a35c2cd39303fbd5fbd754e80a3eab4d3bbd931c25b5cc
                                                            • Instruction ID: c145ad2726b392edc222e15357a70674e205001832ac914b9243569cf99e86f5
                                                            • Opcode Fuzzy Hash: 886e374365119e1221a35c2cd39303fbd5fbd754e80a3eab4d3bbd931c25b5cc
                                                            • Instruction Fuzzy Hash: 7331C161B4A781D6EA209B16A60426DA362FB04BE0F584735DF6E0B7DDDE7CF095C304
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D56430 Relevance: 6.1, APIs: 4, Instructions: 103COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 31%
                                                            			E00007FF87FF887D56430(long long __rax, long long __rbx, long long __rcx, void* __rdx, long long __rsi, void* __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				long long _v56;
				char _v64;
				void* _v72;
				char _v88;
				void* __rdi;
				void* _t31;
				void* _t37;
				void* _t43;
				void* _t51;
				void* _t55;
				long long _t57;
				intOrPtr* _t59;
				long long _t61;
				long long _t83;
				void* _t86;
				void* _t98;
				void* _t101;

				_t84 = __rsi;
				_t57 = __rax;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __r9;
				_a8 = __rcx;
				_t101 = __r8;
				_t61 = __rcx;
				_t31 = E00007FF87FF887D76670(__rax);
				if (_t57 == 0) goto 0x87d5647e;
				r10d =  *((intOrPtr*)(__rcx + 0x28));
				if ( *_t57 != r10d) goto 0x87d5647e;
				goto 0x87d564fe;
				_v56 = __rcx + 0x10;
				__imp__AcquireSRWLockShared();
				E00007FF87FF887D656A8(_t31, _t57, __rcx + 0x10);
				_v64 = _t57;
				if (_t57 == 0) goto 0x87d564bf;
				E00007FF87FF887D59AD0(_t43,  *((intOrPtr*)(_t61 + 0x28)), _t51, _t61, _t57, _t61 + 0x38, _t61 + 0x30);
				_t83 = _t57;
				goto 0x87d564c3;
				__imp__ReleaseSRWLockShared();
				E00007FF87FF887D76670(_t57);
				_t55 = _t57 - _t83;
				if (_t55 == 0) goto 0x87d564f6;
				_v88 = 1;
				E00007FF87FF887D76E20( *((intOrPtr*)(_t61 + 0x28)), _t57, _t61, _t61 + 0x48, 0x87d5c340, _t83, __rsi, _t86,  *((intOrPtr*)(_t61 + 0x48)), _t83, _t98);
				_v64 = _t83;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t83 + 0x128))))))();
				__imp__?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ();
				_t37 = E00007FF87FF887D58A90( &_v72, _t101);
				_t22 = _t83 + 8; // 0x8
				E00007FF87FF887D6E2D0(_t37, _t61, _a32, _t83, _t84, _t86, _t22);
				_t59 = _v72;
				 *_t59 =  *_t59 - 1;
				if (_t55 != 0) goto 0x87d5657e;
				 *((intOrPtr*)(_t59 + 4)) = 0;
				asm("lock xadd [ecx], eax");
				asm("bt eax, 0x1e");
				if (_t55 < 0) goto 0x87d5657e;
				if (0x80000000 - 0x80000000 <= 0) goto 0x87d5657e;
				asm("lock bts dword [ecx], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x87d5657e;
				E00007FF87FF887D5D940(_t59 + 8);
				SetEvent(??);
				return E00007FF87FF887D5A810(_t61,  &_v64);
			}





















                                                            0x7ff887d56430
                                                            0x7ff887d56430
                                                            0x7ff887d56430
                                                            0x7ff887d56435
                                                            0x7ff887d5643a
                                                            0x7ff887d5643f
                                                            0x7ff887d56454
                                                            0x7ff887d5645a
                                                            0x7ff887d56461
                                                            0x7ff887d5646c
                                                            0x7ff887d5646e
                                                            0x7ff887d56475
                                                            0x7ff887d56479
                                                            0x7ff887d56482
                                                            0x7ff887d5648a
                                                            0x7ff887d56496
                                                            0x7ff887d5649b
                                                            0x7ff887d564a3
                                                            0x7ff887d564b3
                                                            0x7ff887d564b8
                                                            0x7ff887d564bd
                                                            0x7ff887d564c6
                                                            0x7ff887d564d0
                                                            0x7ff887d564d5
                                                            0x7ff887d564d8
                                                            0x7ff887d564da
                                                            0x7ff887d564f1
                                                            0x7ff887d564fe
                                                            0x7ff887d56514
                                                            0x7ff887d5651d
                                                            0x7ff887d5652b
                                                            0x7ff887d56531
                                                            0x7ff887d5653b
                                                            0x7ff887d56541
                                                            0x7ff887d56546
                                                            0x7ff887d56549
                                                            0x7ff887d5654b
                                                            0x7ff887d56557
                                                            0x7ff887d5655b
                                                            0x7ff887d5655f
                                                            0x7ff887d56566
                                                            0x7ff887d56568
                                                            0x7ff887d5656d
                                                            0x7ff887d5656f
                                                            0x7ff887d56577
                                                            0x7ff887d565a1

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: LockShared$?flush@?$basic_ostream@AcquireD@std@@@std@@EventReleaseU?$char_traits@V12@
                                                            • String ID:
                                                            • API String ID: 3106982728-0
                                                            • Opcode ID: dca59bed34d5218c9d0a5de8591030f77544f2d2cb362cc734211e3e6298320c
                                                            • Instruction ID: 7d8dd4da7536cf69900c3eafc448f8737f0579e6a1666439ef7fcca2ed3a4b5a
                                                            • Opcode Fuzzy Hash: dca59bed34d5218c9d0a5de8591030f77544f2d2cb362cc734211e3e6298320c
                                                            • Instruction Fuzzy Hash: CA419E32A8A78292EA05DB65E4041AD6370FB86FD4F408232EE4E43769DF3CD995C780
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D562B0 Relevance: 6.1, APIs: 4, Instructions: 103COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 34%
                                                            			E00007FF87FF887D562B0(long long __rax, long long __rbx, long long __rcx, void* __rdx, long long __rsi, void* __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				long long _v56;
				char _v64;
				void* _v72;
				char _v88;
				void* __rdi;
				void* _t31;
				void* _t42;
				void* _t50;
				void* _t54;
				long long _t56;
				intOrPtr* _t58;
				long long _t60;
				long long _t82;
				void* _t85;
				void* _t97;
				void* _t100;

				_t56 = __rax;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __r9;
				_a8 = __rcx;
				_t100 = __r8;
				_t60 = __rcx;
				_t31 = E00007FF87FF887D76670(__rax);
				if (_t56 == 0) goto 0x87d562fe;
				r10d =  *((intOrPtr*)(__rcx + 0x28));
				if ( *_t56 != r10d) goto 0x87d562fe;
				goto 0x87d5637e;
				_v56 = __rcx + 0x10;
				__imp__AcquireSRWLockShared();
				E00007FF87FF887D656A8(_t31, _t56, __rcx + 0x10);
				_v64 = _t56;
				if (_t56 == 0) goto 0x87d5633f;
				E00007FF87FF887D59AD0(_t42,  *((intOrPtr*)(_t60 + 0x28)), _t50, _t60, _t56, _t60 + 0x38, _t60 + 0x30);
				_t82 = _t56;
				goto 0x87d56343;
				__imp__ReleaseSRWLockShared();
				E00007FF87FF887D76670(_t56);
				_t54 = _t56 - _t82;
				if (_t54 == 0) goto 0x87d56376;
				_v88 = 1;
				E00007FF87FF887D76E20( *((intOrPtr*)(_t60 + 0x28)), _t56, _t60, _t60 + 0x48, 0x87d5c340, _t82, __rsi, _t85,  *((intOrPtr*)(_t60 + 0x48)), _t82, _t97);
				_v64 = _t82;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t82 + 0x128))))))();
				__imp__?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ();
				E00007FF87FF887D58A90( &_v72, _t100);
				E00007FF87FF887D6DF50();
				_t58 = _v72;
				 *_t58 =  *_t58 - 1;
				if (_t54 != 0) goto 0x87d563fe;
				 *((intOrPtr*)(_t58 + 4)) = 0;
				asm("lock xadd [ecx], eax");
				asm("bt eax, 0x1e");
				if (_t54 < 0) goto 0x87d563fe;
				if (0x80000000 - 0x80000000 <= 0) goto 0x87d563fe;
				asm("lock bts dword [ecx], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x87d563fe;
				E00007FF87FF887D5D940(_t58 + 8);
				SetEvent(??);
				return E00007FF87FF887D5A810(_t60,  &_v64);
			}




















                                                            0x7ff887d562b0
                                                            0x7ff887d562b0
                                                            0x7ff887d562b5
                                                            0x7ff887d562ba
                                                            0x7ff887d562bf
                                                            0x7ff887d562d4
                                                            0x7ff887d562da
                                                            0x7ff887d562e1
                                                            0x7ff887d562ec
                                                            0x7ff887d562ee
                                                            0x7ff887d562f5
                                                            0x7ff887d562f9
                                                            0x7ff887d56302
                                                            0x7ff887d5630a
                                                            0x7ff887d56316
                                                            0x7ff887d5631b
                                                            0x7ff887d56323
                                                            0x7ff887d56333
                                                            0x7ff887d56338
                                                            0x7ff887d5633d
                                                            0x7ff887d56346
                                                            0x7ff887d56350
                                                            0x7ff887d56355
                                                            0x7ff887d56358
                                                            0x7ff887d5635a
                                                            0x7ff887d56371
                                                            0x7ff887d5637e
                                                            0x7ff887d56394
                                                            0x7ff887d5639d
                                                            0x7ff887d563ab
                                                            0x7ff887d563bb
                                                            0x7ff887d563c1
                                                            0x7ff887d563c6
                                                            0x7ff887d563c9
                                                            0x7ff887d563cb
                                                            0x7ff887d563d7
                                                            0x7ff887d563db
                                                            0x7ff887d563df
                                                            0x7ff887d563e6
                                                            0x7ff887d563e8
                                                            0x7ff887d563ed
                                                            0x7ff887d563ef
                                                            0x7ff887d563f7
                                                            0x7ff887d56421

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: LockShared$?flush@?$basic_ostream@AcquireD@std@@@std@@EventReleaseU?$char_traits@V12@
                                                            • String ID:
                                                            • API String ID: 3106982728-0
                                                            • Opcode ID: 7797e0108a4ce0f3a894cfd757563918a1455e9daf6e17ce4efd5d9c6d1a6bcd
                                                            • Instruction ID: cfc73477a1bb6fa7dcf7af3302094fc22f34dccfe0d30579f8e81111da890fe5
                                                            • Opcode Fuzzy Hash: 7797e0108a4ce0f3a894cfd757563918a1455e9daf6e17ce4efd5d9c6d1a6bcd
                                                            • Instruction Fuzzy Hash: 1A419132A4A68292EB11DB65E4041ADA370FB86FD4F445231EE4E43759DF3CD995C780
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D49100 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 68%
                                                            			E00007FF87FF887D49100(long long __rbx, long long* __rcx, void* __rdx, signed int __r8, long long __r14) {
				void* _t21;
				void* _t22;
				void* _t25;
				void* _t41;
				long long _t42;
				long long* _t46;
				signed long long _t51;
				unsigned long long _t61;
				void* _t65;
				int _t72;
				long long _t75;
				unsigned long long _t76;
				void* _t78;
				long long _t87;
				void* _t89;

				 *((long long*)(_t78 + 0x10)) = __rbx;
				 *((long long*)(_t78 + 0x18)) = _t75;
				_t76 =  *((intOrPtr*)(__rcx + 0x18));
				_t46 = __rcx;
				if (__r8 - _t76 > 0) goto 0x87d49145;
				if (_t76 - 0x10 < 0) goto 0x87d49130;
				 *((long long*)(__rcx + 0x10)) = __r8;
				_t21 = memmove(_t89, _t65, _t72);
				 *((char*)( *((intOrPtr*)(__rcx)) + __r8)) = 0;
				goto 0x87d49234;
				if (__r8 - 0xffffffff > 0) goto 0x87d49251;
				 *((long long*)(_t78 - 0x20 + 0x40)) = __r14;
				_t51 = __r8 | 0x0000000f;
				if (_t51 - 0xffffffff > 0) goto 0x87d491a3;
				_t61 = _t76 >> 1;
				if (_t76 - 0xffffffff - _t61 > 0) goto 0x87d491a3;
				_t41 = _t61 + _t76;
				_t8 = ( <  ? _t41 : _t51) + 1; // 0x100000001
				_t42 = _t8;
				if (_t42 - 0x1000 < 0) goto 0x87d491c9;
				_t9 = _t42 + 0x27; // 0x100000028
				if (_t9 - _t42 <= 0) goto 0x87d49257;
				goto 0x87d491ad;
				_t22 = E00007FF87FF887D656A8(_t21, _t42, 0x27);
				if (_t42 == 0) goto 0x87d4924a;
				_t10 = _t42 + 0x27; // 0x27
				 *((long long*)((_t10 & 0xffffffe0) - 8)) = _t42;
				goto 0x87d491de;
				if (_t42 == 0) goto 0x87d491db;
				E00007FF87FF887D656A8(_t22, _t42, _t42);
				_t87 = _t42;
				goto 0x87d491de;
				r14d = 0;
				 *((long long*)(_t46 + 0x10)) = __r8;
				 *((long long*)(_t46 + 0x18)) =  <  ? _t41 : _t51;
				memmove(??, ??, ??);
				 *((char*)(_t87 + __r8)) = 0;
				if (_t76 - 0x10 < 0) goto 0x87d4922c;
				_t15 = _t76 + 1; // 0x10
				if (_t15 - 0x1000 < 0) goto 0x87d49227;
				if ( *_t46 -  *((intOrPtr*)( *_t46 - 8)) - 8 - 0x1f > 0) goto 0x87d4924a;
				_t25 = E00007FF87FF887D656E4();
				 *_t46 = _t87;
				return _t25;
			}


















                                                            0x7ff887d49100
                                                            0x7ff887d49105
                                                            0x7ff887d49112
                                                            0x7ff887d4911c
                                                            0x7ff887d49122
                                                            0x7ff887d4912b
                                                            0x7ff887d49130
                                                            0x7ff887d49137
                                                            0x7ff887d4913c
                                                            0x7ff887d49140
                                                            0x7ff887d49152
                                                            0x7ff887d4915b
                                                            0x7ff887d49160
                                                            0x7ff887d49167
                                                            0x7ff887d4916f
                                                            0x7ff887d49178
                                                            0x7ff887d4917a
                                                            0x7ff887d49188
                                                            0x7ff887d49188
                                                            0x7ff887d49192
                                                            0x7ff887d49194
                                                            0x7ff887d4919b
                                                            0x7ff887d491a1
                                                            0x7ff887d491ad
                                                            0x7ff887d491b5
                                                            0x7ff887d491bb
                                                            0x7ff887d491c3
                                                            0x7ff887d491c7
                                                            0x7ff887d491cc
                                                            0x7ff887d491d1
                                                            0x7ff887d491d6
                                                            0x7ff887d491d9
                                                            0x7ff887d491db
                                                            0x7ff887d491e1
                                                            0x7ff887d491e8
                                                            0x7ff887d491ef
                                                            0x7ff887d491f4
                                                            0x7ff887d491fd
                                                            0x7ff887d49202
                                                            0x7ff887d4920d
                                                            0x7ff887d49222
                                                            0x7ff887d49227
                                                            0x7ff887d4922c
                                                            0x7ff887d49249

                                                            APIs
                                                            • memmove.VCRUNTIME140(?,00000000,?,00007FF887D52B4F,?,?,?,?,?,?,?,?,?,?,00000000,00007FF887D64980), ref: 00007FF887D49137
                                                            • memmove.VCRUNTIME140(?,00000000,?,00007FF887D52B4F,?,?,?,?,?,?,?,?,?,?,00000000,00007FF887D64980), ref: 00007FF887D491EF
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,00007FF887D52B4F,?,?,?,?,?,?,?,?,?,?,00000000,00007FF887D64980), ref: 00007FF887D4924A
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887D49257
                                                              • Part of subcall function 00007FF887D656A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887D48F4E), ref: 00007FF887D656C2
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
                                                            • String ID:
                                                            • API String ID: 2075926362-0
                                                            • Opcode ID: c2b970fc547b330d9855479c807baebc7d2066d06c889b2b930ac0434c1c65f7
                                                            • Instruction ID: b778411da72cc96c0f253298a47d91d06ebf7daafd2ebff6e3ed3f6827525e91
                                                            • Opcode Fuzzy Hash: c2b970fc547b330d9855479c807baebc7d2066d06c889b2b930ac0434c1c65f7
                                                            • Instruction Fuzzy Hash: 8131A022B89A8689FA549A52D5482BC2271BB55FE4F944731DA2E17BCDDE7CE481C300
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D4D4C0 Relevance: 6.1, APIs: 4, Instructions: 82COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 29%
                                                            			E00007FF87FF887D4D4C0(long long __rax, long long __rbx, signed long long* __rcx, void* __rdx, long long __rsi) {
				void* _t18;
				void* _t20;
				long long _t30;
				signed long long _t32;
				signed long long* _t35;
				void* _t39;
				long long _t41;
				void* _t45;
				signed long long _t52;
				long long _t54;
				signed long long _t55;
				void* _t57;

				 *((long long*)(_t57 + 0x10)) = __rbx;
				 *((long long*)(_t57 + 0x18)) = _t54;
				 *((long long*)(__rcx)) = __rax;
				_t35 = __rcx;
				 *((long long*)(__rcx + 0x10)) = __rax;
				 *((long long*)(__rcx + 0x18)) = __rax;
				_t55 =  *((intOrPtr*)(__rdx + 0x10));
				if ( *((long long*)(__rdx + 0x18)) - 0x10 < 0) goto 0x87d4d4f0;
				 *((long long*)(_t57 - 0x20 + 0x30)) = __rsi;
				if (_t55 - 0x10 >= 0) goto 0x87d4d508;
				asm("movups xmm0, [edi]");
				asm("movups [ecx], xmm0");
				goto 0x87d4d577;
				_t52 =  >  ? 0xffffffff : _t55 | 0x0000000f;
				_t39 = _t52 + 1;
				if (_t39 - 0x1000 < 0) goto 0x87d4d55b;
				_t30 = _t39 + 0x27;
				if (_t30 - _t39 <= 0) goto 0x87d4d597;
				_t18 = E00007FF87FF887D656A8(0, _t30, _t30);
				_t41 = _t30;
				if (_t30 == 0) goto 0x87d4d554;
				_t32 = _t30 + 0x00000027 & 0xffffffe0;
				 *((long long*)(_t32 - 8)) = _t41;
				goto 0x87d4d565;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				if (_t41 == 0) goto 0x87d4d565;
				E00007FF87FF887D656A8(_t18, _t32, _t41);
				 *_t35 = _t32;
				_t20 = memmove(_t45, ??);
				_t35[2] = _t55;
				_t35[3] = _t52;
				return _t20;
			}















                                                            0x7ff887d4d4c0
                                                            0x7ff887d4d4c5
                                                            0x7ff887d4d4d4
                                                            0x7ff887d4d4d7
                                                            0x7ff887d4d4da
                                                            0x7ff887d4d4de
                                                            0x7ff887d4d4e7
                                                            0x7ff887d4d4eb
                                                            0x7ff887d4d4f0
                                                            0x7ff887d4d4f9
                                                            0x7ff887d4d4fb
                                                            0x7ff887d4d503
                                                            0x7ff887d4d506
                                                            0x7ff887d4d51c
                                                            0x7ff887d4d520
                                                            0x7ff887d4d52b
                                                            0x7ff887d4d52d
                                                            0x7ff887d4d534
                                                            0x7ff887d4d539
                                                            0x7ff887d4d53e
                                                            0x7ff887d4d544
                                                            0x7ff887d4d54a
                                                            0x7ff887d4d54e
                                                            0x7ff887d4d552
                                                            0x7ff887d4d554
                                                            0x7ff887d4d55a
                                                            0x7ff887d4d55e
                                                            0x7ff887d4d560
                                                            0x7ff887d4d569
                                                            0x7ff887d4d572
                                                            0x7ff887d4d577
                                                            0x7ff887d4d57e
                                                            0x7ff887d4d596

                                                            APIs
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF887D4E21C,?,?,?,00007FF887D5D6C2), ref: 00007FF887D4D554
                                                            • memmove.VCRUNTIME140(?,?,?,00007FF887D4E21C,?,?,?,00007FF887D5D6C2), ref: 00007FF887D4D572
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF887D4D597
                                                            • __std_exception_copy.VCRUNTIME140(?,?,?,?,?,?,?,00007FF887D4E21C,?,?,?,00007FF887D5D6C2), ref: 00007FF887D4D5C4
                                                              • Part of subcall function 00007FF887D656A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887D48F4E), ref: 00007FF887D656C2
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: Concurrency::cancel_current_task__std_exception_copy_invalid_parameter_noinfo_noreturnmallocmemmove
                                                            • String ID:
                                                            • API String ID: 3686582625-0
                                                            • Opcode ID: 15b018261a7cf0bc8f6df710f8455fdf24a97d8064d944bfca37451ac74d772f
                                                            • Instruction ID: 77c4602471689fd1e2d80788b7cae7ee9cb3838d135c5fa4a732f3305ae2a20c
                                                            • Opcode Fuzzy Hash: 15b018261a7cf0bc8f6df710f8455fdf24a97d8064d944bfca37451ac74d772f
                                                            • Instruction Fuzzy Hash: 2831BC62A8AB8184EB459B55E4401AC23B1FB18BE8F588730DB6E07B99DF3CE1D1C340
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D48C80 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • memchr.VCRUNTIME140(00000001,00000000,?,00007FF887D445CE), ref: 00007FF887D48CAA
                                                            • memmove.VCRUNTIME140(00000001,00000000,?,00007FF887D445CE), ref: 00007FF887D48D4F
                                                              • Part of subcall function 00007FF887D4BA30: memmove.VCRUNTIME140 ref: 00007FF887D4BA87
                                                            • memchr.VCRUNTIME140(00000001,00000000,?,00007FF887D445CE), ref: 00007FF887D48CF5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memchrmemmove
                                                            • String ID: unmatched '}' in format string
                                                            • API String ID: 1132781299-1164737745
                                                            • Opcode ID: e3a4b6110c697d36bd24bbe5557a8b97f08152c800b349514c7e98e6efbc01b0
                                                            • Instruction ID: 4b3186a8682086cfa291149d28b48ad7d44ff22d1991ca5105eb2a0a17644831
                                                            • Opcode Fuzzy Hash: e3a4b6110c697d36bd24bbe5557a8b97f08152c800b349514c7e98e6efbc01b0
                                                            • Instruction Fuzzy Hash: EA217C62B89A8185EA15DB12E9442ADA3B0FB49FD4F0D8132CF4E17B49EF3CD542C300
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D76A20 Relevance: 6.1, APIs: 4, Instructions: 63COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 16%
                                                            			E00007FF87FF887D76A20(void* __ecx, void* __edx, void* __rax, long long __rbx, void* __rcx, long long __rdi, long long __rsi, long long _a8, long long _a16, long long _a24) {
				void* _t40;
				intOrPtr* _t46;
				intOrPtr _t59;
				void* _t62;

				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_t62 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x10)) == 0) goto 0x87d76b03;
				E00007FF87FF887D76690( *((intOrPtr*)(__rcx + 0x10)), __rax, __rbx, __rcx, __rcx);
				if ( *((intOrPtr*)(_t62 + 0x10)) != 0) goto 0x87d76a54;
				goto 0x87d76ad4;
				 *((intOrPtr*)(_t62 + 0x10)) = 0;
				r8d = 0;
				ReleaseSemaphore(??, ??, ??);
				_t46 =  *((intOrPtr*)(_t62 + 0x18));
				_t59 =  *((intOrPtr*)(_t62 + 0x20));
				if (_t46 == _t59) goto 0x87d76a9f;
				asm("o16 nop [eax+eax]");
				 *((char*)( *_t46 + 0x14)) = 1;
				r8d = 0;
				ReleaseSemaphore(??, ??, ??);
				if (_t46 + 8 != _t59) goto 0x87d76a80;
				E00007FF87FF887D74250(_t46 + 8,  *((intOrPtr*)(_t62 + 0x18)),  *((intOrPtr*)(_t62 + 0x20)), _t62);
				 *((long long*)(_t62 + 0x20)) =  *((intOrPtr*)(_t62 + 0x18));
				_t40 =  *((intOrPtr*)(_t62 + 0x30)) - 1 - 0xfffffffd;
				if (_t40 > 0) goto 0x87d76acc;
				CloseHandle(??);
				 *((long long*)(_t62 + 0x30)) = 0;
				asm("lock xadd [esi], eax");
				asm("bt eax, 0x1e");
				if (_t40 < 0) goto 0x87d76b03;
				if (0x80000000 - 0x80000000 <= 0) goto 0x87d76b03;
				asm("lock bts dword [esi], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x87d76b03;
				E00007FF87FF887D5D940(_t62);
				return SetEvent(??);
			}







                                                            0x7ff887d76a20
                                                            0x7ff887d76a25
                                                            0x7ff887d76a2a
                                                            0x7ff887d76a35
                                                            0x7ff887d76a3d
                                                            0x7ff887d76a43
                                                            0x7ff887d76a4d
                                                            0x7ff887d76a4f
                                                            0x7ff887d76a54
                                                            0x7ff887d76a5b
                                                            0x7ff887d76a62
                                                            0x7ff887d76a68
                                                            0x7ff887d76a6c
                                                            0x7ff887d76a73
                                                            0x7ff887d76a75
                                                            0x7ff887d76a86
                                                            0x7ff887d76a8a
                                                            0x7ff887d76a90
                                                            0x7ff887d76a9d
                                                            0x7ff887d76aab
                                                            0x7ff887d76ab4
                                                            0x7ff887d76ac0
                                                            0x7ff887d76ac4
                                                            0x7ff887d76ac6
                                                            0x7ff887d76acc
                                                            0x7ff887d76ad9
                                                            0x7ff887d76add
                                                            0x7ff887d76ae1
                                                            0x7ff887d76ae8
                                                            0x7ff887d76aea
                                                            0x7ff887d76aef
                                                            0x7ff887d76af4
                                                            0x7ff887d76b18

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ReleaseSemaphore$CloseEventHandleObjectSingleWait
                                                            • String ID:
                                                            • API String ID: 568734227-0
                                                            • Opcode ID: 9236d54c9f8004cdcccdb61e91e6bfd2483121a615e91c4b9fed31d8ba419f9e
                                                            • Instruction ID: 1e4bd23c6dff4dbeceef4739b4ea5ffb3f7ebc260d40b7bd29b44c41534dd368
                                                            • Opcode Fuzzy Hash: 9236d54c9f8004cdcccdb61e91e6bfd2483121a615e91c4b9fed31d8ba419f9e
                                                            • Instruction Fuzzy Hash: FE21F922A58A4283EB608B26E54436EB770FB86BD4F545231DBAF43B99DF3CE445C740
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D41B70 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memmovememset
                                                            • String ID: 0123456789ABCDEF$0123456789abcdef
                                                            • API String ID: 1288253900-885041942
                                                            • Opcode ID: d1f8b2386f982583ca2cbe3ee8850b841df68c6482567c3763a4593845f5c0e8
                                                            • Instruction ID: 52229ce9cca46fd08935d7ba5142e96200c1e2f1badb4081f3e577a779657d10
                                                            • Opcode Fuzzy Hash: d1f8b2386f982583ca2cbe3ee8850b841df68c6482567c3763a4593845f5c0e8
                                                            • Instruction Fuzzy Hash: E8218BA2B45B8582DA54CF06E9402ADBB71FB49FC4B189532DF8E0BB69DE3DD051C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D41AA0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: memmovememset
                                                            • String ID: 0123456789ABCDEF$0123456789abcdef
                                                            • API String ID: 1288253900-885041942
                                                            • Opcode ID: efa3a399d0e319a50b9215a354c6358fb0baaa4ba1daa1c79ded5d4ed3dca0e1
                                                            • Instruction ID: fbfa1846db18300744a7a45cdeac1c99a110b7e877a90effb9db3de8e9b2760f
                                                            • Opcode Fuzzy Hash: efa3a399d0e319a50b9215a354c6358fb0baaa4ba1daa1c79ded5d4ed3dca0e1
                                                            • Instruction Fuzzy Hash: 8C21AEA2B49B8581DB50CF06E9401ADBB71FB49BC4B189532DF8E4BB69DE3DD052C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D79E50 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ExceptionLockSharedThrow$AcquireRelease
                                                            • String ID:
                                                            • API String ID: 1623387717-0
                                                            • Opcode ID: 821d38cad4e8f632898ec663a9c87fc73b7f9fa64378656b3521347ee09f09fd
                                                            • Instruction ID: c48e947ce0d71523e53505282f47ce7fd8d94ecca7ae6811ff556a65b1e820e0
                                                            • Opcode Fuzzy Hash: 821d38cad4e8f632898ec663a9c87fc73b7f9fa64378656b3521347ee09f09fd
                                                            • Instruction Fuzzy Hash: B9016D67B05B4486EB08DB32E95577D2372FB89BD5F189535DE0A0BB59CF38D056C200
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D78850 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ExceptionLockSharedThrow$AcquireRelease
                                                            • String ID:
                                                            • API String ID: 1623387717-0
                                                            • Opcode ID: c832f7f00a28b77cced1eefa34c85cae082805bf7e02fe3fa8d7180f7810be2b
                                                            • Instruction ID: 0b32321a3cc119dc8fe94debacc25982a810a2c70fec4c1f4cd75a7fbb0227b3
                                                            • Opcode Fuzzy Hash: c832f7f00a28b77cced1eefa34c85cae082805bf7e02fe3fa8d7180f7810be2b
                                                            • Instruction Fuzzy Hash: 54F0816BA04B0486DB08EF31E90037D1372FB85BD9F188935DE4E0BA59CF38D056C200
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D789D0 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ExceptionLockSharedThrow$AcquireRelease
                                                            • String ID:
                                                            • API String ID: 1623387717-0
                                                            • Opcode ID: 57b2854b0f65e5e374a08cde8f6c634fec4e12c1195dc384bbd9ce2569a39ea6
                                                            • Instruction ID: 115f30e936213de9118b7b08ec3f50fd08fd3e8bab7055682ce1f09fccc93be2
                                                            • Opcode Fuzzy Hash: 57b2854b0f65e5e374a08cde8f6c634fec4e12c1195dc384bbd9ce2569a39ea6
                                                            • Instruction Fuzzy Hash: A7F06D67A04B0486DB18EB32E94037D1271FB89BD9F189535DE4E0AA49CF38D0568200
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D78920 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ExceptionLockSharedThrow$AcquireRelease
                                                            • String ID:
                                                            • API String ID: 1623387717-0
                                                            • Opcode ID: b30508edd93f378d34823121abbe860d8cef95497a92132c4ce0266ae7febd1f
                                                            • Instruction ID: 941ab5db1d1bd256499698e3a5f45cfd7494887308d1297a37af627b11ab4341
                                                            • Opcode Fuzzy Hash: b30508edd93f378d34823121abbe860d8cef95497a92132c4ce0266ae7febd1f
                                                            • Instruction Fuzzy Hash: 08F06D6BA04B4586DB18EB31E90037D1371FB85BD9F188935DE4A0AA59CF38D1168200
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D6D940 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • AcquireSRWLockExclusive.KERNEL32(?,?,?,00007FF887D6A323,?,?,00000038,?,00000000,00007FF887D6A52E,?,?,00000008,00007FF887D58792), ref: 00007FF887D6D950
                                                            • SleepConditionVariableSRW.KERNEL32(?,?,?,00007FF887D6A323,?,?,00000038,?,00000000,00007FF887D6A52E,?,?,00000008,00007FF887D58792), ref: 00007FF887D6D987
                                                            • ReleaseSRWLockExclusive.KERNEL32(?,?,?,00007FF887D6A323,?,?,00000038,?,00000000,00007FF887D6A52E,?,?,00000008,00007FF887D58792), ref: 00007FF887D6D9A2
                                                            • ReleaseSRWLockExclusive.KERNEL32(?,?,?,00007FF887D6A323,?,?,00000038,?,00000000,00007FF887D6A52E,?,?,00000008,00007FF887D58792), ref: 00007FF887D6D9BA
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ExclusiveLock$Release$AcquireConditionSleepVariable
                                                            • String ID:
                                                            • API String ID: 3114648011-0
                                                            • Opcode ID: 1028a7427bf02d8bddc8bc0c960c5e31dbe1d0c13ec5fc794dc8297f47e69b9b
                                                            • Instruction ID: 945c3be3ad51ee59b7d8d9fb441b61f9db17c5cda7ee149cd3be66dd5ec0ed8f
                                                            • Opcode Fuzzy Hash: 1028a7427bf02d8bddc8bc0c960c5e31dbe1d0c13ec5fc794dc8297f47e69b9b
                                                            • Instruction Fuzzy Hash: AC019261ECC54680EB114B21E8542BC27B17B16BC9F881372D9AE461ADDF1CA986C760
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D53370 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 157COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 93%
                                                            			E00007FF87FF887D53370(long long __rbx, long long __rcx, intOrPtr* __rdx, long long __rdi, intOrPtr* __r8) {
				void* _t39;
				signed long long _t51;
				long long _t53;
				intOrPtr _t78;
				void* _t83;
				void* _t85;
				void* _t87;
				intOrPtr _t92;

				 *((long long*)(_t87 + 0x10)) = __rbx;
				 *((long long*)(_t87 + 0x18)) = __rdi;
				_t85 = _t87 - 0x57;
				_t51 =  *0x87d8ec78; // 0x522936145607
				 *(_t85 + 0x4f) = _t51 ^ _t87 - 0x000000b0;
				 *((long long*)(_t85 - 9)) = __rcx;
				 *((intOrPtr*)(_t85 - 0x29)) = 0;
				 *((long long*)(__rcx)) = __rdi;
				 *((long long*)(__rcx + 0x10)) = __rdi;
				 *((long long*)(__rcx + 0x18)) = 0xf;
				 *((intOrPtr*)(__rcx)) = dil;
				 *((intOrPtr*)(_t85 - 0x29)) = 1;
				_t53 =  *((intOrPtr*)(__rdx + 0x10));
				if (_t53 == 0) goto 0x87d534b5;
				_t92 =  *((intOrPtr*)(__rdx + 0x18));
				if (_t92 - 0x10 < 0) goto 0x87d533d7;
				if ( *((char*)(_t53 +  *((intOrPtr*)(__rdx)) - 1)) != 0x5c) goto 0x87d534b5;
				if (_t92 - 0x10 < 0) goto 0x87d533eb;
				 *((long long*)(_t85 + 0x1f)) =  *((intOrPtr*)(__rdx));
				 *((long long*)(_t85 + 0x27)) = _t53;
				if ( *((long long*)(__r8 + 0x18)) - 0x10 < 0) goto 0x87d53400;
				 *((long long*)(_t85 + 0x2f)) =  *((intOrPtr*)(__r8));
				 *((long long*)(_t85 + 0x37)) =  *((intOrPtr*)(__r8 + 0x10));
				 *((long long*)(_t85 - 0x39)) = 0x1ce;
				 *((long long*)(_t85 - 0x31)) = _t85 + 0x1f;
				asm("movaps xmm0, [ebp-0x39]");
				asm("movdqa [ebp-0x19], xmm0");
				 *((long long*)(_t85 - 0x39)) = 0x87d7ced8;
				 *((long long*)(_t85 - 0x31)) = 4;
				E00007FF87FF887D449B0(__rcx, _t85 - 1, __rdi, _t83);
				if (__rcx != _t85 - 1) goto 0x87d5352a;
				_t78 =  *((intOrPtr*)(_t85 + 0x17));
				if (_t78 - 0x10 < 0) goto 0x87d53491;
				if (_t78 + 1 - 0x1000 < 0) goto 0x87d5348c;
				if ( *((intOrPtr*)(_t85 - 1)) -  *((intOrPtr*)( *((intOrPtr*)(_t85 - 1)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x87d535bd;
				return E00007FF87FF887D65E20(E00007FF87FF887D656E4(), _t39,  *(_t85 + 0x4f) ^ _t87 - 0x000000b0);
			}











                                                            0x7ff887d53370
                                                            0x7ff887d53375
                                                            0x7ff887d5337b
                                                            0x7ff887d53387
                                                            0x7ff887d53391
                                                            0x7ff887d53398
                                                            0x7ff887d5339e
                                                            0x7ff887d533a1
                                                            0x7ff887d533a4
                                                            0x7ff887d533a8
                                                            0x7ff887d533b0
                                                            0x7ff887d533b3
                                                            0x7ff887d533ba
                                                            0x7ff887d533c1
                                                            0x7ff887d533ca
                                                            0x7ff887d533d2
                                                            0x7ff887d533dc
                                                            0x7ff887d533e6
                                                            0x7ff887d533eb
                                                            0x7ff887d533ef
                                                            0x7ff887d533fb
                                                            0x7ff887d53404
                                                            0x7ff887d53408
                                                            0x7ff887d5340c
                                                            0x7ff887d53418
                                                            0x7ff887d5341c
                                                            0x7ff887d53420
                                                            0x7ff887d5342c
                                                            0x7ff887d53430
                                                            0x7ff887d53444
                                                            0x7ff887d53450
                                                            0x7ff887d53456
                                                            0x7ff887d5345e
                                                            0x7ff887d53471
                                                            0x7ff887d53486
                                                            0x7ff887d534b4

                                                            APIs
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D535BD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                            • String ID: {}{}${}{}{}
                                                            • API String ID: 3668304517-2846689003
                                                            • Opcode ID: a8ec9274806e4d8d1bf64b8385318850fcba8323b38f298eba6ba1b7eba499de
                                                            • Instruction ID: b1bb564794b451a12f4294a45aeae68c33f7e5dfc40cdec3bd3a7e04569e78ee
                                                            • Opcode Fuzzy Hash: a8ec9274806e4d8d1bf64b8385318850fcba8323b38f298eba6ba1b7eba499de
                                                            • Instruction Fuzzy Hash: AD613773B49B859AFB04CF64D4843AC33B6FB18BC8F404225EA5E16A99DF78D195C380
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D4FE60 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 23%
                                                            			E00007FF87FF887D4FE60(void* __ebp, long long __rbx, void* __rcx, long long __rsi, void* __rbp, long long _a16, long long _a24) {
				void* _v8;
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				long long _v64;
				long long _v72;
				char _v74;
				short _v76;
				intOrPtr _v80;
				char _v88;
				signed long long _v96;
				signed long long _v104;
				intOrPtr _t36;
				void* _t46;
				signed long long _t62;
				signed long long _t63;
				signed long long _t75;
				void* _t78;
				intOrPtr _t92;
				intOrPtr _t96;
				void* _t104;
				void* _t107;
				void* _t110;

				_t78 = __rcx;
				_a16 = __rbx;
				_a24 = __rsi;
				_t62 =  *0x87d8ec78; // 0x522936145607
				_t63 = _t62 ^ _t104 - 0x00000080;
				_v24 = _t63;
				_t4 = _t78 + 0x60; // 0x60
				E00007FF87FF887D656A8(E00007FF87FF887D53D90(_t46, __rbx,  &_v56, __rsi, __rbp, _t107, _t110), _t63,  &_v56);
				_t75 = _t63;
				_v104 = _t63;
				if (_t63 == 0) goto 0x87d4ff5a;
				asm("xorps xmm0, xmm0");
				asm("movups [eax], xmm0");
				 *((intOrPtr*)(_t63 + 8)) = 1;
				 *((intOrPtr*)(_t63 + 0xc)) = 1;
				 *_t75 = 0x87d7c988;
				_t9 = _t75 + 0x10; // 0x10
				_v64 = 0xf;
				_v72 = 0xe;
				asm("movsd xmm0, [0x2ca17]");
				asm("movsd [esp+0x30], xmm0");
				_t36 = M00007FF87FF887D7C908; // 0x6f507861
				_v80 = _t36;
				_v76 =  *0x87d7c90c & 0x0000ffff;
				_v74 = 0;
				E00007FF87FF887D4D640(0x87d7c988, _t75, _t9,  &_v88, _t63);
				_t92 = _v64;
				if (_t92 - 0x10 < 0) goto 0x87d4ff5c;
				if (_t92 + 1 - 0x1000 < 0) goto 0x87d4ff53;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4ff53;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FF87FF887D656E4();
				goto 0x87d4ff5c;
				_t19 = _t75 + 0x10; // 0x10
				_v104 = _t19;
				_v96 = _t75;
				E00007FF87FF887D4C830(_t75, _t4,  &_v104, _t63);
				if (_v96 == 0) goto 0x87d4ffb6;
				asm("lock xadd [ecx+0x8], eax");
				if (0xffffffff != 1) goto 0x87d4ffb6;
				 *((intOrPtr*)( *_v96))();
				asm("lock xadd [ebx+0xc], edi");
				if (0xffffffff != 1) goto 0x87d4ffb6;
				 *((intOrPtr*)( *_v96 + 8))();
				_t96 = _v32;
				if (_t96 - 0x10 < 0) goto 0x87d4fff6;
				if (_t96 + 1 - 0x1000 < 0) goto 0x87d4fff1;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x87d4fff1;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FF87FF887D65E20(E00007FF87FF887D656E4(), 0x118, _v24 ^ _t104 - 0x00000080);
			}


























                                                            0x7ff887d4fe60
                                                            0x7ff887d4fe60
                                                            0x7ff887d4fe65
                                                            0x7ff887d4fe72
                                                            0x7ff887d4fe79
                                                            0x7ff887d4fe7c
                                                            0x7ff887d4fe81
                                                            0x7ff887d4fe97
                                                            0x7ff887d4fe9c
                                                            0x7ff887d4fe9f
                                                            0x7ff887d4fea7
                                                            0x7ff887d4fead
                                                            0x7ff887d4feb0
                                                            0x7ff887d4feb3
                                                            0x7ff887d4feba
                                                            0x7ff887d4fec8
                                                            0x7ff887d4fecb
                                                            0x7ff887d4fecf
                                                            0x7ff887d4fed8
                                                            0x7ff887d4fee1
                                                            0x7ff887d4fee9
                                                            0x7ff887d4feef
                                                            0x7ff887d4fef5
                                                            0x7ff887d4ff00
                                                            0x7ff887d4ff05
                                                            0x7ff887d4ff12
                                                            0x7ff887d4ff18
                                                            0x7ff887d4ff21
                                                            0x7ff887d4ff35
                                                            0x7ff887d4ff4a
                                                            0x7ff887d4ff4c
                                                            0x7ff887d4ff52
                                                            0x7ff887d4ff53
                                                            0x7ff887d4ff58
                                                            0x7ff887d4ff5c
                                                            0x7ff887d4ff60
                                                            0x7ff887d4ff65
                                                            0x7ff887d4ff72
                                                            0x7ff887d4ff80
                                                            0x7ff887d4ff89
                                                            0x7ff887d4ff91
                                                            0x7ff887d4ff9e
                                                            0x7ff887d4ffa0
                                                            0x7ff887d4ffa8
                                                            0x7ff887d4ffb2
                                                            0x7ff887d4ffb6
                                                            0x7ff887d4ffbf
                                                            0x7ff887d4ffd3
                                                            0x7ff887d4ffe8
                                                            0x7ff887d4ffea
                                                            0x7ff887d4fff0
                                                            0x7ff887d50017

                                                            APIs
                                                              • Part of subcall function 00007FF887D53D90: GetTempPathW.KERNEL32 ref: 00007FF887D53DDA
                                                              • Part of subcall function 00007FF887D53D90: GetLastError.KERNEL32 ref: 00007FF887D53DE4
                                                              • Part of subcall function 00007FF887D53D90: WideCharToMultiByte.KERNEL32 ref: 00007FF887D53E63
                                                              • Part of subcall function 00007FF887D53D90: WideCharToMultiByte.KERNEL32 ref: 00007FF887D53E9C
                                                              • Part of subcall function 00007FF887D656A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF887D48F4E), ref: 00007FF887D656C2
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF887D4FF4C
                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF887D4E1CA), ref: 00007FF887D4FFEA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide_invalid_parameter_noinfo_noreturn$ErrorLastPathTempmalloc
                                                            • String ID: axPort
                                                            • API String ID: 2109269352-2033187772
                                                            • Opcode ID: bf06585e9985f8420429b79c92c471ece2b5f6193859de1342c2103e63c4520f
                                                            • Instruction ID: 7bea87f5c7abfc2c3aef323edaabddc1f1ceed16f243650d8a93d426d0db51d6
                                                            • Opcode Fuzzy Hash: bf06585e9985f8420429b79c92c471ece2b5f6193859de1342c2103e63c4520f
                                                            • Instruction Fuzzy Hash: 8041B232A99B4586EA50CB25E04036D73B0FB85BE4F545332EA9E477A9DF3CD085CB40
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D6FF10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 16%
                                                            			E00007FF87FF887D6FF10(void* __edx, long long __rbx, signed char* __rcx, unsigned int __rdx, long long __rsi, long long __rbp, intOrPtr* __r8, void* __r9, long long _a8, long long _a16, long long _a32) {
				void* _v24;
				signed int _v40;
				char _v1572;
				void* _v1574;
				char _v1576;
				unsigned long long _t45;
				signed long long _t49;
				char* _t53;
				unsigned long long _t54;
				unsigned long long _t55;
				unsigned long long _t71;
				void* _t74;
				void* _t82;
				intOrPtr* _t89;

				_a8 = __rbx;
				_a16 = __rbp;
				_a32 = __rsi;
				_t83 = _t82 - 0x630;
				_t49 =  *0x87d8ec78; // 0x522936145607
				_v40 = _t49 ^ _t82 - 0x00000630;
				r15d = 0x20;
				_t74 = (_t71 >> 2 << 4) + "0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures";
				_t45 = __rdx >> 8;
				if (_t45 == 0) goto 0x87d6ffe7;
				_t53 =  &_v1572;
				r9d = 0x100;
				r8d =  *__rcx & 0x000000ff;
				 *((intOrPtr*)(_t53 - 4)) = r15w;
				_t54 = _t53 + 6;
				r8d = r8d & 0x0000000f;
				 *((short*)(_t54 - 8)) =  *((char*)(( *( *__r8 + 4) >> 4) + _t74));
				 *((short*)(_t54 - 6)) =  *((char*)(__r8 + _t74));
				if (_t45 != 0) goto 0x87d6ff90;
				__imp__?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@PEB_W_J@Z();
				if (_t45 != 0) goto 0x87d6ff80;
				if (__rbp == 0) goto 0x87d70038;
				_t89 =  &_v1576;
				 *_t89 = r15w;
				_t55 = _t54 >> 4;
				 *((short*)(_t89 + 2)) =  *((char*)(_t55 + _t74));
				 *((short*)(_t89 + 4)) =  *((char*)(__r8 + _t74));
				if (_t55 - __rbp < 0) goto 0x87d6fff3;
				__imp__?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@PEB_W_J@Z();
				return E00007FF87FF887D65E20(1, __rcx[1] & 0xf, _v40 ^ _t83);
			}

















                                                            0x7ff887d6ff10
                                                            0x7ff887d6ff15
                                                            0x7ff887d6ff1a
                                                            0x7ff887d6ff24
                                                            0x7ff887d6ff2b
                                                            0x7ff887d6ff35
                                                            0x7ff887d6ff55
                                                            0x7ff887d6ff76
                                                            0x7ff887d6ff79
                                                            0x7ff887d6ff7c
                                                            0x7ff887d6ff80
                                                            0x7ff887d6ff85
                                                            0x7ff887d6ff90
                                                            0x7ff887d6ff97
                                                            0x7ff887d6ff9c
                                                            0x7ff887d6ffa3
                                                            0x7ff887d6ffaf
                                                            0x7ff887d6ffb8
                                                            0x7ff887d6ffc0
                                                            0x7ff887d6ffd6
                                                            0x7ff887d6ffe5
                                                            0x7ff887d6ffea
                                                            0x7ff887d6ffec
                                                            0x7ff887d6fffc
                                                            0x7ff887d70000
                                                            0x7ff887d7000d
                                                            0x7ff887d70016
                                                            0x7ff887d70024
                                                            0x7ff887d70032
                                                            0x7ff887d70064

                                                            APIs
                                                            • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FF887D6FFD6
                                                            • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FF887D70032
                                                            Strings
                                                            • 0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures, xrefs: 00007FF887D6FF5F
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ?write@?$basic_ostream@D@std@@@std@@U?$char_traits@V12@
                                                            • String ID: 0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures
                                                            • API String ID: 2277189856-1814974510
                                                            • Opcode ID: 54ac8064375b512db1d3d99280830a78875120656e202aefa7cde62f1fc9b4f0
                                                            • Instruction ID: 1ecfc74940f0bdbd7fbc147a2ff412dffa851b568f71e8d118bc9e3edb7a09db
                                                            • Opcode Fuzzy Hash: 54ac8064375b512db1d3d99280830a78875120656e202aefa7cde62f1fc9b4f0
                                                            • Instruction Fuzzy Hash: 1531E227B15ED585EB20CB21E4541ADB7B0FB88BC8F899132DA5E17718DA3CD60ACB40
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D43040 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00007FF87FF887D43040() {
				void* _t12;
				signed long long _t17;
				long long _t20;
				long long _t24;
				long long _t25;
				void* _t28;

				 *((long long*)(_t28 + 8)) = _t20;
				 *((long long*)(_t28 + 0x18)) = _t25;
				 *((long long*)(_t28 + 0x20)) = _t24;
				_t17 =  *0x87d8ec78; // 0x522936145607
				 *(_t28 - 0x57 + 0x4f) = _t17 ^ _t28 - 0x000000b0;
				if (_t12 - 0x78 > 0) goto 0x87d43414;
				goto __rdx;
			}









                                                            0x7ff887d43040
                                                            0x7ff887d43045
                                                            0x7ff887d4304a
                                                            0x7ff887d4305c
                                                            0x7ff887d43066
                                                            0x7ff887d43074
                                                            0x7ff887d43093

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ExceptionThrow__std_exception_copy
                                                            • String ID: invalid type specifier
                                                            • API String ID: 1552479455-1382033351
                                                            • Opcode ID: ac84cc74851025dc2c265588868b80c850f335e65e88b26b742cbd18fb821e79
                                                            • Instruction ID: 2695f120b35c91cccecf6e84058e6cb57e50c4791d983f80cf284b8fab141c2e
                                                            • Opcode Fuzzy Hash: ac84cc74851025dc2c265588868b80c850f335e65e88b26b742cbd18fb821e79
                                                            • Instruction Fuzzy Hash: 6431B773A48B818AE701CBB0E8A53AF77B4E7153D8F864132CA4D9275AEA2CD109C341
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D6FDC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FF887D6FE80
                                                            • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FF887D6FEDC
                                                            Strings
                                                            • 0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures, xrefs: 00007FF887D6FE03
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: ?write@?$basic_ostream@D@std@@@std@@U?$char_traits@V12@
                                                            • String ID: 0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures
                                                            • API String ID: 2277189856-1814974510
                                                            • Opcode ID: 2097ed7a7d76b15ccc1cb4a57c3946258bf556a4be57eb37c997f2d1ea435353
                                                            • Instruction ID: eb7eafa8ba6dbdc234216b79d357878bd7a97a8351af9f1ee528997789715cf8
                                                            • Opcode Fuzzy Hash: 2097ed7a7d76b15ccc1cb4a57c3946258bf556a4be57eb37c997f2d1ea435353
                                                            • Instruction Fuzzy Hash: 9631C937B19AD585D7218B25A4156ADBFB0F759BC8F498132EB8E03746CA3CD205C750
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D66A70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00007FF887D675D0: InitializeSRWLock.KERNEL32(?,?,?,?,00000000,00000038,00000000,00007FF887D677FE,?,?,?,00007FF887D6A349,?,?,00000038,?), ref: 00007FF887D6766E
                                                            • AcquireSRWLockShared.KERNEL32 ref: 00007FF887D66A94
                                                            • ReleaseSRWLockShared.KERNEL32 ref: 00007FF887D66AB9
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: Lock$Shared$AcquireInitializeRelease
                                                            • String ID: [uninitialized]
                                                            • API String ID: 2537410636-2099769388
                                                            • Opcode ID: 610cb5791e845dae0a92a784bd72355eea5b070940a4800fab06cea6fe18cec7
                                                            • Instruction ID: d1dfc41226181c7db8ae49ac792b9647bb825aef2464f1040ac9f0dbf55c0201
                                                            • Opcode Fuzzy Hash: 610cb5791e845dae0a92a784bd72355eea5b070940a4800fab06cea6fe18cec7
                                                            • Instruction Fuzzy Hash: EC017C72B58A4582EA048B16E54406D2372FB49FD4B189231EE5F0779CCF3CE4A1C380
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D5F080 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00007FF87FF887D5F080(void* __eax, long long __rbx, char* __r8, void* __r9, long long _a8) {

				_a8 = __rbx;
				if (__r9 == 0) goto 0x87d5f0e1;
				if (__r9 != 1) goto 0x87d5f0ad;
				 *__r8 = 0;
				return __eax;
			}



                                                            0x7ff887d5f080
                                                            0x7ff887d5f093
                                                            0x7ff887d5f099
                                                            0x7ff887d5f09b
                                                            0x7ff887d5f0ac

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: strerror
                                                            • String ID: Unknown error
                                                            • API String ID: 2194627204-83687255
                                                            • Opcode ID: d2ddf348b06a44554820e17cab6a6f6f1fbf18bb60fd05255ee314260feafa17
                                                            • Instruction ID: 49cd0f67cd00fe6e5058610039c3b24756d1f1794fc33965545af4ca511c837e
                                                            • Opcode Fuzzy Hash: d2ddf348b06a44554820e17cab6a6f6f1fbf18bb60fd05255ee314260feafa17
                                                            • Instruction Fuzzy Hash: 0FF06D22B5968182EE588B6AF544BBD6360BB98BD4F8C5231DF5E0B34DCE2DD494C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00007FF887D76E20 Relevance: 5.1, APIs: 4, Instructions: 140COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 56%
                                                            			E00007FF87FF887D76E20(void* __edx, long long __rax, long long __rbx, long long __rcx, long long __rdx, long long __rdi, long long __rsi, long long __rbp, long long __r8, long long __r9, void* __r11, long long _a8, long long _a16, long long _a24, long long _a32, char _a40) {
				void* _v8;
				long long _v24;
				long long _v32;
				long long _v40;
				intOrPtr _v64;
				long long _v72;
				long long _v80;
				char _v88;
				void* _t53;
				void* _t54;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t61;
				long long _t84;
				long long _t85;
				long long _t86;
				intOrPtr* _t87;
				long long _t93;
				intOrPtr* _t100;
				long long _t108;
				long long _t111;
				long long _t112;
				long long _t115;
				long long _t116;
				long long _t126;

				_t84 = __rax;
				_t63 = __edx;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_a32 = __rdi;
				_t111 = __r9;
				_t115 = __r8;
				_t126 = __rdx;
				_t108 = __rcx;
				E00007FF87FF887D76600(__rax, __rcx);
				if (_t84 == 0) goto 0x87d76eee;
				if (_a40 == 0) goto 0x87d76e75;
				if ( *((intOrPtr*)(_t84 + 8)) == 0) goto 0x87d76e75;
				if ( *((intOrPtr*)(_t84 + 0x10)) == 0) goto 0x87d76e75;
				 *_t84();
				if (__r8 != 0) goto 0x87d76ede;
				if (__r9 != 0) goto 0x87d76ede;
				_v88 = __rcx;
				_t58 =  *0x87d8ecd0; // 0x27
				if (_t58 == 0xffffffff) goto 0x87d76e9d;
				TlsGetValue(??);
				_t92 = _t84;
				if (_t84 != 0) goto 0x87d76ecb;
				E00007FF87FF887D76750(_t58, _t84, _t84,  *((intOrPtr*)(_t84 + 8)),  *((intOrPtr*)(_t84 + 0x10)), __r9);
				_t59 =  *0x87d8ecd0; // 0x27
				if (_t59 != 0xffffffff) goto 0x87d76ec2;
				_t9 = _t92 + 0x28; // 0x28
				E00007FF87FF887D763D0(__edx, _t84, _t9,  &_v88, _t108, __r9);
				goto 0x87d76ffb;
				TlsGetValue(??);
				_t93 = _t84;
				_t11 = _t93 + 0x28; // 0x28
				E00007FF87FF887D763D0(_t63, _t93, _t11,  &_v88, _t108, _t111);
				goto 0x87d76ffb;
				 *_t93 = _t126;
				 *((long long*)(_t93 + 8)) = _t115;
				 *((long long*)(_t93 + 0x10)) = _t111;
				goto 0x87d76ffb;
				if (_t115 != 0) goto 0x87d76efc;
				if (_t111 == 0) goto 0x87d76ffb;
				_t60 =  *0x87d8ecd0; // 0x27
				if (_t60 == 0xffffffff) goto 0x87d76f14;
				TlsGetValue(??);
				if (_t84 != 0) goto 0x87d76f2f;
				E00007FF87FF887D76750(_t60, _t84, _t84, _t11,  &_v88, _t111);
				_t61 =  *0x87d8ecd0; // 0x27
				if (_t61 != 0xffffffff) goto 0x87d76f29;
				_t85 = _t93;
				goto 0x87d76f2f;
				_t53 = TlsGetValue(??);
				_v40 = _t126;
				_v32 = _t115;
				_v24 = _t111;
				_t18 = _t85 + 0x28; // 0x28
				_t112 = _t18;
				_t116 =  *_t112;
				_t86 = _a8;
				_v72 = _t86;
				_v64 = 0;
				if ( *((intOrPtr*)(_t86 + 0x19)) != 0) goto 0x87d76f88;
				asm("o16 nop [eax+eax]");
				_v72 = _t86;
				if ( *((intOrPtr*)(_t86 + 0x20)) - _t108 >= 0) goto 0x87d76f75;
				_v64 = 0;
				_t87 =  *((intOrPtr*)(_t86 + 0x10));
				goto 0x87d76f83;
				_v64 = 1;
				_t100 = _t87;
				if ( *((intOrPtr*)( *_t87 + 0x19)) == 0) goto 0x87d76f60;
				if ( *((intOrPtr*)(_t100 + 0x19)) != 0) goto 0x87d76f93;
				if (_t108 -  *((intOrPtr*)(_t100 + 0x20)) >= 0) goto 0x87d76ffb;
				if ( *((intOrPtr*)(_t112 + 8)) == 0xffffffff) goto 0x87d77016;
				_v88 = _t112;
				_v80 = _t93;
				_t54 = E00007FF87FF887D656A8(_t53, 0xffffffff, _t100);
				 *0x40000000000001F = _t108;
				asm("movups xmm0, [esp+0x50]");
				asm("movups [eax+0x28], xmm0");
				asm("movsd xmm1, [esp+0x60]");
				asm("movsd [eax+0x38], xmm1");
				 *0xffffffff = _t116;
				 *0x400000000000007 = _t116;
				 *0x40000000000000F = _t116;
				 *0x400000000000017 = 0;
				asm("movups xmm0, [esp+0x30]");
				asm("movaps [esp+0x20], xmm0");
				return E00007FF87FF887D6C920(_t54, _t93, _t112,  &_v88, _t108, 0xffffffff);
			}





























                                                            0x7ff887d76e20
                                                            0x7ff887d76e20
                                                            0x7ff887d76e20
                                                            0x7ff887d76e25
                                                            0x7ff887d76e2a
                                                            0x7ff887d76e2f
                                                            0x7ff887d76e3a
                                                            0x7ff887d76e3d
                                                            0x7ff887d76e40
                                                            0x7ff887d76e43
                                                            0x7ff887d76e46
                                                            0x7ff887d76e51
                                                            0x7ff887d76e5f
                                                            0x7ff887d76e68
                                                            0x7ff887d76e71
                                                            0x7ff887d76e73
                                                            0x7ff887d76e78
                                                            0x7ff887d76e7d
                                                            0x7ff887d76e7f
                                                            0x7ff887d76e84
                                                            0x7ff887d76e8d
                                                            0x7ff887d76e8f
                                                            0x7ff887d76e95
                                                            0x7ff887d76e9b
                                                            0x7ff887d76e9d
                                                            0x7ff887d76ea2
                                                            0x7ff887d76eab
                                                            0x7ff887d76eaf
                                                            0x7ff887d76eb8
                                                            0x7ff887d76ebd
                                                            0x7ff887d76ec2
                                                            0x7ff887d76ec8
                                                            0x7ff887d76ecb
                                                            0x7ff887d76ed4
                                                            0x7ff887d76ed9
                                                            0x7ff887d76ede
                                                            0x7ff887d76ee1
                                                            0x7ff887d76ee5
                                                            0x7ff887d76ee9
                                                            0x7ff887d76ef1
                                                            0x7ff887d76ef6
                                                            0x7ff887d76efe
                                                            0x7ff887d76f07
                                                            0x7ff887d76f09
                                                            0x7ff887d76f12
                                                            0x7ff887d76f14
                                                            0x7ff887d76f19
                                                            0x7ff887d76f22
                                                            0x7ff887d76f24
                                                            0x7ff887d76f27
                                                            0x7ff887d76f29
                                                            0x7ff887d76f2f
                                                            0x7ff887d76f34
                                                            0x7ff887d76f39
                                                            0x7ff887d76f3e
                                                            0x7ff887d76f3e
                                                            0x7ff887d76f42
                                                            0x7ff887d76f45
                                                            0x7ff887d76f49
                                                            0x7ff887d76f4e
                                                            0x7ff887d76f58
                                                            0x7ff887d76f5a
                                                            0x7ff887d76f60
                                                            0x7ff887d76f69
                                                            0x7ff887d76f6b
                                                            0x7ff887d76f6f
                                                            0x7ff887d76f73
                                                            0x7ff887d76f75
                                                            0x7ff887d76f7d
                                                            0x7ff887d76f86
                                                            0x7ff887d76f8b
                                                            0x7ff887d76f91
                                                            0x7ff887d76fa1
                                                            0x7ff887d76fa3
                                                            0x7ff887d76fa8
                                                            0x7ff887d76fb2
                                                            0x7ff887d76fb8
                                                            0x7ff887d76fbc
                                                            0x7ff887d76fc1
                                                            0x7ff887d76fc5
                                                            0x7ff887d76fcb
                                                            0x7ff887d76fd0
                                                            0x7ff887d76fd3
                                                            0x7ff887d76fd7
                                                            0x7ff887d76fdb
                                                            0x7ff887d76fe1
                                                            0x7ff887d76fe6
                                                            0x7ff887d77015

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000019.00000002.587787324.00007FF887D41000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF887D40000, based on PE: true
                                                            • Associated: 00000019.00000002.587772872.00007FF887D40000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588067249.00007FF887D7B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588176895.00007FF887D8E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588190190.00007FF887D8F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588213872.00007FF887D91000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                            • Associated: 00000019.00000002.588232433.00007FF887D93000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_25_2_7ff887d40000_spoolsv.jbxd
                                                            Similarity
                                                            • API ID: Value
                                                            • String ID:
                                                            • API String ID: 3702945584-0
                                                            • Opcode ID: 23c6c72d3b7c953c01d7c641e7e55d728cb9cc0f8d7b148c74313b97ad58e8b8
                                                            • Instruction ID: 36849c6b48dd3f3b22f9b6ba2f6862509abbd6c0a0a6782285e0101a46a06cb9
                                                            • Opcode Fuzzy Hash: 23c6c72d3b7c953c01d7c641e7e55d728cb9cc0f8d7b148c74313b97ad58e8b8
                                                            • Instruction Fuzzy Hash: 6E517E32A89B8186E6658F25E44016DB7B1FF85BD4F144335EA9E07BA8EF3CE441C700
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Execution Graph

                                                            Execution Coverage:13.1%
                                                            Dynamic/Decrypted Code Coverage:100%
                                                            Signature Coverage:0%
                                                            Total number of Nodes:3
                                                            Total number of Limit Nodes:0
                                                            execution_graph 1261 7ff819d12149 1262 7ff819d12157 SearchPathW 1261->1262 1264 7ff819d123ec 1262->1264

                                                            Callgraph

                                                            • Executed
                                                            • Not Executed
                                                            • Opacity -> Relevance
                                                            • Disassembly available
                                                            callgraph 0 Function_00007FF819D101D8 12 Function_00007FF819D101B8 0->12 1 Function_00007FF819D10158 2 Function_00007FF819D112D9 2->12 3 Function_00007FF819D101E0 3->12 4 Function_00007FF819D10160 4->1 8 Function_00007FF819D10168 4->8 5 Function_00007FF819D11062 5->12 6 Function_00007FF819D101E5 7 Function_00007FF819D106E7 8->1 9 Function_00007FF819D10769 10 Function_00007FF819D101F0 11 Function_00007FF819D104F1 12->12 13 Function_00007FF819D100B8 14 Function_00007FF819D115B8 14->12 15 Function_00007FF819D107BA 15->4 17 Function_00007FF819D100C0 15->17 20 Function_00007FF819D100C8 15->20 29 Function_00007FF819D101A0 15->29 30 Function_00007FF819D10120 15->30 34 Function_00007FF819D10128 15->34 47 Function_00007FF819D10108 15->47 16 Function_00007FF819D118BC 16->10 32 Function_00007FF819D11620 16->32 36 Function_00007FF819D116B0 16->36 37 Function_00007FF819D100B0 16->37 48 Function_00007FF819D10208 16->48 17->1 17->8 18 Function_00007FF819D11443 18->12 19 Function_00007FF819D11748 19->1 20->1 20->8 21 Function_00007FF819D12149 41 Function_00007FF819D1247A 21->41 22 Function_00007FF819D124CA 22->29 23 Function_00007FF819D106CD 24 Function_00007FF819D1074F 25 Function_00007FF819D10BD1 25->0 25->3 25->12 26 Function_00007FF819D1071B 27 Function_00007FF819D1069C 28 Function_00007FF819D1079D 29->12 30->1 30->8 31 Function_00007FF819D100A0 32->4 33 Function_00007FF819D100A8 34->12 35 Function_00007FF819D101A8 35->12 36->1 36->8 38 Function_00007FF819D106B3 39 Function_00007FF819D10735 40 Function_00007FF819D10B79 42 Function_00007FF819D10701 43 Function_00007FF819D10783 44 Function_00007FF819D11605 44->4 45 Function_00007FF819D11785 46 Function_00007FF819D10B88 46->17 46->35 49 Function_00007FF819D10609 50 Function_00007FF819D1210A 50->35 51 Function_00007FF819D1258D 52 Function_00007FF819D1048D 52->13 52->17 52->31 52->33 53 Function_00007FF819D11815

                                                            Executed Functions

                                                            Function 00007FF819D12149 Relevance: 1.8, APIs: 1, Instructions: 333COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 0000001C.00000002.448111136.00007FF819D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF819D10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_28_2_7ff819d10000_RegAsm.jbxd
                                                            Similarity
                                                            • API ID: PathSearch
                                                            • String ID:
                                                            • API String ID: 2203818243-0
                                                            • Opcode ID: 60f7cd177515c440e6243a052a6f0999551c9f3e109551b3fa54639ff9062774
                                                            • Instruction ID: c350e15d3eb5db4a7dc2996bbf3537b8185f2f7c13d93f5e2cf908830b1c84eb
                                                            • Opcode Fuzzy Hash: 60f7cd177515c440e6243a052a6f0999551c9f3e109551b3fa54639ff9062774
                                                            • Instruction Fuzzy Hash: F5B1DD71528A8D8FDBA8DF2888457E977D1EF59320F10423EE84EC7292DF34A945CB81
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Execution Graph

                                                            Execution Coverage:16.4%
                                                            Dynamic/Decrypted Code Coverage:100%
                                                            Signature Coverage:0%
                                                            Total number of Nodes:4
                                                            Total number of Limit Nodes:0
                                                            execution_graph 1210 7ff819d32149 1212 7ff819d32157 1210->1212 1211 7ff819d32385 SearchPathW 1213 7ff819d323ec 1211->1213 1212->1211 1212->1212

                                                            Callgraph

                                                            • Executed
                                                            • Not Executed
                                                            • Opacity -> Relevance
                                                            • Disassembly available
                                                            callgraph 0 Function_00007FF819D301D8 1 Function_00007FF819D30758 2 Function_00007FF819D30158 3 Function_00007FF819D301DF 4 Function_00007FF819D31062 46 Function_00007FF819D30178 4->46 5 Function_00007FF819D301E0 5->46 6 Function_00007FF819D30160 6->2 8 Function_00007FF819D30168 6->8 7 Function_00007FF819D311E5 7->46 8->2 9 Function_00007FF819D305E9 10 Function_00007FF819D30669 11 Function_00007FF819D30772 12 Function_00007FF819D301F0 13 Function_00007FF819D306F0 14 Function_00007FF819D304F1 15 Function_00007FF819D307BA 22 Function_00007FF819D300C0 15->22 26 Function_00007FF819D300C8 15->26 35 Function_00007FF819D30120 15->35 42 Function_00007FF819D30128 15->42 56 Function_00007FF819D30108 15->56 16 Function_00007FF819D300B8 17 Function_00007FF819D320B8 17->12 43 Function_00007FF819D316B0 17->43 44 Function_00007FF819D300B0 17->44 18 Function_00007FF819D3073E 19 Function_00007FF819D3203E 20 Function_00007FF819D306BC 21 Function_00007FF819D31443 21->46 22->2 22->8 23 Function_00007FF819D31247 23->46 24 Function_00007FF819D30B44 37 Function_00007FF819D301A0 24->37 25 Function_00007FF819D324CA 25->37 26->2 26->8 27 Function_00007FF819D31748 27->2 28 Function_00007FF819D32149 45 Function_00007FF819D3247A 28->45 29 Function_00007FF819D304CC 29->16 29->22 36 Function_00007FF819D300A0 29->36 30 Function_00007FF819D30BD1 30->0 30->5 30->46 31 Function_00007FF819D306D6 32 Function_00007FF819D30AD6 32->37 33 Function_00007FF819D30B1A 34 Function_00007FF819D31E9C 34->12 34->43 34->44 35->2 35->8 38 Function_00007FF819D30724 39 Function_00007FF819D306A5 40 Function_00007FF819D30A2A 41 Function_00007FF819D300A8 43->2 43->8 47 Function_00007FF819D30B79 48 Function_00007FF819D315FD 49 Function_00007FF819D31901 50 Function_00007FF819D31F81 50->12 50->43 50->44 51 Function_00007FF819D31605 51->6 52 Function_00007FF819D31785 53 Function_00007FF819D3210A 54 Function_00007FF819D3070A 55 Function_00007FF819D30B88 55->22 57 Function_00007FF819D30208 58 Function_00007FF819D30609 59 Function_00007FF819D3078C 60 Function_00007FF819D3258D 61 Function_00007FF819D30A92 61->6 61->37 62 Function_00007FF819D31911 62->12 62->43 62->44 62->57 63 Function_00007FF819D31815

                                                            Executed Functions

                                                            Function 00007FF819D32149 Relevance: 1.8, APIs: 1, Instructions: 333COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.454598115.00007FF819D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF819D30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_7ff819d30000_RegAsm.jbxd
                                                            Similarity
                                                            • API ID: PathSearch
                                                            • String ID:
                                                            • API String ID: 2203818243-0
                                                            • Opcode ID: 5b5966936aacdff0cf9e415933d924eefa3dc17c7e91a00b5c47da89356450d3
                                                            • Instruction ID: 50515326582446deea59c899dd058099786f60257fbb80a92e94275bf5b97767
                                                            • Opcode Fuzzy Hash: 5b5966936aacdff0cf9e415933d924eefa3dc17c7e91a00b5c47da89356450d3
                                                            • Instruction Fuzzy Hash: 03B1CF71928A8D8FEBA8DF18C8457E977D1EF59351F10426ED84DC7241CF34A985CB81
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Execution Graph

                                                            Execution Coverage:13.9%
                                                            Dynamic/Decrypted Code Coverage:100%
                                                            Signature Coverage:0%
                                                            Total number of Nodes:3
                                                            Total number of Limit Nodes:0
                                                            execution_graph 1049 7ff819d0217b 1050 7ff819d0217f SearchPathW 1049->1050 1052 7ff819d023ec 1050->1052

                                                            Callgraph

                                                            • Executed
                                                            • Not Executed
                                                            • Opacity -> Relevance
                                                            • Disassembly available
                                                            callgraph 0 Function_00007FF819D006D6 1 Function_00007FF819D00AD6 51 Function_00007FF819D001A0 1->51 2 Function_00007FF819D01AD5 3 Function_00007FF819D00BD1 29 Function_00007FF819D001E0 3->29 31 Function_00007FF819D001D8 3->31 4 Function_00007FF819D004CC 11 Function_00007FF819D000C0 4->11 16 Function_00007FF819D000B8 4->16 52 Function_00007FF819D000A0 4->52 5 Function_00007FF819D01CCB 6 Function_00007FF819D024CA 7 Function_00007FF819D000C8 66 Function_00007FF819D00168 7->66 8 Function_00007FF819D020C7 9 Function_00007FF819D01BC7 10 Function_00007FF819D004C4 11->66 12 Function_00007FF819D018BC 45 Function_00007FF819D000B0 12->45 82 Function_00007FF819D00208 12->82 13 Function_00007FF819D006BC 14 Function_00007FF819D015BB 15 Function_00007FF819D007BA 15->7 15->11 81 Function_00007FF819D00108 15->81 89 Function_00007FF819D00128 15->89 92 Function_00007FF819D00120 15->92 17 Function_00007FF819D015B8 18 Function_00007FF819D001B8 19 Function_00007FF819D020B8 44 Function_00007FF819D016B0 19->44 19->45 20 Function_00007FF819D01BF3 21 Function_00007FF819D004F1 22 Function_00007FF819D001F0 23 Function_00007FF819D006F0 24 Function_00007FF819D01CEF 24->22 24->44 24->45 25 Function_00007FF819D018ED 25->45 25->82 26 Function_00007FF819D005E9 27 Function_00007FF819D001E5 28 Function_00007FF819D011E5 30 Function_00007FF819D008DB 32 Function_00007FF819D00A92 32->51 70 Function_00007FF819D00160 32->70 33 Function_00007FF819D00991 34 Function_00007FF819D0258D 35 Function_00007FF819D0078C 36 Function_00007FF819D00B88 36->11 48 Function_00007FF819D001A8 36->48 37 Function_00007FF819D01785 38 Function_00007FF819D01B85 39 Function_00007FF819D0217B 40 Function_00007FF819D0247A 39->40 41 Function_00007FF819D00B79 42 Function_00007FF819D01F79 43 Function_00007FF819D009B6 44->66 46 Function_00007FF819D01BAB 47 Function_00007FF819D016AB 47->66 49 Function_00007FF819D000A8 50 Function_00007FF819D006A5 53 Function_00007FF819D01E9C 53->44 53->45 54 Function_00007FF819D00A57 55 Function_00007FF819D01C4E 56 Function_00007FF819D02149 57 Function_00007FF819D01748 58 Function_00007FF819D01247 59 Function_00007FF819D00B44 59->51 60 Function_00007FF819D01443 61 Function_00007FF819D0073E 62 Function_00007FF819D00A3B 63 Function_00007FF819D00772 64 Function_00007FF819D0096C 65 Function_00007FF819D00669 72 Function_00007FF819D00158 66->72 67 Function_00007FF819D01868 68 Function_00007FF819D01B66 69 Function_00007FF819D01062 70->66 71 Function_00007FF819D0155B 73 Function_00007FF819D00758 74 Function_00007FF819D01815 75 Function_00007FF819D01C14 76 Function_00007FF819D0250B 76->51 77 Function_00007FF819D0000B 78 Function_00007FF819D0210A 78->48 79 Function_00007FF819D0070A 80 Function_00007FF819D00609 81->66 83 Function_00007FF819D01602 84 Function_00007FF819D01AFC 85 Function_00007FF819D014FB 86 Function_00007FF819D0062D 87 Function_00007FF819D0182B 88 Function_00007FF819D00A2A 90 Function_00007FF819D01C27 91 Function_00007FF819D00724 92->66 93 Function_00007FF819D0061B 94 Function_00007FF819D0161B 94->70 95 Function_00007FF819D00B1A 96 Function_00007FF819D01B1A

                                                            Executed Functions

                                                            Function 00007FF819D0217B Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000020.00000002.463887659.00007FF819D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF819D00000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_32_2_7ff819d00000_RegAsm.jbxd
                                                            Similarity
                                                            • API ID: PathSearch
                                                            • String ID:
                                                            • API String ID: 2203818243-0
                                                            • Opcode ID: de1a1e3ac3ea41dc31b802250261d122845dd53509e6fe606e9c7b6f95ef611e
                                                            • Instruction ID: e4fc110a1950c0dfdb33ce7006dc736bf98fd57c15109f91f4f7e69d82d54dbd
                                                            • Opcode Fuzzy Hash: de1a1e3ac3ea41dc31b802250261d122845dd53509e6fe606e9c7b6f95ef611e
                                                            • Instruction Fuzzy Hash: 26A19C31918A8D8FEBA8DF18D8457E977E1FF98351F04426ED80EC7291CF34A9858B81
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Callgraph

                                                            • Executed
                                                            • Not Executed
                                                            • Opacity -> Relevance
                                                            • Disassembly available
                                                            callgraph 0 Function_00007FF819D30158 1 Function_00007FF819D30758 2 Function_00007FF819D301D8 3 Function_00007FF819D301DF 4 Function_00007FF819D31062 45 Function_00007FF819D30178 4->45 5 Function_00007FF819D301E0 5->45 6 Function_00007FF819D30160 6->0 8 Function_00007FF819D30168 6->8 7 Function_00007FF819D311E5 7->45 8->0 9 Function_00007FF819D305E9 10 Function_00007FF819D30669 11 Function_00007FF819D30772 12 Function_00007FF819D301F0 13 Function_00007FF819D306F0 14 Function_00007FF819D304F1 15 Function_00007FF819D307BA 21 Function_00007FF819D300C0 15->21 25 Function_00007FF819D300C8 15->25 34 Function_00007FF819D30120 15->34 41 Function_00007FF819D30128 15->41 55 Function_00007FF819D30108 15->55 16 Function_00007FF819D320B8 16->12 42 Function_00007FF819D316B0 16->42 43 Function_00007FF819D300B0 16->43 17 Function_00007FF819D3073E 18 Function_00007FF819D3203E 19 Function_00007FF819D306BC 20 Function_00007FF819D31443 20->45 21->0 21->8 22 Function_00007FF819D31247 22->45 23 Function_00007FF819D30B44 36 Function_00007FF819D301A0 23->36 24 Function_00007FF819D324CA 24->36 25->0 25->8 26 Function_00007FF819D31748 26->0 27 Function_00007FF819D32149 44 Function_00007FF819D3247A 27->44 28 Function_00007FF819D30BD1 28->2 28->5 28->45 29 Function_00007FF819D304D1 29->21 35 Function_00007FF819D300A0 29->35 30 Function_00007FF819D306D6 31 Function_00007FF819D30AD6 31->36 32 Function_00007FF819D30B1A 33 Function_00007FF819D31E9C 33->12 33->42 33->43 34->0 34->8 37 Function_00007FF819D30724 38 Function_00007FF819D306A5 39 Function_00007FF819D30A2A 40 Function_00007FF819D300A8 42->0 42->8 46 Function_00007FF819D30B79 47 Function_00007FF819D315FD 48 Function_00007FF819D31901 49 Function_00007FF819D31F81 49->12 49->42 49->43 50 Function_00007FF819D31605 50->6 51 Function_00007FF819D31785 52 Function_00007FF819D3210A 53 Function_00007FF819D3070A 54 Function_00007FF819D30B88 54->21 56 Function_00007FF819D30208 57 Function_00007FF819D30609 58 Function_00007FF819D3078C 59 Function_00007FF819D3048D 59->40 60 Function_00007FF819D3258D 61 Function_00007FF819D30A92 61->6 61->36 62 Function_00007FF819D31911 62->12 62->42 62->43 62->56 63 Function_00007FF819D31815

                                                            Executed Functions

                                                            Function 00007FF819D32149 Relevance: 1.8, APIs: 1, Instructions: 333COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 190 7ff819d32149-7ff819d32155 191 7ff819d32158-7ff819d32169 190->191 192 7ff819d32157 190->192 193 7ff819d3216b 191->193 194 7ff819d3216c-7ff819d32226 191->194 192->191 193->194 198 7ff819d32228-7ff819d32230 194->198 199 7ff819d32233-7ff819d32238 194->199 198->199 200 7ff819d3223a-7ff819d32242 199->200 201 7ff819d32245-7ff819d3224a 199->201 200->201 202 7ff819d3224c-7ff819d32254 201->202 203 7ff819d32257-7ff819d32266 201->203 202->203 204 7ff819d3230e-7ff819d32316 203->204 205 7ff819d3226c-7ff819d3229d 203->205 206 7ff819d32318-7ff819d32357 204->206 207 7ff819d3235d-7ff819d3236c 204->207 212 7ff819d3229f-7ff819d322a1 205->212 213 7ff819d322f6 205->213 206->207 209 7ff819d322ea-7ff819d322f1 207->209 210 7ff819d32372-7ff819d3237f 207->210 214 7ff819d32385-7ff819d323ea SearchPathW 209->214 210->214 215 7ff819d322da-7ff819d322e8 212->215 216 7ff819d322a3-7ff819d322b5 212->216 223 7ff819d322fb-7ff819d322fc 213->223 217 7ff819d323ec 214->217 218 7ff819d323f2-7ff819d32407 214->218 222 7ff819d322fe-7ff819d32308 215->222 220 7ff819d322b9-7ff819d322cc 216->220 221 7ff819d322b7 216->221 217->218 226 7ff819d32409-7ff819d3242b 218->226 227 7ff819d3242c-7ff819d3245e call 7ff819d3247a 218->227 220->220 224 7ff819d322ce-7ff819d322d6 220->224 221->220 222->204 223->222 224->215 226->227 231 7ff819d32460 227->231 232 7ff819d32465-7ff819d32479 227->232 231->232
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000022.00000002.469912664.00007FF819D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF819D30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_34_2_7ff819d30000_RegAsm.jbxd
                                                            Similarity
                                                            • API ID: PathSearch
                                                            • String ID:
                                                            • API String ID: 2203818243-0
                                                            • Opcode ID: 8851e7f0d3cb10aa9c3ed90b4779de23c8bffcbbd5394662fbb9fc75d168dd49
                                                            • Instruction ID: 5ad7862a057f747fc65656639563a397047fb0c2fc935ed52e63ed692bde6f46
                                                            • Opcode Fuzzy Hash: 8851e7f0d3cb10aa9c3ed90b4779de23c8bffcbbd5394662fbb9fc75d168dd49
                                                            • Instruction Fuzzy Hash: 24B1EF70918A8D8FEBA8DF18C8457E977D1EF59321F00426ED84DC7281CF34AA85CB81
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Callgraph

                                                            • Executed
                                                            • Not Executed
                                                            • Opacity -> Relevance
                                                            • Disassembly available
                                                            callgraph 0 Function_00007FF819D101D8 12 Function_00007FF819D101B8 0->12 1 Function_00007FF819D10158 2 Function_00007FF819D112D9 2->12 3 Function_00007FF819D101E0 3->12 4 Function_00007FF819D10160 4->1 8 Function_00007FF819D10168 4->8 5 Function_00007FF819D11062 5->12 6 Function_00007FF819D101E5 7 Function_00007FF819D106E7 8->1 9 Function_00007FF819D10769 10 Function_00007FF819D101F0 11 Function_00007FF819D104F1 12->12 13 Function_00007FF819D100B8 14 Function_00007FF819D115B8 14->12 15 Function_00007FF819D107BA 15->4 17 Function_00007FF819D100C0 15->17 20 Function_00007FF819D100C8 15->20 29 Function_00007FF819D101A0 15->29 30 Function_00007FF819D10120 15->30 34 Function_00007FF819D10128 15->34 47 Function_00007FF819D10108 15->47 16 Function_00007FF819D118BC 16->10 32 Function_00007FF819D11620 16->32 36 Function_00007FF819D116B0 16->36 37 Function_00007FF819D100B0 16->37 48 Function_00007FF819D10208 16->48 17->1 17->8 18 Function_00007FF819D11443 18->12 19 Function_00007FF819D11748 19->1 20->1 20->8 21 Function_00007FF819D12149 41 Function_00007FF819D1247A 21->41 22 Function_00007FF819D124CA 22->29 23 Function_00007FF819D106CD 24 Function_00007FF819D1074F 25 Function_00007FF819D10BD1 25->0 25->3 25->12 26 Function_00007FF819D1071B 27 Function_00007FF819D1069C 28 Function_00007FF819D1079D 29->12 30->1 30->8 31 Function_00007FF819D100A0 32->4 33 Function_00007FF819D100A8 34->12 35 Function_00007FF819D101A8 35->12 36->1 36->8 38 Function_00007FF819D106B3 39 Function_00007FF819D10735 40 Function_00007FF819D10B79 42 Function_00007FF819D10701 43 Function_00007FF819D10783 44 Function_00007FF819D11605 44->4 45 Function_00007FF819D11785 46 Function_00007FF819D10B88 46->17 46->35 49 Function_00007FF819D10609 50 Function_00007FF819D1210A 50->35 51 Function_00007FF819D1258D 52 Function_00007FF819D1048D 52->13 52->17 52->31 52->33 53 Function_00007FF819D11815

                                                            Executed Functions

                                                            Function 00007FF819D12149 Relevance: 1.8, APIs: 1, Instructions: 333COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000024.00000002.475231617.00007FF819D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF819D10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_36_2_7ff819d10000_RegAsm.jbxd
                                                            Similarity
                                                            • API ID: PathSearch
                                                            • String ID:
                                                            • API String ID: 2203818243-0
                                                            • Opcode ID: 078ced18767efe443ebbe87041c90e74d9a998e7be558ec985dba22118dc7d60
                                                            • Instruction ID: de7e354ee98b8f2814f81085036a28d1c30aac5530bfac9467d8d66f38a46e08
                                                            • Opcode Fuzzy Hash: 078ced18767efe443ebbe87041c90e74d9a998e7be558ec985dba22118dc7d60
                                                            • Instruction Fuzzy Hash: 49B1BD71918A8D8FDBA9DF1888457E977E1EF59320F00427ED84DC7292DB34A985CB82
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Callgraph

                                                            • Executed
                                                            • Not Executed
                                                            • Opacity -> Relevance
                                                            • Disassembly available
                                                            callgraph 0 Function_00007FF819D00BD1 23 Function_00007FF819D001E0 0->23 27 Function_00007FF819D001D8 0->27 1 Function_00007FF819D0074F 2 Function_00007FF819D006CD 3 Function_00007FF819D024CA 4 Function_00007FF819D02149 5 Function_00007FF819D01748 26 Function_00007FF819D00158 5->26 6 Function_00007FF819D000C8 18 Function_00007FF819D00168 6->18 6->26 7 Function_00007FF819D01443 8 Function_00007FF819D000C0 8->18 8->26 9 Function_00007FF819D018BC 16 Function_00007FF819D001F0 9->16 37 Function_00007FF819D00208 9->37 48 Function_00007FF819D016B0 9->48 49 Function_00007FF819D000B0 9->49 59 Function_00007FF819D01620 9->59 10 Function_00007FF819D015BB 14 Function_00007FF819D001B8 10->14 11 Function_00007FF819D007BA 11->6 11->8 22 Function_00007FF819D00160 11->22 35 Function_00007FF819D00108 11->35 54 Function_00007FF819D00128 11->54 56 Function_00007FF819D00120 11->56 57 Function_00007FF819D001A0 11->57 12 Function_00007FF819D000B8 13 Function_00007FF819D015B8 15 Function_00007FF819D004F1 17 Function_00007FF819D00769 18->26 19 Function_00007FF819D006E7 20 Function_00007FF819D001E5 21 Function_00007FF819D01062 22->18 22->26 24 Function_00007FF819D0155B 25 Function_00007FF819D012D9 28 Function_00007FF819D01815 29 Function_00007FF819D0258D 30 Function_00007FF819D0048D 30->8 30->12 53 Function_00007FF819D000A8 30->53 58 Function_00007FF819D000A0 30->58 31 Function_00007FF819D0250B 31->57 32 Function_00007FF819D0000B 33 Function_00007FF819D0210A 55 Function_00007FF819D001A8 33->55 34 Function_00007FF819D00609 35->18 35->26 36 Function_00007FF819D00B88 36->8 36->55 38 Function_00007FF819D01605 39 Function_00007FF819D01785 40 Function_00007FF819D00783 41 Function_00007FF819D00701 42 Function_00007FF819D0217B 44 Function_00007FF819D0247A 42->44 43 Function_00007FF819D014FB 45 Function_00007FF819D00B79 46 Function_00007FF819D00735 47 Function_00007FF819D006B3 48->18 48->26 50 Function_00007FF819D0062D 51 Function_00007FF819D016AB 51->18 51->26 52 Function_00007FF819D0182B 56->18 56->26 59->22 60 Function_00007FF819D0079D 61 Function_00007FF819D0069C 62 Function_00007FF819D0071B 63 Function_00007FF819D0061B 64 Function_00007FF819D0161B 64->22

                                                            Executed Functions

                                                            Function 00007FF819D0217B Relevance: 1.8, APIs: 1, Instructions: 308COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000026.00000002.481817903.00007FF819D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF819D00000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_38_2_7ff819d00000_RegAsm.jbxd
                                                            Similarity
                                                            • API ID: PathSearch
                                                            • String ID:
                                                            • API String ID: 2203818243-0
                                                            • Opcode ID: 9f9ad2681d8a0f09b5e18f658b19d7121fd126b1cee66e32cfcde8b46599368a
                                                            • Instruction ID: 58f87a87eb8d107ef2e09fe4eb05fa467e8f977e51f0261afb9e19ad6836f186
                                                            • Opcode Fuzzy Hash: 9f9ad2681d8a0f09b5e18f658b19d7121fd126b1cee66e32cfcde8b46599368a
                                                            • Instruction Fuzzy Hash: 73A18C31528A8D8FEBA8DF18D8457F977E1FB58350F14426EE84EC7291CF34A9858B81
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Callgraph

                                                            • Executed
                                                            • Not Executed
                                                            • Opacity -> Relevance
                                                            • Disassembly available
                                                            callgraph 0 Function_00007FF819D308DB 1 Function_00007FF819D30158 2 Function_00007FF819D30758 3 Function_00007FF819D301D8 4 Function_00007FF819D31062 5 Function_00007FF819D301E0 6 Function_00007FF819D30160 6->1 11 Function_00007FF819D30168 6->11 7 Function_00007FF819D31B66 8 Function_00007FF819D301E5 9 Function_00007FF819D311E5 10 Function_00007FF819D31FEB 11->1 12 Function_00007FF819D31868 13 Function_00007FF819D305E9 14 Function_00007FF819D30669 15 Function_00007FF819D31FEE 16 Function_00007FF819D31CEF 22 Function_00007FF819D301F0 16->22 68 Function_00007FF819D316B0 16->68 69 Function_00007FF819D300B0 16->69 17 Function_00007FF819D3096C 18 Function_00007FF819D318ED 18->68 18->69 84 Function_00007FF819D30208 18->84 19 Function_00007FF819D30772 20 Function_00007FF819D31BF3 21 Function_00007FF819D306F0 23 Function_00007FF819D304F1 24 Function_00007FF819D307BA 35 Function_00007FF819D300C0 24->35 42 Function_00007FF819D300C8 24->42 56 Function_00007FF819D30120 24->56 66 Function_00007FF819D30128 24->66 82 Function_00007FF819D30108 24->82 25 Function_00007FF819D30A3B 26 Function_00007FF819D300B8 27 Function_00007FF819D315B8 28 Function_00007FF819D301B8 29 Function_00007FF819D320B8 29->68 29->69 30 Function_00007FF819D32039 31 Function_00007FF819D3073E 32 Function_00007FF819D318BC 32->68 32->69 32->84 33 Function_00007FF819D306BC 34 Function_00007FF819D31443 35->1 35->11 36 Function_00007FF819D31BC7 37 Function_00007FF819D320C7 38 Function_00007FF819D304C4 39 Function_00007FF819D30B44 58 Function_00007FF819D301A0 39->58 40 Function_00007FF819D324CA 40->58 41 Function_00007FF819D31CCB 42->1 42->11 43 Function_00007FF819D31748 43->1 44 Function_00007FF819D32149 72 Function_00007FF819D3247A 44->72 45 Function_00007FF819D31C4E 46 Function_00007FF819D304CC 46->26 46->35 57 Function_00007FF819D300A0 46->57 47 Function_00007FF819D31FCC 48 Function_00007FF819D30BD1 48->3 48->5 49 Function_00007FF819D306D6 50 Function_00007FF819D30AD6 50->58 51 Function_00007FF819D30A57 52 Function_00007FF819D31AD5 53 Function_00007FF819D30B1A 54 Function_00007FF819D31B1A 55 Function_00007FF819D31E9C 55->68 55->69 56->1 56->11 59 Function_00007FF819D31FA1 60 Function_00007FF819D31C27 61 Function_00007FF819D30724 62 Function_00007FF819D306A5 63 Function_00007FF819D30A2A 64 Function_00007FF819D31BAB 65 Function_00007FF819D300A8 67 Function_00007FF819D301A8 68->1 68->11 70 Function_00007FF819D309B6 71 Function_00007FF819D32036 73 Function_00007FF819D30B79 74 Function_00007FF819D31AFC 75 Function_00007FF819D31602 75->6 76 Function_00007FF819D31F81 76->69 77 Function_00007FF819D31F87 78 Function_00007FF819D31785 79 Function_00007FF819D31B85 80 Function_00007FF819D3210A 80->67 81 Function_00007FF819D3070A 83 Function_00007FF819D30B88 83->35 83->67 85 Function_00007FF819D30609 86 Function_00007FF819D3078C 87 Function_00007FF819D3258D 88 Function_00007FF819D30A92 88->6 88->58 89 Function_00007FF819D30991 90 Function_00007FF819D31C14 91 Function_00007FF819D31815

                                                            Executed Functions

                                                            Function 00007FF819D32149 Relevance: 1.8, APIs: 1, Instructions: 335COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000028.00000002.488508325.00007FF819D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF819D30000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_40_2_7ff819d30000_RegAsm.jbxd
                                                            Similarity
                                                            • API ID: PathSearch
                                                            • String ID:
                                                            • API String ID: 2203818243-0
                                                            • Opcode ID: 35136d255ead7e99b4d8444d08953dd253c709c26288c9b9c317e7ba05c4b1b2
                                                            • Instruction ID: 42c3db95cc4623445451935e37c9982427efb85419c9fce772aaa400b7281de3
                                                            • Opcode Fuzzy Hash: 35136d255ead7e99b4d8444d08953dd253c709c26288c9b9c317e7ba05c4b1b2
                                                            • Instruction Fuzzy Hash: 52B1E070918A8D8FEBA9DF18C8457E977E1EF59351F10426ED84EC7282CF34A985CB81
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Callgraph

                                                            • Executed
                                                            • Not Executed
                                                            • Opacity -> Relevance
                                                            • Disassembly available
                                                            callgraph 0 Function_00007FF819D00BD1 22 Function_00007FF819D001E0 0->22 26 Function_00007FF819D001D8 0->26 1 Function_00007FF819D004D1 9 Function_00007FF819D000C0 1->9 57 Function_00007FF819D000A0 1->57 2 Function_00007FF819D0074F 3 Function_00007FF819D006CD 4 Function_00007FF819D024CA 5 Function_00007FF819D02149 6 Function_00007FF819D01748 25 Function_00007FF819D00158 6->25 7 Function_00007FF819D000C8 18 Function_00007FF819D00168 7->18 7->25 8 Function_00007FF819D01443 9->18 9->25 10 Function_00007FF819D018BC 16 Function_00007FF819D001F0 10->16 36 Function_00007FF819D00208 10->36 47 Function_00007FF819D016B0 10->47 48 Function_00007FF819D000B0 10->48 58 Function_00007FF819D01620 10->58 11 Function_00007FF819D015BB 14 Function_00007FF819D001B8 11->14 12 Function_00007FF819D007BA 12->7 12->9 21 Function_00007FF819D00160 12->21 34 Function_00007FF819D00108 12->34 53 Function_00007FF819D00128 12->53 55 Function_00007FF819D00120 12->55 56 Function_00007FF819D001A0 12->56 13 Function_00007FF819D015B8 15 Function_00007FF819D004F1 17 Function_00007FF819D00769 18->25 19 Function_00007FF819D006E7 20 Function_00007FF819D01062 21->18 21->25 23 Function_00007FF819D0155B 24 Function_00007FF819D012D9 27 Function_00007FF819D01815 28 Function_00007FF819D0258D 29 Function_00007FF819D0048D 52 Function_00007FF819D000A8 29->52 30 Function_00007FF819D0250B 30->56 31 Function_00007FF819D0000B 32 Function_00007FF819D0210A 54 Function_00007FF819D001A8 32->54 33 Function_00007FF819D00609 34->18 34->25 35 Function_00007FF819D00B88 35->9 35->54 37 Function_00007FF819D01605 38 Function_00007FF819D01785 39 Function_00007FF819D00783 40 Function_00007FF819D00701 41 Function_00007FF819D0217B 43 Function_00007FF819D0247A 41->43 42 Function_00007FF819D014FB 44 Function_00007FF819D00B79 45 Function_00007FF819D00735 46 Function_00007FF819D006B3 47->18 47->25 49 Function_00007FF819D0062D 50 Function_00007FF819D016AB 50->18 50->25 51 Function_00007FF819D0182B 55->18 55->25 58->21 59 Function_00007FF819D0079D 60 Function_00007FF819D0069C 61 Function_00007FF819D0071B 62 Function_00007FF819D0061B 63 Function_00007FF819D0161B 63->21

                                                            Executed Functions

                                                            Function 00007FF819D0217B Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 0000002A.00000002.495868005.00007FF819D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF819D00000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_42_2_7ff819d00000_RegAsm.jbxd
                                                            Similarity
                                                            • API ID: PathSearch
                                                            • String ID:
                                                            • API String ID: 2203818243-0
                                                            • Opcode ID: 24d83efebce39efa6a477394a9ad3420d764de7c6b5b268375d2fc59a061c04f
                                                            • Instruction ID: bec217f6ce0a4ccf1c41c65bfb287b261027fa27096e5f8fcc368199fbcd7448
                                                            • Opcode Fuzzy Hash: 24d83efebce39efa6a477394a9ad3420d764de7c6b5b268375d2fc59a061c04f
                                                            • Instruction Fuzzy Hash: D7A18C31918A8D8FEBA8DF18D8457E977E1EF58351F14426ED80EC7291CF34A9858B81
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%