Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SetupWIService.exe

Overview

General Information

Sample Name:SetupWIService.exe
Analysis ID:706095
MD5:141d46ba18a6fb07ac40b69a22fbbcbc
SHA1:f5da2877a28f5bc52d0b3d991308a5fa8e97a262
SHA256:e22b3ffcb9eb55e53b6a95d34433567ef5d16fe8459199896229c899ff8a72b8
Infos:

Detection

GuLoader
Score:63
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:34
Range:0 - 100

Signatures

Yara detected GuLoader
Uses netsh to modify the Windows network and firewall settings
Tries to delay execution (extensive OutputDebugStringW loop)
Query firmware table information (likely to detect VMs)
Modifies the hosts file
Changes security center settings (notifications, updates, antivirus, firewall)
DLL side loading technique detected
Sets file extension default program settings to executables
Modifies the windows firewall
Uses schtasks.exe or at.exe to add and modify task schedules
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to shutdown / reboot the system
Found evasive API chain (date check)
Creates files inside the system directory
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Enables debug privileges
EXE planting / hijacking vulnerabilities found
AV process strings found (often used to terminate AV products)
PE file does not import any functions
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Drops PE files to the windows directory (C:\Windows)
Binary contains a suspicious time stamp
Uses taskkill to terminate processes
Queries disk information (often used to detect virtual machines)
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • SetupWIService.exe (PID: 5920 cmdline: "C:\Users\user\Desktop\SetupWIService.exe" MD5: 141D46BA18A6FB07AC40B69A22FBBCBC)
    • cmd.exe (PID: 5932 cmdline: cmd /C taskkill /F /IM WIService.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 1360 cmdline: taskkill /F /IM WIService.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 5588 cmdline: cmd /C taskkill /F /IM WIui.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 4832 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 5532 cmdline: taskkill /F /IM WIui.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 4792 cmdline: cmd /C taskkill /F /IM wirtpproxy.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 5492 cmdline: taskkill /F /IM wirtpproxy.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 5704 cmdline: cmd /C taskkill /F /IM wiservice-ui.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 4884 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 5848 cmdline: taskkill /F /IM wiservice-ui.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 1952 cmdline: cmd /C taskkill /F /IM vncsrv.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 5728 cmdline: taskkill /F /IM vncsrv.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • cmd.exe (PID: 2360 cmdline: cmd /C taskkill /F /IM WildixOutlookIntegration.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 1652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 5452 cmdline: taskkill /F /IM WildixOutlookIntegration.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
    • wiservice.exe (PID: 2792 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --removesvc MD5: C66742153E3B6174EE1B9E50F71EB1D2)
    • wiservice.exe (PID: 5640 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter MD5: C66742153E3B6174EE1B9E50F71EB1D2)
    • RegAsm.exe (PID: 2108 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 5488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 5156 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 4300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 1684 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 1768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 4108 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 4996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 496 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 1500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 2636 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 5584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 5924 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 5960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegAsm.exe (PID: 5600 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent MD5: 2B5D765B33C67EBA41E9F47954227BC3)
      • conhost.exe (PID: 5072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.exe (PID: 5612 cmdline: cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 2596 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • schtasks.exe (PID: 5748 cmdline: schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
    • cmd.exe (PID: 5288 cmdline: cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 5524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • netsh.exe (PID: 2108 cmdline: netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 98CC37BBF363A38834253E22C80A8F32)
    • cmd.exe (PID: 3416 cmdline: cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 4420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • netsh.exe (PID: 1324 cmdline: netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 98CC37BBF363A38834253E22C80A8F32)
    • wiservice.exe (PID: 496 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex MD5: C66742153E3B6174EE1B9E50F71EB1D2)
    • wiservice.exe (PID: 5324 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc MD5: C66742153E3B6174EE1B9E50F71EB1D2)
  • svchost.exe (PID: 6076 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 5196 cmdline: c:\windows\system32\svchost.exe -k unistacksvcgroup MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 4840 cmdline: c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 5956 cmdline: c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 612 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • SgrmBroker.exe (PID: 5668 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: D3170A3F3A9626597EEE1888686E3EA6)
  • svchost.exe (PID: 5728 cmdline: c:\windows\system32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 5244 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 5792 cmdline: c:\windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 5784 cmdline: c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • MpCmdRun.exe (PID: 5608 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: A267555174BFA53844371226F482B86B)
      • conhost.exe (PID: 736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • svchost.exe (PID: 2068 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • spoolsv.exe (PID: 5756 cmdline: C:\Windows\System32\spoolsv.exe MD5: C05A19A38D7D203B738771FD1854656F)
  • spoolsv.exe (PID: 2388 cmdline: C:\Windows\System32\spoolsv.exe MD5: C05A19A38D7D203B738771FD1854656F)
  • wiservice.exe (PID: 4220 cmdline: "C:\Program Files\Wildix\WIService\WIService.exe" MD5: C66742153E3B6174EE1B9E50F71EB1D2)
  • wiservice.exe (PID: 5484 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --hostsvc MD5: C66742153E3B6174EE1B9E50F71EB1D2)
    • wiservice.exe (PID: 6112 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher MD5: C66742153E3B6174EE1B9E50F71EB1D2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: SetupWIService.exe PID: 5920JoeSecurity_GuLoader_3Yara detected GuLoaderJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results
    Source: wiservice.exe, 0000001A.00000002.301630226.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----
    Source: C:\Users\user\Desktop\SetupWIService.exeEXE: cmd.exeJump to behavior

    Compliance

    barindex
    Uses 32bit PE files
    Source: SetupWIService.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    EXE planting / hijacking vulnerabilities found
    Source: C:\Users\user\Desktop\SetupWIService.exeEXE: cmd.exeJump to behavior
    Creates a software uninstall entry
    Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIServiceJump to behavior
    Creates a directory in C:\Program Files
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\WildixJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIServiceJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xmlJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix.icoJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wiservice.exeJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\faxJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDLJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDNAMES.GPDJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDLJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHMX.GDLJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.HLPJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\imgprint.gpdJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\wfaxport.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resourcesJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resources\cdr.dbJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook IntegrationJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Interop.Outlook.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Uc.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Newtonsoft.Json.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Office.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Console.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Debug.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.File.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\UC.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\websocket-sharp.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\wildix-oi.icoJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dll.manifestJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookCommon.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.vstoJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exeJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exe.configJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\dotnet-dump.exeJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\proxyex.lnkJump to behavior
    PE / OLE file has a valid certificate
    Source: SetupWIService.exeStatic PE information: certificate valid
    Contains modern PE file flags such as dynamic base (ASLR) or NX
    Source: SetupWIService.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Binary contains paths to debug symbols
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\rand\randfile.cFilename=RANDFILESYSTEMROOT.rnd source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: C:\design\wiservice\deploy\win-x64-release\wiservice.pdb source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: C:\design\wiservice\deploy\win-x64-release\fax\wfaxport.pdb``. source: spoolsv.exe, 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: C:\design\wiservice\deploy\win-x64-release\wiservice.pdbU source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: C:\design\wiservice\deploy\win-x64-release\fax\wfaxport.pdb source: spoolsv.exe, 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmp
    Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00402765 FindFirstFileA,0_2_00402765
    Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00406313 FindFirstFileA,FindClose,0_2_00406313
    Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_004057D8 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004057D8
    Source: C:\Windows\System32\spoolsv.exeCode function: 34_2_00007FFC1FD03F10 FindFirstFileW,_invalid_parameter_noinfo_noreturn,FindClose,34_2_00007FFC1FD03F10
    Source: global trafficHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 404Content-Type: application/x-www-form-urlencoded
    Source: global trafficHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 382Content-Type: application/x-www-form-urlencoded
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
    Source: SetupWIService.exe, 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001F.00000003.343640925.000002DA608A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
    Source: SetupWIService.exe, 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001F.00000003.343640925.000002DA608A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
    Source: SetupWIService.exe, 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001F.00000003.343640925.000002DA608A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
    Source: SetupWIService.exe, 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001F.00000003.343640925.000002DA608A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
    Source: SetupWIService.exe, 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001F.00000003.343640925.000002DA608A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
    Source: SetupWIService.exe, 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001F.00000003.343640925.000002DA608A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
    Source: wiservice.exe, 00000040.00000002.646094222.000002778E896000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.646170253.000002778E8AF000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.645897231.000002778E872000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.646345446.000002778E8D1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000044.00000002.644776912.000001B756DC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
    Source: SetupWIService.exe, 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001F.00000003.343640925.000002DA608A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
    Source: SetupWIService.exe, 00000000.00000002.509977226.0000000000722000.00000004.00000020.00020000.00000000.sdmp, SetupWIService.exe, 00000000.00000003.507646660.000000000071E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://firmwares.wildix.com/app/integrations/vc_redist_2019.x64.exe
    Source: SetupWIService.exe, 00000000.00000002.509977226.0000000000722000.00000004.00000020.00020000.00000000.sdmp, SetupWIService.exe, 00000000.00000003.507646660.000000000071E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://firmwares.wildix.com/app/integrations/vc_redist_2019.x64.exegetOKError
    Source: wiservice.exe, 0000001A.00000002.301630226.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.296160783.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.346612581.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.314281732.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651719938.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000000.451832252.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000000.455364369.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.465532808.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.494487508.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000000.471116062.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://jimmac.musichall.cz
    Source: SetupWIService.exe, SetupWIService.exe, 00000000.00000000.244728188.000000000040A000.00000008.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
    Source: SetupWIService.exe, 00000000.00000000.244728188.000000000040A000.00000008.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
    Source: SetupWIService.exe, 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001F.00000003.343640925.000002DA608A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
    Source: wiservice.exe, 00000040.00000002.645897231.000002778E872000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com
    Source: SetupWIService.exe, 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001F.00000003.343640925.000002DA608A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
    Source: wiservice.exe, 00000040.00000002.646094222.000002778E896000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.646170253.000002778E8AF000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.645897231.000002778E872000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.646345446.000002778E8D1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000044.00000002.644776912.000001B756DC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com09
    Source: SetupWIService.exe, 00000000.00000002.509977226.0000000000722000.00000004.00000020.00020000.00000000.sdmp, SetupWIService.exe, 00000000.00000003.507646660.000000000071E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pbx.wildix.com
    Source: SetupWIService.exe, 00000000.00000002.509977226.0000000000722000.00000004.00000020.00020000.00000000.sdmp, SetupWIService.exe, 00000000.00000003.507646660.000000000071E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pbx.wildix.comDisplayIcon
    Source: svchost.exe, 00000018.00000002.311565902.000002B53E413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bingmapsportal.com
    Source: wiservice.exe, 0000001A.00000002.301630226.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.296160783.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.346612581.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.314281732.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651719938.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000000.451832252.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000000.455364369.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.465532808.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.494487508.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000000.471116062.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.gimp.orgg
    Source: svchost.exe, 00000015.00000002.643035087.000001E386C4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%s.dnet.xboxlive.com
    Source: svchost.exe, 00000015.00000002.643035087.000001E386C4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%s.xboxlive.com
    Source: svchost.exe, 00000015.00000002.643035087.000001E386C4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com
    Source: svchost.exe, 00000018.00000003.311025722.000002B53E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
    Source: wiservice.exe, 0000001A.00000002.300181357.000001DE6EF68000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.344177984.000002DA60828000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.643874041.000002778CBE0000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.460701634.000001AF24F08000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.486076601.0000024DC6949000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/
    Source: wiservice.exe, 00000041.00000002.460701634.000001AF24F08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/Kt
    Source: wiservice.exe, 0000001A.00000002.300181357.000001DE6EF68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/dll
    Source: wiservice.exe, 0000001F.00000002.344177984.000002DA60828000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/nl
    Source: svchost.exe, 00000015.00000002.643035087.000001E386C4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bn2.notify.windows.com/v2/register/xplatform/device
    Source: svchost.exe, 00000015.00000002.643035087.000001E386C4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://co4-df.notify.windows.com/v2/register/xplatform/device
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://conference-dev-f.wildix.com
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://conference-up.wildix.com
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://conference.wildix.com
    Source: wiservice.exe, 0000001A.00000002.301630226.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.296160783.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.346612581.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.314281732.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651719938.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000000.451832252.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000000.455364369.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.465532808.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.494487508.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000000.471116062.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
    Source: svchost.exe, 00000018.00000003.311057643.000002B53E45A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
    Source: svchost.exe, 00000018.00000003.311057643.000002B53E45A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.311739368.000002B53E45C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
    Source: svchost.exe, 00000018.00000003.311025722.000002B53E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
    Source: svchost.exe, 00000018.00000002.311700759.000002B53E43D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
    Source: svchost.exe, 00000018.00000003.311057643.000002B53E45A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.311739368.000002B53E45C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
    Source: svchost.exe, 00000018.00000003.311025722.000002B53E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
    Source: svchost.exe, 00000018.00000003.311057643.000002B53E45A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.311739368.000002B53E45C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
    Source: svchost.exe, 00000018.00000003.311025722.000002B53E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
    Source: svchost.exe, 00000018.00000002.311700759.000002B53E43D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
    Source: svchost.exe, 00000018.00000003.311025722.000002B53E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
    Source: svchost.exe, 00000018.00000003.311025722.000002B53E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
    Source: svchost.exe, 00000018.00000003.311025722.000002B53E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
    Source: svchost.exe, 00000018.00000003.289281241.000002B53E431000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
    Source: svchost.exe, 00000018.00000003.311078030.000002B53E440000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.311717583.000002B53E442000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.311228232.000002B53E441000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
    Source: svchost.exe, 00000018.00000003.311078030.000002B53E440000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.311717583.000002B53E442000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.311228232.000002B53E441000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
    Source: svchost.exe, 00000018.00000003.311025722.000002B53E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
    Source: svchost.exe, 00000018.00000003.311078030.000002B53E440000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.311057643.000002B53E45A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.311739368.000002B53E45C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://dev.x-bees.biz
    Source: svchost.exe, 00000018.00000003.311057643.000002B53E45A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
    Source: svchost.exe, 00000018.00000003.311057643.000002B53E45A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.311739368.000002B53E45C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
    Source: svchost.exe, 00000018.00000003.311057643.000002B53E45A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.311739368.000002B53E45C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
    Source: svchost.exe, 00000018.00000003.311204625.000002B53E447000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t
    Source: svchost.exe, 00000018.00000003.311025722.000002B53E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
    Source: svchost.exe, 00000018.00000002.311700759.000002B53E43D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
    Source: svchost.exe, 00000018.00000003.289281241.000002B53E431000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Analytics/wiservice
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Analytics/wiserviceext_getsid()
    Source: wiservice.exe, 0000001A.00000002.300181357.000001DE6EF68000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.344177984.000002DA60828000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.643874041.000002778CBE0000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.460701634.000001AF24F08000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.486076601.0000024DC6949000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiservice
    Source: wiservice.exe, 00000040.00000002.643874041.000002778CBE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiservice-Mx
    Source: wiservice.exe, 00000041.00000002.460701634.000001AF24F08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/WiserviceDt
    Source: wiservice.exe, 0000001F.00000002.344177984.000002DA60828000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiservicedl
    Source: wiservice.exe, 0000001A.00000002.300181357.000001DE6EF68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiservicee
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/WiserviceemailothersendLogssizestypemessagecontextfeedba
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://files.wildix.com/integrations/
    Source: wiservice.exe, 0000001A.00000002.300181357.000001DE6EF68000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.344177984.000002DA60828000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.643874041.000002778CBE0000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.460701634.000001AF24F08000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.486076601.0000024DC6949000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.json
    Source: wiservice.exe, 00000042.00000002.486076601.0000024DC6949000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.json$
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.jsonhttps://backtrace.wildix.com/api/v1/Integrati
    Source: wiservice.exe, 0000001F.00000002.344177984.000002DA60828000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.jsonkl
    Source: wiservice.exe, 0000001A.00000002.300181357.000001DE6EF68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.jsonse.dll
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://files.wildix.com/integrations/x-beesNativeApp.jsonapplications.jsoncouldn
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/16739
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/16739cv::MatOp_AddEx::assign0?
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://hubspot.wildix.com
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://kite-dev.wildix.com
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://kite-stage.wildix.com
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://kite-stage.wildix.comorigin
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://kite.wildix.com
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://nightly.x-bees.biz
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://nightly.x-bees.bizhttps://hubspot.wildix.comhttps://conference.wildix.comhttps://stage.confe
    Source: SetupWIService.exe, 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001F.00000003.343640925.000002DA608A6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.646094222.000002778E896000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.646452486.000002778E90C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.646170253.000002778E8AF000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.645897231.000002778E872000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.646345446.000002778E8D1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000044.00000002.644776912.000001B756DC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://stable.x-bees.biz
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://stage.conference.wildix.com
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://stage.x-bees.biz
    Source: svchost.exe, 00000018.00000002.311700759.000002B53E43D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
    Source: svchost.exe, 00000018.00000002.311700759.000002B53E43D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.311565902.000002B53E413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
    Source: svchost.exe, 00000018.00000003.289281241.000002B53E431000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
    Source: svchost.exe, 00000018.00000003.311078030.000002B53E440000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.311220774.000002B53E445000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
    Source: svchost.exe, 00000018.00000003.289281241.000002B53E431000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
    Source: svchost.exe, 00000018.00000003.289281241.000002B53E431000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.311694260.000002B53E43A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
    Source: svchost.exe, 00000018.00000002.311565902.000002B53E413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.tiles.ditu.live.com/tiles/gen19
    Source: wiservice.exe, 00000040.00000003.459711794.000002778CCB7000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.645585382.000002778CC99000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://www.wildix.com
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://www.wildix.comwww.wildix.comURL
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://x-bees.biz
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://x-bees.bizhttps://dev.x-bees.bizhttps://stage.x-bees.bizhttps://stable.x-bees.bizrecv
    Source: unknownHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 404Content-Type: application/x-www-form-urlencoded
    Source: unknownDNS traffic detected: queries for: feedback.wildix.com
    Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00405275 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405275

    Spam, unwanted Advertisements and Ransom Demands

    barindex
    Modifies the hosts file
    Source: C:\Program Files\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hosts
    Source: SetupWIService.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    Source: C:\Windows\System32\spoolsv.exeFile deleted: C:\Windows\System32\spool\drivers\x64\3\Old\1\stddtype.gdl
    Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_0040326B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040326B
    Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\wfaxport.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00406FC40_2_00406FC4
    Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_004067ED0_2_004067ED
    Source: C:\Windows\System32\spoolsv.exeCode function: 34_2_00007FFC1FD19CA034_2_00007FFC1FD19CA0
    Source: C:\Windows\System32\spoolsv.exeCode function: 34_2_00007FFC1FD06F1034_2_00007FFC1FD06F10
    Source: C:\Windows\System32\spoolsv.exeCode function: 34_2_00007FFC1FD00CE034_2_00007FFC1FD00CE0
    Source: C:\Windows\System32\spoolsv.exeCode function: 34_2_00007FFC1FD119D034_2_00007FFC1FD119D0
    Source: C:\Windows\System32\spoolsv.exeCode function: 34_2_00007FFC1FD1482034_2_00007FFC1FD14820
    Source: C:\Windows\System32\spoolsv.exeCode function: 34_2_00007FFC1FD1130034_2_00007FFC1FD11300
    Source: C:\Windows\System32\spoolsv.exeCode function: 34_2_00007FFC1FD0D23034_2_00007FFC1FD0D230
    Source: C:\Windows\System32\spoolsv.exeCode function: 34_2_00007FFC1FD121A034_2_00007FFC1FD121A0
    Source: C:\Windows\System32\spoolsv.exeCode function: 34_2_00007FFC1FD131A034_2_00007FFC1FD131A0
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 37_2_00007FFBB00F0BD137_2_00007FFBB00F0BD1
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 39_2_00007FFBB0100BD139_2_00007FFBB0100BD1
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 39_2_00007FFBB010214939_2_00007FFBB0102149
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 43_2_00007FFBB00F0BD143_2_00007FFBB00F0BD1
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 49_2_00007FFBB0110BD149_2_00007FFBB0110BD1
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 51_2_00007FFBB00E0BD151_2_00007FFBB00E0BD1
    Source: C:\Windows\System32\spoolsv.exeCode function: String function: 00007FFC1FD150C0 appears 48 times
    Source: UC.dll.0.drStatic PE information: No import functions for PE file found
    Source: SetupWIService.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: SetupWIService.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: SetupWIService.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: WildixOutlookIntegration.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: WildixOutlookIntegration.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: wiservice.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: wiservice.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: wiservice.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: UninstallWIService.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: UninstallWIService.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: UninstallWIService.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: UninstallWIService.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: UninstallWIService.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: UninstallWIService.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: C:\Windows\System32\svchost.exeSection loaded: xboxlivetitleid.dllJump to behavior
    Source: C:\Windows\System32\svchost.exeSection loaded: cdpsgshims.dllJump to behavior
    Source: C:\Windows\System32\svchost.exeSection loaded: windowscoredeviceinfo.dllJump to behavior
    Source: C:\Windows\System32\svchost.exeSection loaded: windowscoredeviceinfo.dllJump to behavior
    Source: C:\Windows\System32\svchost.exeSection loaded: windowscoredeviceinfo.dllJump to behavior
    Source: C:\Windows\System32\svchost.exeSection loaded: windowscoredeviceinfo.dllJump to behavior
    Source: C:\Windows\System32\spoolsv.exeSection loaded: ualapi.dllJump to behavior
    Source: C:\Windows\System32\spoolsv.exeSection loaded: ualapi.dll
    Source: C:\Users\user\Desktop\SetupWIService.exeFile read: C:\Users\user\Desktop\SetupWIService.exeJump to behavior
    Source: SetupWIService.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\SetupWIService.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\SetupWIService.exe "C:\Users\user\Desktop\SetupWIService.exe"
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exe
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exe
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exe
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exe
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exe
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exe
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exe
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exe
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exe
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exe
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exe
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exe
    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
    Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k unistacksvcgroup
    Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
    Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
    Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --removesvc
    Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k netsvcs -p
    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
    Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
    Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter
    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
    Source: unknownProcess created: C:\Windows\System32\spoolsv.exe C:\Windows\System32\spoolsv.exe
    Source: unknownProcess created: C:\Windows\System32\spoolsv.exe C:\Windows\System32\spoolsv.exe
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
    Source: unknownProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\WIService.exe"
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc
    Source: unknownProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --hostsvc
    Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exeJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exeJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exeJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exeJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exeJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --removesvcJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinterJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebaseJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebaseJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebaseJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebaseJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebaseJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebaseJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebaseJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silentJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebaseJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvcJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: unknown unknownJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenableJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
    Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher
    Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: unknown unknown
    Source: C:\Users\user\Desktop\SetupWIService.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_0040326B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040326B
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIService.exe")
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIui.exe")
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "wirtpproxy.exe")
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "wiservice-ui.exe")
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vncsrv.exe")
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WildixOutlookIntegration.exe")
    Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vncsrv.exe")
    Source: C:\Windows\System32\svchost.exeFile created: C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etlJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsfF4E3.tmpJump to behavior
    Source: classification engineClassification label: mal63.troj.adwa.evad.winEXE@103/79@2/4
    Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00402138 CoCreateInstance,MultiByteToWideChar,0_2_00402138
    Source: C:\Users\user\Desktop\SetupWIService.exeFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00404530 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404530
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
    Source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
    Source: Office.dll.0.dr, Office.Core/ICTPFactory.csTask registration methods: 'CreateCTP'
    Source: Office.dll.0.dr, Office.Core/SharedWorkspaceTask.csTask registration methods: 'get_CreatedDate', 'get_CreatedBy'
    Source: Office.dll.0.dr, Office.Core/WorkflowTask.csTask registration methods: 'get_CreatedDate', 'get_CreatedBy'
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1768:120:WilError_01
    Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:736:120:WilError_01
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1500:120:WilError_01
    Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\com.wildix.desktop-integration.service
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4832:120:WilError_01
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5744:120:WilError_01
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4996:120:WilError_01
    Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.svchost
    Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\com.wildix.desktop-integration.proxyex
    Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.dispatcher
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4300:120:WilError_01
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5524:120:WilError_01
    Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WIS
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5488:120:WilError_01
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:648:120:WilError_01
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2596:120:WilError_01
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4420:120:WilError_01
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5612:120:WilError_01
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1652:120:WilError_01
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5584:120:WilError_01
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5960:120:WilError_01
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4884:120:WilError_01
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5072:120:WilError_01
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\WildixJump to behavior
    Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
    Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
    Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
    Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Users\user\Desktop\SetupWIService.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\Wildix.AddInJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIServiceJump to behavior
    Source: SetupWIService.exeStatic file information: File size 11834040 > 1048576
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\WildixJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIServiceJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xmlJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix.icoJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wiservice.exeJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\faxJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDLJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDNAMES.GPDJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDLJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHMX.GDLJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.HLPJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\imgprint.gpdJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\wfaxport.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resourcesJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resources\cdr.dbJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook IntegrationJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Interop.Outlook.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Uc.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Newtonsoft.Json.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Office.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Console.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Debug.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.File.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\UC.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\websocket-sharp.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\wildix-oi.icoJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dll.manifestJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookCommon.dllJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.vstoJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exeJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exe.configJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\Outlook Integration\dotnet-dump.exeJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\proxyex.lnkJump to behavior
    Source: SetupWIService.exeStatic PE information: certificate valid
    Source: SetupWIService.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\rand\randfile.cFilename=RANDFILESYSTEMROOT.rnd source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: C:\design\wiservice\deploy\win-x64-release\wiservice.pdb source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: C:\design\wiservice\deploy\win-x64-release\fax\wfaxport.pdb``. source: spoolsv.exe, 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: C:\design\wiservice\deploy\win-x64-release\wiservice.pdbU source: wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: C:\design\wiservice\deploy\win-x64-release\fax\wfaxport.pdb source: spoolsv.exe, 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmp

    Data Obfuscation

    barindex
    Yara detected GuLoader
    Source: Yara matchFile source: Process Memory Space: SetupWIService.exe PID: 5920, type: MEMORYSTR
    Source: Newtonsoft.Json.dll.0.drStatic PE information: 0xDFF1C7F1 [Fri Jan 21 16:48:49 2089 UTC]
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\websocket-sharp.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\dotnet-dump.exeJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to dropped file
    Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrvui.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nspF522.tmp\nsExec.dllJump to dropped file
    Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unires.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Debug.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nspF522.tmp\nsDialogs.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookCommon.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.File.dllJump to dropped file
    Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Interop.Outlook.dllJump to dropped file
    Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file
    Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nspF522.tmp\System.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Office.dllJump to dropped file
    Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\wfaxport.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Serilog.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exeJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\wiservice.exeJump to dropped file
    Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dllJump to dropped file
    Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrv.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Uc.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\wfaxport.dllJump to dropped file
    Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to dropped file
    Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Console.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\Program Files\Wildix\Outlook Integration\UC.dllJump to dropped file
    Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrvui.dllJump to dropped file
    Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unires.dllJump to dropped file
    Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dllJump to dropped file
    Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dllJump to dropped file
    Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrv.dllJump to dropped file
    Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file
    Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)Jump to dropped file
    Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\wfaxport.dllJump to dropped file
    Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)Jump to dropped file

    Boot Survival

    barindex
    Sets file extension default program settings to executables
    Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\callto\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sip\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wildix\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_CURRENT_USER_Classes\callto\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_CURRENT_USER_Classes\sip\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_CURRENT_USER_Classes\tel\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created: HKEY_CURRENT_USER_Classes\wildix\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tel\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1Jump to behavior
    Uses schtasks.exe or at.exe to add and modify task schedules
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildixJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIServiceJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIService\Uninstall.lnkJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WIServiceJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WIServiceJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
    Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
    Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
    Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
    Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
    Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
    Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
    Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX

    Malware Analysis System Evasion

    barindex
    Tries to delay execution (extensive OutputDebugStringW loop)
    Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: OutputDebugStringW count: 189
    Query firmware table information (likely to detect VMs)
    Source: C:\Windows\System32\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 2072Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5116Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 1280Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 1404Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 3128Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5716Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 4228Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 1216Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\spoolsv.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_34-17548
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\dotnet-dump.exeJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\websocket-sharp.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to dropped file
    Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\3\New\unires.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Debug.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\WildixOutlookCommon.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.File.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Interop.Outlook.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exeJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Serilog.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Uc.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to dropped file
    Source: C:\Program Files\Wildix\WIService\wiservice.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Office.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Console.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\UC.dllJump to dropped file
    Source: C:\Users\user\Desktop\SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to dropped file
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
    Source: C:\Windows\System32\spoolsv.exeAPI coverage: 3.9 %
    Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information queried: ProcessInformation
    Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00402765 FindFirstFileA,0_2_00402765
    Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_00406313 FindFirstFileA,FindClose,0_2_00406313
    Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_004057D8 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004057D8
    Source: C:\Windows\System32\spoolsv.exeCode function: 34_2_00007FFC1FD03F10 FindFirstFileW,_invalid_parameter_noinfo_noreturn,FindClose,34_2_00007FFC1FD03F10
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\Desktop\SetupWIService.exeAPI call chain: ExitProcess graph end nodegraph_0-3473
    Source: svchost.exe, 0000001B.00000002.647988051.000001A0119B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
    Source: spoolsv.exe, 00000021.00000002.326251850.00000000012E5000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 00000021.00000003.325868560.00000000012E5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll.
    Source: svchost.exe, 0000001B.00000002.647988051.000001A0119B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware7,1
    Source: svchost.exe, 00000013.00000002.640913745.000002C4B0602000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcDsSvcfhsvcWPDBusEnumsvsvcwlansvcEmbeddedModeirmonSensorServicevmicvssNgcSvcsysmainDevQueryBrokerStorSvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionNcbServiceNetmanDeviceAssociationServiceTabletInputServicePcaSvcIPxlatCfgSvcCscServiceUmRdpService
    Source: wiservice.exe, 00000042.00000003.480862181.0000024DC6977000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000003.481074882.0000024DC697F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllK
    Source: svchost.exe, 00000013.00000002.642151538.000002C4B063C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000002.643035087.000001E386C4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000002.641984934.0000020069C29000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.299825215.000001DE6EFA3000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.299590220.000001DE6EF94000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.299957007.000001DE6EFA5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001F.00000003.343789121.000002DA60861000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 00000022.00000002.641207440.0000000000662000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 00000022.00000003.398254784.0000000000662000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.459494416.000001AF24F2D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.459657440.000001AF24F32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: wiservice.exe, 00000040.00000002.643874041.000002778CBE0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Windows\System32\spoolsv.exeCode function: 34_2_00007FFC1FD16758 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,34_2_00007FFC1FD16758
    Source: C:\Windows\System32\spoolsv.exeCode function: 34_2_00007FFC1FD24F10 GetProcessHeap,HeapAlloc,std::bad_alloc::bad_alloc,34_2_00007FFC1FD24F10
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: page read and write | page guard
    Source: C:\Windows\System32\spoolsv.exeCode function: 34_2_00007FFC1FD15ED0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,34_2_00007FFC1FD15ED0
    Source: C:\Windows\System32\spoolsv.exeCode function: 34_2_00007FFC1FD16758 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,34_2_00007FFC1FD16758

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Modifies the hosts file
    Source: C:\Program Files\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hosts
    DLL side loading technique detected
    Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\wfaxport.dll
    Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\spool\drivers\x64\unidrv.dll
    Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\spool\drivers\x64\unidrvui.dll
    Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\spool\drivers\x64\3\unidrvui.dll
    Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\spool\drivers\x64\3\unidrv.dll
    Source: C:\Windows\System32\spoolsv.exeSection loaded: C:\Windows\System32\spool\drivers\x64\3\unidrvui.dll
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exeJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exeJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exeJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exeJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exeJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebaseJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebaseJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebaseJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebaseJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebaseJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebaseJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebaseJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silentJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: unknown unknownJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
    Source: C:\Users\user\Desktop\SetupWIService.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SetupWIService.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
    Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\spoolsv.exeCode function: 34_2_00007FFC1FCF14A0 cpuid 34_2_00007FFC1FCF14A0
    Source: C:\Program Files\Wildix\WIService\wiservice.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
    Source: C:\Program Files\Wildix\WIService\wiservice.exeCode function: 26_2_00007FF68C830434 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,26_2_00007FF68C830434
    Source: C:\Users\user\Desktop\SetupWIService.exeCode function: 0_2_0040326B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040326B

    Lowering of HIPS / PFW / Operating System Security Settings

    barindex
    Uses netsh to modify the Windows network and firewall settings
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
    Modifies the hosts file
    Source: C:\Program Files\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hosts
    Changes security center settings (notifications, updates, antivirus, firewall)
    Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cvalJump to behavior
    Modifies the windows firewall
    Source: C:\Users\user\Desktop\SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
    Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
    Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : FirewallProduct
    Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiVirusProduct
    Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiSpywareProduct
    Source: svchost.exe, 0000001B.00000002.647041413.000001A01196D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \BullGuard Ltd\BullGuard\BullGuard.exe
    Source: svchost.exe, 0000001E.00000002.641248155.000001F787613000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.643018714.000001F787702000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid Accounts11
    Windows Management Instrumentation    		11
    DLL Side-Loading    		11
    DLL Side-Loading    		1
    File and Directory Permissions Modification    		OS Credential Dumping1
    System Time Discovery    		Remote Services11
    Archive Collected Data    		Exfiltration Over Other Network Medium11
    Encrypted Channel    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
    System Shutdown/Reboot
    Default Accounts1
    Native API    		1
    DLL Search Order Hijacking    		1
    DLL Search Order Hijacking    		311
    Disable or Modify Tools    		LSASS Memory2
    File and Directory Discovery    		Remote Desktop Protocol1
    Clipboard Data    		Exfiltration Over Bluetooth2
    Non-Application Layer Protocol    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain Accounts11
    Scheduled Task/Job    		1
    Windows Service    		1
    Access Token Manipulation    		1
    Deobfuscate/Decode Files or Information    		Security Account Manager37
    System Information Discovery    		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
    Application Layer Protocol    		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)11
    Scheduled Task/Job    		1
    Windows Service    		1
    Obfuscated Files or Information    		NTDS151
    Security Software Discovery    		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
    Cloud AccountsCron11
    Registry Run Keys / Startup Folder    		11
    Process Injection    		1
    Timestomp    		LSA Secrets1
    Process Discovery    		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
    Replication Through Removable MediaLaunchdRc.common11
    Scheduled Task/Job    		11
    DLL Side-Loading    		Cached Domain Credentials231
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
    External Remote ServicesScheduled TaskStartup Items11
    Registry Run Keys / Startup Folder    		1
    DLL Search Order Hijacking    		DCSync1
    Remote System Discovery    		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
    File Deletion    		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
    Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)123
    Masquerading    		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
    Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)231
    Virtualization/Sandbox Evasion    		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
    Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron1
    Access Token Manipulation    		Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
    Compromise Software Supply ChainUnix ShellLaunchdLaunchd11
    Process Injection    		KeyloggingLocal GroupsComponent Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 signatures2 2 Behavior Graph ID: 706095 Sample: SetupWIService.exe Startdate: 20/09/2022 Architecture: WINDOWS Score: 63 78 Yara detected GuLoader 2->78 80 Tries to delay execution (extensive OutputDebugStringW loop) 2->80 7 SetupWIService.exe 43 76 2->7         started        11 spoolsv.exe 2->11         started        13 svchost.exe 2->13         started        15 13 other processes 2->15 process3 dnsIp4 56 C:\Program Files\Wildix\...\wiservice.exe, PE32+ 7->56 dropped 58 C:\...\WisUpdateCheckerTaskX64.xml, XML 7->58 dropped 60 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 7->60 dropped 68 23 other files (none is malicious) 7->68 dropped 88 Sets file extension default program settings to executables 7->88 90 Modifies the windows firewall 7->90 18 wiservice.exe 2 19 7->18         started        21 cmd.exe 7->21         started        24 wiservice.exe 7->24         started        30 18 other processes 7->30 62 C:\Windows\system32\...\unires.dll (copy), PE32+ 11->62 dropped 64 C:\Windows\system32\...\unidrvui.dll (copy), PE32+ 11->64 dropped 66 C:\Windows\system32\...\unidrv.dll (copy), PE32+ 11->66 dropped 70 3 other files (none is malicious) 11->70 dropped 92 DLL side loading technique detected 11->92 94 Changes security center settings (notifications, updates, antivirus, firewall) 13->94 26 MpCmdRun.exe 13->26         started        72 feedback.wildix.com 35.157.107.60, 443, 49721 AMAZON-02US United States 15->72 74 52.57.145.52, 443, 49722 AMAZON-02US United States 15->74 76 2 other IPs or domains 15->76 96 Query firmware table information (likely to detect VMs) 15->96 28 wiservice.exe 15->28         started        file5 signatures6 process7 file8 46 C:\Windows\System32\wfaxport.dll, PE32+ 18->46 dropped 48 C:\Windows\System32\spool\...\unidrvui.dll, PE32+ 18->48 dropped 50 C:\Windows\System32\spool\...\unidrv.dll, PE32+ 18->50 dropped 52 C:\Windows\System32\spool\...\unires.dll, PE32+ 18->52 dropped 82 Uses schtasks.exe or at.exe to add and modify task schedules 21->82 84 Uses netsh to modify the Windows network and firewall settings 21->84 32 conhost.exe 21->32         started        34 schtasks.exe 21->34         started        54 C:\Windows\System32\drivers\etc\hosts, ASCII 24->54 dropped 86 Modifies the hosts file 24->86 36 conhost.exe 26->36         started        38 taskkill.exe 1 30->38         started        40 taskkill.exe 1 30->40         started        42 taskkill.exe 1 30->42         started        44 21 other processes 30->44 signatures9 process10

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    No Antivirus matches

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    SourceDetectionScannerLabelLinkDownload
    0.2.SetupWIService.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File
    0.0.SetupWIService.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
    http://ocsp.sectigo.com00%URL Reputationsafe
    http://ocsp.sectigo.com00%URL Reputationsafe
    http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
    http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
    http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
    https://sectigo.com/CPS00%URL Reputationsafe
    http://www.gimp.orgg0%URL Reputationsafe
    http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#0%URL Reputationsafe
    http://ocsp.sectigo.com0%URL Reputationsafe
    https://%s.xboxlive.com0%URL Reputationsafe
    http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
    http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y0%URL Reputationsafe
    https://dynamic.t0%URL Reputationsafe
    http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
    http://jimmac.musichall.cz0%URL Reputationsafe
    https://%s.dnet.xboxlive.com0%URL Reputationsafe
    http://pbx.wildix.comDisplayIcon0%Avira URL Cloudsafe
    https://x-bees.biz0%Avira URL Cloudsafe
    https://kite-stage.wildix.comorigin0%Avira URL Cloudsafe
    https://nightly.x-bees.biz0%Avira URL Cloudsafe
    https://dev.x-bees.biz0%Avira URL Cloudsafe
    https://stage.x-bees.biz0%Avira URL Cloudsafe
    https://stable.x-bees.biz0%Avira URL Cloudsafe
    http://ocsp.sectigo.com090%Avira URL Cloudsafe
    https://nightly.x-bees.bizhttps://hubspot.wildix.comhttps://conference.wildix.comhttps://stage.confe0%Avira URL Cloudsafe
    https://x-bees.bizhttps://dev.x-bees.bizhttps://stage.x-bees.bizhttps://stable.x-bees.bizrecv0%Avira URL Cloudsafe
    https://www.wildix.comwww.wildix.comURL0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    feedback.wildix.com
    		35.157.107.60
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://feedback.wildix.com/api/v1/Analytics/wiservicefalse
        		high

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://t0.tiles.ditu.live.com/tiles/gen19svchost.exe, 00000018.00000002.311565902.000002B53E413000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0SetupWIService.exe, 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001F.00000003.343640925.000002DA608A6000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://ocsp.sectigo.com0SetupWIService.exe, 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001F.00000003.343640925.000002DA608A6000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          https://dev.ditu.live.com/REST/v1/Routes/svchost.exe, 00000018.00000002.311700759.000002B53E43D000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://dev.virtualearth.net/REST/v1/Routes/Drivingsvchost.exe, 00000018.00000003.311025722.000002B53E461000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashxsvchost.exe, 00000018.00000002.311700759.000002B53E43D000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://dev.ditu.live.com/REST/v1/Traffic/Incidents/svchost.exe, 00000018.00000003.311057643.000002B53E45A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.311739368.000002B53E45C000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://files.wildix.com/integrations/integrations.jsonklwiservice.exe, 0000001F.00000002.344177984.000002DA60828000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://dev.virtualearth.net/REST/v1/Routes/Walkingsvchost.exe, 00000018.00000003.311025722.000002B53E461000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://nightly.x-bees.bizwiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.wildix.comwiservice.exe, 00000040.00000003.459711794.000002778CCB7000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.645585382.000002778CC99000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                        		high
                        http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#SetupWIService.exe, 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001F.00000003.343640925.000002DA608A6000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=svchost.exe, 00000018.00000003.311078030.000002B53E440000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.311717583.000002B53E442000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.311228232.000002B53E441000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://feedback.wildix.com/api/v1/Feedback/Wiserviceewiservice.exe, 0000001A.00000002.300181357.000001DE6EF68000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://feedback.wildix.com/api/v1/Feedback/Wiservicewiservice.exe, 0000001A.00000002.300181357.000001DE6EF68000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.344177984.000002DA60828000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.643874041.000002778CBE0000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.460701634.000001AF24F08000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.486076601.0000024DC6949000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://files.wildix.com/integrations/wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                                		high
                                https://x-bees.bizwiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://github.com/opencv/opencv/issues/16739wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                                  		high
                                  https://backtrace.wildix.com/api/v1/IntegrationService/Trace/dllwiservice.exe, 0000001A.00000002.300181357.000001DE6EF68000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://curl.haxx.se/docs/http-cookies.htmlwiservice.exe, 0000001A.00000002.301630226.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.296160783.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.346612581.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.314281732.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651719938.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000000.451832252.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000000.455364369.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.465532808.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.494487508.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000000.471116062.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmpfalse
                                      		high
                                      https://dev.ditu.live.com/mapcontrol/logging.ashxsvchost.exe, 00000018.00000003.311025722.000002B53E461000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://dev.ditu.live.com/REST/v1/Imagery/Copyright/svchost.exe, 00000018.00000003.311057643.000002B53E45A000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=svchost.exe, 00000018.00000003.289281241.000002B53E431000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://conference.wildix.comwiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                                              		high
                                              https://backtrace.wildix.com/api/v1/IntegrationService/Trace/nlwiservice.exe, 0000001F.00000002.344177984.000002DA60828000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://dev.virtualearth.net/REST/v1/Transit/Schedules/svchost.exe, 00000018.00000003.311078030.000002B53E440000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.311717583.000002B53E442000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.311228232.000002B53E441000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://files.wildix.com/integrations/integrations.jsonwiservice.exe, 0000001A.00000002.300181357.000001DE6EF68000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.344177984.000002DA60828000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.643874041.000002778CBE0000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.460701634.000001AF24F08000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.486076601.0000024DC6949000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://stage.conference.wildix.comwiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                                                      		high
                                                      https://conference-dev-f.wildix.comwiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                                                        		high
                                                        http://firmwares.wildix.com/app/integrations/vc_redist_2019.x64.exeSetupWIService.exe, 00000000.00000002.509977226.0000000000722000.00000004.00000020.00020000.00000000.sdmp, SetupWIService.exe, 00000000.00000003.507646660.000000000071E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://feedback.wildix.com/api/v1/Analytics/wiserviceext_getsid()wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                                                            		high
                                                            http://www.bingmapsportal.comsvchost.exe, 00000018.00000002.311565902.000002B53E413000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://dev.x-bees.bizwiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://pbx.wildix.comDisplayIconSetupWIService.exe, 00000000.00000002.509977226.0000000000722000.00000004.00000020.00020000.00000000.sdmp, SetupWIService.exe, 00000000.00000003.507646660.000000000071E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/svchost.exe, 00000018.00000002.311700759.000002B53E43D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://backtrace.wildix.com/api/v1/IntegrationService/Trace/wiservice.exe, 0000001A.00000002.300181357.000001DE6EF68000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.344177984.000002DA60828000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.643874041.000002778CBE0000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.460701634.000001AF24F08000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.486076601.0000024DC6949000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashxsvchost.exe, 00000018.00000003.311025722.000002B53E461000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#wiservice.exe, 00000040.00000002.646094222.000002778E896000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.646170253.000002778E8AF000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.645897231.000002778E872000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.646345446.000002778E8D1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000044.00000002.644776912.000001B756DC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://kite-stage.wildix.comoriginwiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://stage.x-bees.bizwiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://files.wildix.com/integrations/integrations.jsonhttps://backtrace.wildix.com/api/v1/Integratiwiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                      		high
                                                                      https://sectigo.com/CPS0SetupWIService.exe, 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001F.00000003.343640925.000002DA608A6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.646094222.000002778E896000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.646452486.000002778E90C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.646170253.000002778E8AF000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.645897231.000002778E872000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.646345446.000002778E8D1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000044.00000002.644776912.000001B756DC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://feedback.wildix.com/api/v1/Feedback/WiserviceemailothersendLogssizestypemessagecontextfeedbawiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                        		high
                                                                        https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=svchost.exe, 00000018.00000003.311078030.000002B53E440000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.311220774.000002B53E445000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://feedback.wildix.com/api/v1/Feedback/Wiservice-Mxwiservice.exe, 00000040.00000002.643874041.000002778CBE0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://stable.x-bees.bizwiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://kite-stage.wildix.comwiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                              		high
                                                                              https://files.wildix.com/integrations/x-beesNativeApp.jsonapplications.jsoncouldnwiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                		high
                                                                                http://ocsp.sectigo.com09wiservice.exe, 00000040.00000002.646094222.000002778E896000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.646170253.000002778E8AF000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.645897231.000002778E872000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000040.00000002.646345446.000002778E8D1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000044.00000002.644776912.000001B756DC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.gimp.orggwiservice.exe, 0000001A.00000002.301630226.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.296160783.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.346612581.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.314281732.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651719938.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000000.451832252.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000000.455364369.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.465532808.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.494487508.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000000.471116062.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://dev.virtualearth.net/REST/v1/Routes/svchost.exe, 00000018.00000002.311700759.000002B53E43D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://dev.virtualearth.net/REST/v1/Traffic/Incidents/svchost.exe, 00000018.00000003.289281241.000002B53E431000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=svchost.exe, 00000018.00000003.289281241.000002B53E431000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#SetupWIService.exe, 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001F.00000003.343640925.000002DA608A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?svchost.exe, 00000018.00000003.311078030.000002B53E440000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.311057643.000002B53E45A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.311739368.000002B53E45C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://files.wildix.com/integrations/integrations.json$wiservice.exe, 00000042.00000002.486076601.0000024DC6949000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://nsis.sf.net/NSIS_ErrorErrorSetupWIService.exe, 00000000.00000000.244728188.000000000040A000.00000008.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                            		high
                                                                                            http://ocsp.sectigo.comwiservice.exe, 00000040.00000002.645897231.000002778E872000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=svchost.exe, 00000018.00000002.311700759.000002B53E43D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.311565902.000002B53E413000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://feedback.wildix.com/api/v1/Feedback/Wiservicedlwiservice.exe, 0000001F.00000002.344177984.000002DA60828000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://kite-dev.wildix.comwiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                                  		high
                                                                                                  https://%s.xboxlive.comsvchost.exe, 00000015.00000002.643035087.000001E386C4F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		low
                                                                                                  https://backtrace.wildix.com/api/v1/IntegrationService/Trace/Ktwiservice.exe, 00000041.00000002.460701634.000001AF24F08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://dev.virtualearth.net/REST/v1/Locationssvchost.exe, 00000018.00000003.311025722.000002B53E461000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://pbx.wildix.comSetupWIService.exe, 00000000.00000002.509977226.0000000000722000.00000004.00000020.00020000.00000000.sdmp, SetupWIService.exe, 00000000.00000003.507646660.000000000071E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=svchost.exe, 00000018.00000003.289281241.000002B53E431000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://dev.virtualearth.net/mapcontrol/logging.ashxsvchost.exe, 00000018.00000003.311025722.000002B53E461000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://files.wildix.com/integrations/integrations.jsonse.dllwiservice.exe, 0000001A.00000002.300181357.000001DE6EF68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://firmwares.wildix.com/app/integrations/vc_redist_2019.x64.exegetOKErrorSetupWIService.exe, 00000000.00000002.509977226.0000000000722000.00000004.00000020.00020000.00000000.sdmp, SetupWIService.exe, 00000000.00000003.507646660.000000000071E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://conference-up.wildix.comwiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tSetupWIService.exe, 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001F.00000003.343640925.000002DA608A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://nightly.x-bees.bizhttps://hubspot.wildix.comhttps://conference.wildix.comhttps://stage.confewiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=svchost.exe, 00000018.00000003.311057643.000002B53E45A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.311739368.000002B53E45C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/svchost.exe, 00000018.00000003.311057643.000002B53E45A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.311739368.000002B53E45C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://x-bees.bizhttps://dev.x-bees.bizhttps://stage.x-bees.bizhttps://stable.x-bees.bizrecvwiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://nsis.sf.net/NSIS_ErrorSetupWIService.exe, SetupWIService.exe, 00000000.00000000.244728188.000000000040A000.00000008.00000001.01000000.00000003.sdmp, SetupWIService.exe, 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0ySetupWIService.exe, 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001F.00000003.343640925.000002DA608A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://dynamic.tsvchost.exe, 00000018.00000003.311204625.000002B53E447000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#SetupWIService.exe, 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001F.00000003.343640925.000002DA608A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://dev.virtualearth.net/REST/v1/Routes/Transitsvchost.exe, 00000018.00000003.311025722.000002B53E461000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://jimmac.musichall.czwiservice.exe, 0000001A.00000002.301630226.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001A.00000000.296160783.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.346612581.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000000.314281732.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651719938.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000000.451832252.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000000.455364369.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.465532808.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.494487508.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000000.471116062.00007FF68C92A000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://github.com/opencv/opencv/issues/16739cv::MatOp_AddEx::assign0?wiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://t0.ssl.ak.tiles.virtualearth.net/tiles/gensvchost.exe, 00000018.00000003.289281241.000002B53E431000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.311694260.000002B53E43A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.wildix.comwww.wildix.comURLwiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=svchost.exe, 00000018.00000003.311057643.000002B53E45A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.311739368.000002B53E45C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://activity.windows.comsvchost.exe, 00000015.00000002.643035087.000001E386C4F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://hubspot.wildix.comwiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://dev.ditu.live.com/REST/v1/Locationssvchost.exe, 00000018.00000003.311025722.000002B53E461000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://kite.wildix.comwiservice.exe, 0000001A.00000000.297379290.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 0000001F.00000002.347036573.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000040.00000002.651978171.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000041.00000002.466045139.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmp, wiservice.exe, 00000042.00000002.495608174.00007FF68CA7D000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://%s.dnet.xboxlive.comsvchost.exe, 00000015.00000002.643035087.000001E386C4F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		low
                                                                                                                                        https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/svchost.exe, 00000018.00000003.311057643.000002B53E45A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.311739368.000002B53E45C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=svchost.exe, 00000018.00000003.311057643.000002B53E45A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://feedback.wildix.com/api/v1/Feedback/WiserviceDtwiservice.exe, 00000041.00000002.460701634.000001AF24F08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high

                                                                                                                                              World Map of Contacted IPs

                                                                                                                                              • No. of IPs < 25%
                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                              • 75% < No. of IPs

                                                                                                                                              Public IPs

                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                              52.57.145.52
                                                                                                                                              		unknownUnited States
                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                              35.157.107.60
                                                                                                                                              		feedback.wildix.comUnited States
                                                                                                                                              		16509AMAZON-02USfalse

                                                                                                                                              Private

                                                                                                                                              IP
                                                                                                                                              192.168.2.1
                                                                                                                                              127.0.0.1

                                                                                                                                              General Information

                                                                                                                                              Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                                              Analysis ID:706095
                                                                                                                                              Start date and time:2022-09-20 11:45:12 +02:00
                                                                                                                                              Joe Sandbox Product:CloudBasic
                                                                                                                                              Overall analysis duration:0h 14m 28s
                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                              Report type:full
                                                                                                                                              Sample file name:SetupWIService.exe
                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                              Run name:Run with higher sleep bypass
                                                                                                                                              Number of analysed new started processes analysed:70
                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                              Technologies:
                                                                                                                                              • HCA enabled
                                                                                                                                              • EGA enabled
                                                                                                                                              • HDC enabled
                                                                                                                                              • AMSI enabled
                                                                                                                                              Analysis Mode:default
                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                              Detection:MAL
                                                                                                                                              Classification:mal63.troj.adwa.evad.winEXE@103/79@2/4
                                                                                                                                              EGA Information:
                                                                                                                                              • Successful, ratio: 83.3%
                                                                                                                                              HDC Information:
                                                                                                                                              • Successful, ratio: 100% (good quality ratio 68.5%)
                                                                                                                                              • Quality average: 50.5%
                                                                                                                                              • Quality standard deviation: 41.8%
                                                                                                                                              HCA Information:Failed
                                                                                                                                              Cookbook Comments:
                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                              • Sleeps bigger than 300000ms are automatically reduced to 1000ms

                                                                                                                                              Warnings

                                                                                                                                              • Exclude process from analysis (whitelisted): Conhost.exe, RuntimeBroker.exe, backgroundTaskHost.exe
                                                                                                                                              • Excluded IPs from analysis (whitelisted): 20.82.210.154, 20.40.136.238, 80.67.82.211, 80.67.82.235
                                                                                                                                              • Excluded domains from analysis (whitelisted): iris-de-prod-azsc-frc-b.francecentral.cloudapp.azure.com, fs.microsoft.com, login.live.com, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, img-prod-cms-rt-microsoft-com.akamaized.net, a1449.dscg2.akamai.net, arc.msn.com
                                                                                                                                              • Execution Graph export aborted for target wiservice.exe, PID 2792 because there are no executed function
                                                                                                                                              • Execution Graph export aborted for target wiservice.exe, PID 4220 because there are no executed function
                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                              Simulations

                                                                                                                                              Behavior and APIs

                                                                                                                                              TimeTypeDescription
                                                                                                                                              11:47:30AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run WIService C:\Program Files\Wildix\WIService\WIService.exe

                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                              IPs

                                                                                                                                              No context

                                                                                                                                              Domains

                                                                                                                                              No context

                                                                                                                                              ASNs

                                                                                                                                              No context

                                                                                                                                              JA3 Fingerprints

                                                                                                                                              No context

                                                                                                                                              Dropped Files

                                                                                                                                              No context

                                                                                                                                              Created / dropped Files

                                                                                                                                              C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Interop.Outlook.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):985392
                                                                                                                                              Entropy (8bit):5.550539796193669
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24576:jmPj0ZKH4lODcxSgo5Gn8WuMRIn+N3gN+zs5KPIVmkXiGzcJy3gt2LER6GvK9HwJ:jmb0ZKH4lODcxSgo5Gn8WuMRIn+N3gNM
                                                                                                                                              MD5:8FFDEBEB4A617B4FF57419134F39899B
                                                                                                                                              SHA1:05AF96F06DB733B79E7600EAA7AF50CF9882B94F
                                                                                                                                              SHA-256:27E94297CD8271085DD7462637BC082AA0852120EA15E97D1A03AD8A725F37A9
                                                                                                                                              SHA-512:9CDD381C76633EBF32FE02AD66FE149649DEF9A2665A6B67CD2ECEAE251F92200463C9D8208A2EEAAFDFA0050AE810621EE6E5747921E77E937BDFE275EDA1E5
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2.V...........!......... ........... ........@.. ....................... ......K'....@.....................................K.......................0)........................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Common.v4.0.Utilities.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):37168
                                                                                                                                              Entropy (8bit):6.3927313805743555
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:XWw7k8otmBsHC+w4TEn4jo+qMzEeBoOR/VEPY+GQ4A4agQS6Lc7DQWgyxmYi/Tjh:GwJTwYB4E5n/xe5arDkTC8PvyiR/a
                                                                                                                                              MD5:F2D359DDB3F951A4BA4C1C7005A12E36
                                                                                                                                              SHA1:4B7DC4D58A9F520ADFCCFBA13AB476B1C4BC4D37
                                                                                                                                              SHA-256:D4675EB4B2A9174B8664732A0B110ECF82D146D5410864B2E5A7C6CB1DFBC70E
                                                                                                                                              SHA-512:825C4D8F7A7B1FD7BBCDE3ED652A4183BEC9964B3212F83C39558BD3ABABC12C8F506B8D0D12C8111EC51E1550FC5489BB2F20B76668B521F3E648DD25936296
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..K...........!.....X..........nv... ........... ....................................@..................................v..O.......d............h..0)..........tu............................................... ............... ..H............text...tV... ...X.................. ..`.rsrc...d............Z..............@..@.reloc...............f..............@..B................Pv......H....... &..TO..................P .......................................2...B..5....vO{:R.G.._(P%+.....|cn.A..@.E.#.....w.....?o......."[......6...|..z...:,.L.......A..|.T^k.A....R-...N.......(/............o~...}......{....op...}....*..{....*v.{....ox.....o....u.........*2.{....ov...*2.{....ow...*2.{....ox...*6.{.....or...*6.{.....os...*6.{.....ot...*6.{.....ou...*2.{....on...*2.{....oe...*2.{....of...*2.{....oo...*2.{....ok...*2.{....oi...*2.{....oj...*2.{....om...

                                                                                                                                              C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):53552
                                                                                                                                              Entropy (8bit):6.184807796664277
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:m7vV5z3+6KTqUPtLnPDiQ0fWST41mocNAwkEGjhl2BOBaBnD/4xFsOokTnyiRL:AVs6c3dokTnyiV
                                                                                                                                              MD5:09AB8FD8DDCED623F4C040D13EA5020E
                                                                                                                                              SHA1:B4003B89163D3D67B3998C4947C354B8EC78D230
                                                                                                                                              SHA-256:2205DDA4B7D157751E0BD263F1BFEF897F170E0F3901CE315BB86697465149F5
                                                                                                                                              SHA-512:7CBD7A8B40C223D0FDA9D774E60815554F6B3E0BE96A1E20F6AF43FBF22E68FDE40BAC9956794D8F368DB9BE0CA115779CDE0922CAA31EFB300E8461BCF6F233
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S..K...........!................~.... ........... ...............................)....@.................................0...K.......@...............0)........................................................... ............... ..H............text........ ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B................`.......H........#......................P ......................................oM.?~!...g.h+...$.w....6]...3.U.9.8.!..d)r<....wV...OE!..NB...W.....k..,....h...@.......K.\6.<......6.<d.Y.A`.S..J.Q?..*..((.......oI...}......{....t....}....*..{....*N.{....o*.....(+...*..{....*2.{....oB...*6.{.....oC...*2.{....oD...*6.{.....oE...*2.{....oF...*2.{....oG...*6.{.....o>...*6.{.....o?...*6.{.....o@...*6.{.....oA...*2.{....o:...*2.{....o;...*:.(6.....}....*..{....*..{....*6.{.....o...

                                                                                                                                              C:\Program Files\Wildix\Outlook Integration\Microsoft.Office.Uc.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):483120
                                                                                                                                              Entropy (8bit):5.885163302617754
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:ua9ps9y+hl8hyfItfqNWtkT4yzIDUCEheLQta3spminCi5W3EKjWFY4A7+BkvCZ4:ua9ps9y+hl8hyfItfqNWtkT4yzIDUCEY
                                                                                                                                              MD5:990FA51CBD5541A88901013285EC6043
                                                                                                                                              SHA1:E8B632C2F5B8AEE62BFF8E412BE5BC1AD585212D
                                                                                                                                              SHA-256:09ACCF26D8E69563EA6922CDC144D5E0851CD9E8284CC71E0B0E02050CC12EF4
                                                                                                                                              SHA-512:FEDF15073E8EDBC89B27DCD5BB170193A885DB10120D10B24597EEF4CCEA035527BD78FB6B9071556E0E73165EC297CE97DBE9EEF0E13AFC945BC128303C7235
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......S...........!................~L... ...`....@.. ..............................}Y....@.................................(L..S....`...............6..0)........................................................... ............... ..H............text....,... ...................... ..`.rsrc........`.......0..............@..@.reloc...............4..............@..B................`L......H........^..(....................].......................................0..&...........{....9........{............o....**...0..&...........{....9........{............o....**...0..&...........{....9........{............o....**...0..6...........(........ ....}.........}.........}.........}....*...0............ ....."..... .... ...... .... n..... .... ...... .... P..... .... ...... .... (..... .... ...... .... D..... .... ...... .... D..... .... i..... .... ...... .... ...... .

                                                                                                                                              C:\Program Files\Wildix\Outlook Integration\Newtonsoft.Json.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):702768
                                                                                                                                              Entropy (8bit):5.94248397372167
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:Af9WGsSVSM2mxL2nRiOr8gUckc6V/g2GhBzj05cHDv:+XNL2PVh6B+Bzjmcjv
                                                                                                                                              MD5:C8A9DE4F5ABDFED0C1570F7A3AF1B1D7
                                                                                                                                              SHA1:07F437134004F35ABB75055A70CB617E089CE871
                                                                                                                                              SHA-256:AA2C36AC636277BF656B62EC833F8B2290EFB816AF23B972DF03E08019F37834
                                                                                                                                              SHA-512:DFD81C3C39D6A44CA794357D1DCF0C5FA08D35394FF08E9FA0F07EC31D4EE9DFB33741F36A16E730D8B5D064CDC7214F38B95CD247B65168A0B690711D6C6EA5
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0................. ........... ...............................o....`.....................................O.......................0)..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........z..<&..................<.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{[....3...{Z......(....,...{Z...*..{\.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                              C:\Program Files\Wildix\Outlook Integration\Office.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):420144
                                                                                                                                              Entropy (8bit):5.856238395685976
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:Oo4vyP2a+zKZsxgkE0PTpFh/2f7rvmcyjlSjnqxT:Oo4vyP2a+zKZsDr52f7rvmT
                                                                                                                                              MD5:57C9FB87B5EC760269EF6FBE749033EA
                                                                                                                                              SHA1:8837E614A10DD89E97A59D90459AE653DE5503EB
                                                                                                                                              SHA-256:F57BDE7FB0F320310186E3761D9C59F82D5AEA7CAE8C208636D566716B82462A
                                                                                                                                              SHA-512:455DC1F00AF21C76E56A1DEEE575F9E9F8A0D21F3412AD33C1F52E709C176CA115C9465E68CB7CE264D871AEF0A239E6523F3BCA0E428E0B0155A11001A57685
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....oAE...........!......... ......."... ...@....@.. ...............................v.......................................!..W....@..L............@..0)...`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc...L....@....... ..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Console.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):42800
                                                                                                                                              Entropy (8bit):6.287569526174843
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:7bd/GivDfRbUqX+pMA84UfYN7hzWrJ7HFjA7Avraq9E6ZAlJrKanrLCyaz/JllAe:Px+pe4L10ajxHJl7u4WHjWtkTpyiR1
                                                                                                                                              MD5:7C717A0DC865442E7D7E4E38B2BC6360
                                                                                                                                              SHA1:8FD574A9DAEABA424DA4F20B441015CCD5AA40A9
                                                                                                                                              SHA-256:9E15A8DCC635A7148BE0F41BE854D6A0A025C9C77B5B9C34A326870413988A21
                                                                                                                                              SHA-512:4AC0C1609AAE7F4B49B74E8377F69106AADEE9A622AF5A046C7335CD28B89CC958FBFCEFACC5E8F01EEA0F3FF8BD05C6B364172E39F2B9774DFB4F20DC043F8F
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.P..........." ..0..t..........z.... ........... ...............................b....`.................................(...O.......L............~..0)..........p...8............................................ ............... ..H............text....s... ...t.................. ..`.rsrc...L............v..............@..@.reloc...............|..............@..B................\.......H.......|R..t?..........................................................0..Y........-.r...ps....z.-.r%..ps....z(....-.(....-...%-.&(-...+.(........sN.........s.......o....*..-.r...ps....z.-.rC..ps....z.(.......s......o....*.(<...*..s....}.....(......}......%-.&rW..ps....z}......}....*...0............o....(......{....o....,L ....s....s......{......o.....{..........(......o....o.....o.....:.,..(......{..........(.....{......o.....o.......,..(.....*.......@..\........o.........

                                                                                                                                              C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.Debug.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):17200
                                                                                                                                              Entropy (8bit):6.79195093022485
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:rrDJKl99Xk8jr8VMpwKNsP6vT5ceGmGovy8ZpHGS:rr20rkTaMyiRl
                                                                                                                                              MD5:E90099CDCFABCE17BDB1BE9C6540E00E
                                                                                                                                              SHA1:8F6CEFF26F1EBE91B2BED5EB404AD9F0681B11E1
                                                                                                                                              SHA-256:A787899F17FC8CCCF062115535FEE2350451F73B5AFF6086F31C8CE321DE7A1F
                                                                                                                                              SHA-512:A09E1442FF54CC383621FE7AA5DC6F35EB20A956E161381782FA01BA4ABDA1524C650A347D77BCB7A3C5344F783FB4BE285015970940F158402CBF0C19D9FFBE
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............^/... ...@....... ..............................Gl....`................................../..O....@..@...............0)...`......X...8............................................ ............... ..H............text...d.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B................>/......H....... !.......................-.......................................0../........-.r...ps....z.-.r%..ps....z..s..........(....*..-.r...ps....z.-.rC..ps....z..s......o....*v.(......%-.&rC..ps....z}....*....0..+.......s......{......o.....o....(.......,..o.....*.......... ......BSJB............v4.0.30319......l...0...#~......\...#Strings........X...#US.P.......#GUID...`...X...#Blob...........W..........3........................................................................

                                                                                                                                              C:\Program Files\Wildix\Outlook Integration\Serilog.Sinks.File.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):36656
                                                                                                                                              Entropy (8bit):6.395366274410026
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:s2IVwX/kpnTXMcTWpHdD2JRrcfwcynkTVyiRz31q:wwXcpnTXMwWmJRXVnkTVyixE
                                                                                                                                              MD5:97A1DDD0105BD2CF367EB75AEA3B9ED5
                                                                                                                                              SHA1:E8C34504F4113B0FD4FE008085BDBE3AEAF3D4DB
                                                                                                                                              SHA-256:874F9E7643644D4E5B0DF1E4D29B2EB2B6369C4B5231DFED7B53ED8B008A0A80
                                                                                                                                              SHA-512:453FC6342128A8378D8E00CCBBA4B04D6F08234ADD39A00E709D76FF114439FEA3C65F0A1A088AE822067013F7511EC88087801DCB8C3C5A074CAF573724B4CC
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%>^..........." ..0..\...........{... ........... ..............................(.....`.................................O{..O.......4............f..0)...........z..8............................................ ............... ..H............text....[... ...\.................. ..`.rsrc...4............^..............@..@.reloc...............d..............@..B.................{......H........8..XA.................. z.......................................0.."...................................(....*...0.. .................................(....*.0..O........-.r...ps....z.-.r%..ps....z.-.r/..ps....z...s...........................(....*..0..(..............s..........................(....*.0..?........-.r...ps....z.-.r%..ps....z.-.r/..ps....z...s...........(....*..0..8.......... ...s..........................................(....*.0..9........-.rM..ps....z.-

                                                                                                                                              C:\Program Files\Wildix\Outlook Integration\Serilog.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):130352
                                                                                                                                              Entropy (8bit):6.1756602168004235
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:Hy8BcjSMkNtSR4rkA4Nqnv/BZ8OQNZMpWovqGkn/:SPSMkNtS6rzH7H+mk/
                                                                                                                                              MD5:63A36F36EA707EECB25E5D99DCE13F3B
                                                                                                                                              SHA1:B79A46055B184B6122B769911C5B05E6436D626E
                                                                                                                                              SHA-256:A46C0096917117E34F1083BA414B299ED44528C603C9B3773947DAB49666D832
                                                                                                                                              SHA-512:8F8167AACF73CAFFF7216190BB66BC720D199C5D830045268EE96B56100C65F88770312D300D54593CAF29C204B7F0A66B2F308ABA5DBA7119A8F2E206F931B2
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T<..........." ..0.............:.... ........... .......................@......m.....`.....................................O.......................0)... ......X...8............................................ ............... ..H............text...@.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......x...`A............................................................{(...*..{)...*V.(*.....}(.....})...*...0..;........u......,/(+....{(....{(...o,...,.(-....{)....{)...o....*.*. .... )UU.Z(+....{(...o/...X )UU.Z(-....{)...o0...X*.0...........r...p......%..{(....................-.q.............-.&.+.......o1....%..{)....................-.q.............-.&.+.......o1....(2...*..{3...*..{4...*V.(*.....}3.....}4...*...0..;........u......,/(+....{3....{3...o,...,.(-....{4..

                                                                                                                                              C:\Program Files\Wildix\Outlook Integration\UC.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):461104
                                                                                                                                              Entropy (8bit):5.2527820097188025
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:cw/0k3XAYWQuyOGiUpXWFgXFQIY0EH7+0BJmmDAvQNRplhxy6woW0nFTF9YvORIx:98KXAy7qy6EOdMqk
                                                                                                                                              MD5:CECDF5411BDF1050E2E64C53C3A99FC4
                                                                                                                                              SHA1:0951448EB0403F27DAAEC6D7922525EB908E5104
                                                                                                                                              SHA-256:FC9893B87975759C24B25EF7C6ED7023AFF729899197329E16EED29121FA8893
                                                                                                                                              SHA-512:72B8B1951E14BBE8BE8AE49718CC81D7C76A8FFB61C7E49EEA02F1D004D802A9F4FC0A8A6EAC573E92467DE3E80C80652849F9CAEAB6A013AA9DAB013952A2B9
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......aj..%...%...%....~~.$...%...$....~..$...Rich%...........PE..L......b...........!................................................................P.....@.......................................... ..................0)..............p............................................................................rdata..P...........................@..@.rsrc........ ......................@..@.......b........E..................b...........................b........l..................b............................................RSDS=...+..O.x{..Qs.....C:\design\wiservice\deploy\oi_release\UC.pdb........................GCTL....p....rdata..p........rdata$voltmd............rdata$zzzdbg.... .......rsrc$01.....!.......rsrc$02............................................................................................................................................................

                                                                                                                                              C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):297776
                                                                                                                                              Entropy (8bit):5.485268355053718
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:Qi1Aj3zXmT4WxeuoFazeytxjQ9XA53HW15xqGODsKWUgCDrP+CbmsjkmN:8HXGKKjQ9w53HW1fhAgCGCbmEkS
                                                                                                                                              MD5:D89235C82FD8AD0C2573927446945593
                                                                                                                                              SHA1:045A3CC249D3C1D2CB8E0CC670992A7EA0CA041F
                                                                                                                                              SHA-256:7BF88BC100D5320A4E70AB7643AB9A7CD31891446B554DB4B6B9FC4025F51CCC
                                                                                                                                              SHA-512:14EE7506D21C7BBC1E9D2750590EEC0B6A8250A2818BF4BE7D090957798147A954EB3BC13FD8F21991A3B92EF8BF39A21B7F31067E0A2E7576F8E91F80AB52A2
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b.........." ..0..X...........v... ........... ....................................`..................................v..O.......4............b..0)..........hu............................................... ............... ..H............text....V... ...X.................. ..`.rsrc...4............Z..............@..@.reloc...............`..............@..B.................v......H........M..4............................................................0...........(......(9...}....(....o ...o!...o".....r...%....o#....($.....s%...}.....{....r...p(...+('...o(....{.......{....(:...o)....{.... .....{....(:...o*....{.... .....{....(:...o+....{.....".{....(:...o,....{.....o-..."...A.s....o/....s%...}.....{....r7..p.........(0...o(....{.....2.{....(:...o)....{.... .....{....(:...o*....{.... .....{....(:...o+....{.......{....(:...o,....{.....o-..."..PA.s....o/

                                                                                                                                              C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.dll.manifest

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):18474
                                                                                                                                              Entropy (8bit):5.396520949446764
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:2yw5tUebz1qEr5M5Q92rbYQujYSQxrjfTr+RLX8uy3i/yI72yWU8GSTvky7F:tw5tUebz1qEr5M5Q92fYQKYSQxrrWtMX
                                                                                                                                              MD5:A8DCC0F1FD668D72CB172ABC7EE03112
                                                                                                                                              SHA1:8DACA657AE863D1E478AB096A276EC96ED961FB1
                                                                                                                                              SHA-256:EADF58AE5A595BC90986E6CFC820DCBAEE7BF98A76C8A21FF8CEFC1ECC3DE9AB
                                                                                                                                              SHA-512:02A1FF88B5F717299F38D9E10DE8CFE13DD2CD8BC0519FBA263AF7E3C0E26FF79E9A0B20BC6302E9694FA2CF1693901D664A21B7F364F3C2EF88A794C84201F6
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>.<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">. <asmv1:assemblyIdentity name="WildixOutlookAddin.dll" version="1.0.0.0" publicKeyToken="ba03c384a1328835" language="neutral" processorArchitecture="msil" type="win32" />. <description xmlns="urn:schemas-microsoft-com:asm.v1">WildixOutlookAddin</description>. <application />. <entryPoint>. <co.v1:customHostSpecified />. </entryPoint>. <trustInfo>. <security>. <applicationRequestMinimum>. <PermissionSet Unrestricted="true" ID=

                                                                                                                                              C:\Program Files\Wildix\Outlook Integration\WildixOutlookAddin.vsto

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):5593
                                                                                                                                              Entropy (8bit):5.803747490044073
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:0WLwO9Zc9SHFPkNQ9wF8YmOwTZalUEI1nF8YxzFodo9bBDA:fWNQBIK1sdEA
                                                                                                                                              MD5:698878C3A5F68E9003A99E2D79C21BFF
                                                                                                                                              SHA1:F629FCA320F7BB803405A183865F8AEA96006F0B
                                                                                                                                              SHA-256:C22C9A852F6BD1ACD6EA3F17CE50C5782858FA0513E31D7A3629011D354EB9EF
                                                                                                                                              SHA-512:D1176E3843B92EF12C9D834E12151F1977ADA3FF7525A438740F3D9452967530F0A985FAEC04C709BE1B2DC9D7CA3B667A908346A40FCEBCD0A951A3B6380463
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>.<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">. <assemblyIdentity name="WildixOutlookAddin.vsto" version="1.0.0.0" publicKeyToken="ba03c384a1328835" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />. <description asmv2:publisher="WildixOutlookAddin" asmv2:product="WildixOutlookAddin" xmlns="urn:schemas-microsoft-com:asm.v1" />. <deployment install="false" />. <compatibleFrameworks xmlns="urn:schemas-micro

                                                                                                                                              C:\Program Files\Wildix\Outlook Integration\WildixOutlookCommon.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):17200
                                                                                                                                              Entropy (8bit):6.799246481996451
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:vMs9ldT8jZ+egpwKNsP6vT2C56bRMAGmGovy8ZpHWBzNO:vH9ldYjfVkTytyiRMO
                                                                                                                                              MD5:0C4B8FBC943925A11A9B011970F082A7
                                                                                                                                              SHA1:305EB0BC8432EECF12FF6ACAB36B3C62BCB97CF6
                                                                                                                                              SHA-256:ED0692AC6B1482E47B8247D4ABD3A6175F731BAEFA34D11C311098A6A7DBAF79
                                                                                                                                              SHA-512:22FEF0E9073F5517ABECFDC85EFF2ABEBAF26FA482AB422F69E3650FCCEEEA71FAE8F7537D2C972FF3EAA449AA4180C5E02DBA02EBC001914F6DD6D5CE815D9D
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Zz..........." ..0..............1... ...@....... ...............................l....`..................................1..O....@..................0)...`.......0..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H........!..8.............................................................(....*..{....*"..}....*..(....*..(....*..(....*..{....*"..}....*..(....*..{....*"..}....*..(....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(......( ....r...p("....s....($.....(&...*.BSJB............v4.0.30319......l...P...#~..

                                                                                                                                              C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):655664
                                                                                                                                              Entropy (8bit):5.222967380631434
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:UDGMf41bQdNI8o68zlbue9nUpEJYbKKjQ9w53HW1fV/tGKjQte5mHWC0D7kTR:UDGRUnII7wtZKdUAKpHrgF
                                                                                                                                              MD5:E2B511949A9A0E6CDFD6B5ED871C5EE4
                                                                                                                                              SHA1:E9E8E5848232A73C45175E42BA185A7D22E625FE
                                                                                                                                              SHA-256:983D5590D5E243AC3B4F3DF8A28FC38BECB6B7C67AF40879D0074A1D90241DAD
                                                                                                                                              SHA-512:8A5C894A0EE4B19012AE1355BC41E69B9C0B340600EA8978E001E0AF630CD4FBF7506B8AA02712DDB935884E5BF8FCA809C0514F056AABE0C1888E93B96B2728
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b..............0.............Z:... ...@....@.. ....................... ............`..................................:..O....@..................0)...........8............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc..............................@..B................<:......H........0..........H....... +...........................................0..H.........}......s'...}.....((...........s)...s*...}.....{.....o+....{....o,...*.0..........s.......}r...r...p(-....s....%.o/...(0....(1....o2......}s.....s'...}t....{r.......i.......s3....o4...&......%..{t....%..{..... ....(5...&.{s...,..{s...z*...0...........u....,Es.....r#..p(-....s6...%s7...o8...}u..........s+...(.......{u...(....*.u$...,<s....rW..p(-...%.t$...}v.........s+...(....(......s9...(...

                                                                                                                                              C:\Program Files\Wildix\Outlook Integration\WildixOutlookIntegration.exe.config

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):146
                                                                                                                                              Entropy (8bit):4.983767070197417
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:vFWWMNHUz/cIMOodBQV7VKXRAmIRMNHjFHr0lUfEyhTRLe86AEDDQIMOov:TMV0kInV7VQ7VJdfEyFRLehAqDQIm
                                                                                                                                              MD5:05BD64DBD44CF1C95236670D3842562F
                                                                                                                                              SHA1:824B16AD66771809D9BB32001875AA3C372C7C9C
                                                                                                                                              SHA-256:40859DA4B6DE7510504DD13877345D92B4DF66EA09C6C4F4E72C7AE3610974AA
                                                                                                                                              SHA-512:85FD03363DCDEF8B2A45C74605E0009249ADCA8BEABE06CBB90F6B1B00761C02B6BEB02B8BBD3DDC6965E98CEA820D5023705584D5B7DA5CD2FA3CB9AAF66E9D
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:<?xml version="1.0"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1"/></startup></configuration>..

                                                                                                                                              C:\Program Files\Wildix\Outlook Integration\dotnet-dump.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):5319464
                                                                                                                                              Entropy (8bit):6.624308793661432
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:49152:EDTNbgZbsK5pM9TJFppvgKnkt21tgJEyacq0+W3Ua+zxn1OqE:sJbNFF/gV/17sOj
                                                                                                                                              MD5:DF2658B6C20A21330E7552E24C85D90B
                                                                                                                                              SHA1:D728F0419649CE3CC08352FA7CB42CB6E81F223E
                                                                                                                                              SHA-256:8421FD05BE64F4B43DB838ADE694FB1DFE1731C347093FCC8194540B3154BC0E
                                                                                                                                              SHA-512:D281EEE77FE8D51D0AAA0E9E181B9912BD0F87F4033275FCA694B1D187C069AA3EF0D070FB0FEE73C3EC430B8C09AB5A5EABDECE4E2E46449D55AB52B92743B4
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........V...V...V.......[.......k.......v..._.W.D...9..._...V..........[......W...RichV...........PE..L......`.................P...................`....@..........................P.......yQ...@.......................................... ................Q.0)...0......p...T...................h...........@............`..(............................text....N.......P.................. ..`.rdata.......`.......T..............@..@.data... ...........................@....rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Program Files\Wildix\Outlook Integration\websocket-sharp.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):260912
                                                                                                                                              Entropy (8bit):5.833391908575034
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:bLixO6zz8t4OXDegbQy058MP2pZrCmrrDse0ecdfF7b2gqEiyDvSmqtNlVusC51c:Un8nDenoRXoJF3bqEiyzZ5m1FsgUvkR
                                                                                                                                              MD5:2EC6FE829B50EADF83FD724379A87E29
                                                                                                                                              SHA1:05EB14775FA9539A6C734C33999F9797A0009874
                                                                                                                                              SHA-256:0911ABB03974928AF1A018FD7BFDBEACB207908CA2EF1D6A977A5A1DA227EFBE
                                                                                                                                              SHA-512:B945DF1028F4ED5171380FE52A3B1515151D7FEEC26DAA9C6291415F61EFFD746BF11A980B88EE2229306339A0357773FC1BAB1E5C30DB694060BA827EE3D43E
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....xW...........!................~.... ........... .......................@.......o....@.................................,...O.......................0)... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................`.......H...........H...................P ...........................................)....[.W......Ok.I.....&.R..m.....I}.t...kf..b!.g....$..C....H..R.:,.L..0.3.....L.R#YP.....IL1.i(...A../G..%........0..9.........o.....j.......-...+ .s......(.............-..o........*............&.......0..q........s......o.....j.......-...+R..jo........s........ ....(......o......~......o.......jo...............-..o........*...........0^.......0..,.........(.......o......o.............-..o.

                                                                                                                                              C:\Program Files\Wildix\Outlook Integration\wildix-oi.ico

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:MS Windows icon resource - 13 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):175221
                                                                                                                                              Entropy (8bit):3.6057445859805903
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:Fpznextut/yGjfT8nUa/XIHlbeA5yN6zHW156G6:vzeytxjQ9XA53HW15x6
                                                                                                                                              MD5:CE4C0FAC424ECDAFD490544CF10593B6
                                                                                                                                              SHA1:96B32682A928D5A9229B93586478A31E08B423F4
                                                                                                                                              SHA-256:A9BAE457E58D8BAB5FB10A3A6AE67D4453CECCECBE81C5AD066E86AAFD11A45A
                                                                                                                                              SHA-512:0F1BBF2C115CB9128594647FB9138B876E896B01CC86237EB00A695E38671955D718C4F9A712B4C0DD6CD40C99ABBC00B0442E5B192562B622EB3B9A660B228F
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:......00.............. ..........~...........h...&......... ..J............ .(....h..``.... .....Ep..@@.... .(B......00.... ..%...G..((.... .h....l.. .... .....%......... .............. .....U......... .h.......(...0...`...................................K...]8..d;..f>..^4!.g@..jD..nH!.rM'.sO*.vR-.pN>.yV2.{X5.|Z6.~\9..^<..Q...V...\...Y...]...^...b...a...e...e...i...h...l...g...j...j...m...f...i...n...n...n...o...u...q...s...u...q...t...u...x...r...t...v...q...u...y...x...|...{...~...}...w...x...y...}.......y...x#..a@..fF..iJ..oP..pR..sV..vX..z^..~c.................!..!..+..+..,.....1..6..3..5..=..7...9..=...g...j...m...l...r...w...|..D..K..I..L..L..@..I..O..T.._..p..u..v......................................................p[...t...................1...Q...q.................../...P"..p0...>...M...[...i...y....1...Q...q..................../...P...p.................... ...>1..\Q..zq...................../...P...p.!...+...6...@...I...Z..1p..Q

                                                                                                                                              C:\Program Files\Wildix\WIService\UninstallWIService.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):158960
                                                                                                                                              Entropy (8bit):7.07233390348905
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:KomnzVincQDKgc27G1GFkTvQnKKjRCCDgqqAuKF5s34FYAtekueJ:KtZqi1GF9n6fqjup34KAkkt
                                                                                                                                              MD5:128345F02A3DDCEA05F454F1DB07B2BD
                                                                                                                                              SHA1:CB4D1FD1501F6E48D47B5DB0BE93E9C17E55A396
                                                                                                                                              SHA-256:9D6E412304BF2D183A0F54C66AE2A60789D5BC69EF0F9BEE9F811A1A468CFD60
                                                                                                                                              SHA-512:2FC14F3AC7A721A0D53A8A33156083BFFEC4EA9207DF663E80AA814060B8E7A2A9E36F0389DC1659A83658BDACCA4723E19ED533AB78A34EA9C6B22A13226922
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..F..F..F.*....F..G.w.F.*....F..v..F...@..F.Rich.F.........PE..L......].................d...|......k2............@..................................@....@.................................<........................C..0)...........................................................................................text....b.......d.................. ..`.rdata..J............h..............@..@.data....U...........|..............@....ndata...................................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3430
                                                                                                                                              Entropy (8bit):3.577875788113156
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:yei1q97/qlLaq4i77cMUF39Qg9c9V9Lvara+iaiusupRCRf9ufAuRa7T5XhPsV8n:t2ll4i77h4iGdiaipV9ll7dhFF6+
                                                                                                                                              MD5:9E02EAF2592DE18E8058FD254C89FAD5
                                                                                                                                              SHA1:EB5FCE36FC938929D27348CA9B0040CFED0FF8B4
                                                                                                                                              SHA-256:870D3C739BEB158446DEEED2B5C92854C2726A92B3294F0C07C52AE65CD51ED1
                                                                                                                                              SHA-512:5C82E7D21BA6D828EED7BF9F313C864AB59DE695DF4B62D31DD2CCB838B60E65C7EEAB56606CBBBE8FBB11A4D70ED42D1D10F3EA9834B5203BBD5B6067648226
                                                                                                                                              Malicious:true
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.T.a.s.k. .v.e.r.s.i.o.n.=.".1...2.". .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n.d.o.w.s./.2.0.0.4./.0.2./.m.i.t./.t.a.s.k.".>..... . .<.R.e.g.i.s.t.r.a.t.i.o.n.I.n.f.o.>..... . . . .<.D.a.t.e.>.2.0.2.0.-.1.1.-.0.4.T.1.1.:.5.9.:.4.6.<./.D.a.t.e.>..... . . . .<.A.u.t.h.o.r.>.W.i.l.d.i.x. .s...r...l...<./.A.u.t.h.o.r.>..... . . . .<.U.R.I.>.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e. .u.p.d.a.t.e. .c.h.e.c.k.e.r.<./.U.R.I.>..... . .<./.R.e.g.i.s.t.r.a.t.i.o.n.I.n.f.o.>..... . .<.T.r.i.g.g.e.r.s.>..... . . . .<.C.a.l.e.n.d.a.r.T.r.i.g.g.e.r.>..... . . . . . .<.S.t.a.r.t.B.o.u.n.d.a.r.y.>.2.0.2.0.-.1.1.-.0.4.T.0.1.:.0.0.:.0.0.<./.S.t.a.r.t.B.o.u.n.d.a.r.y.>..... . . . . . .<.E.n.a.b.l.e.d.>.t.r.u.e.<./.E.n.a.b.l.e.d.>..... . . . . . .<.R.a.n.d.o.m.D.e.l.a.y.>.P.T.5.H.<./.R.a.n.d.o.m.D.e.l.a.y.>..... . . . . . .<.S.c.h.e.d.u.l.e.B.y.D.a.y.>..... . . . . . . . .<.D.a.y.s.I.n.t.e.r.

                                                                                                                                              C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDL

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):23812
                                                                                                                                              Entropy (8bit):5.102231290969022
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                                                                                              MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                                                                                              SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                                                                                              SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                                                                                              SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                                                                                              C:\Program Files\Wildix\WIService\fax\STDNAMES.GPD

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):14362
                                                                                                                                              Entropy (8bit):4.18034476253744
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                                                                                              MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                                                                                              SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                                                                                              SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                                                                                              SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                                                                                              C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDL

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):59116
                                                                                                                                              Entropy (8bit):5.051886370413466
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                                                                                              MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                                                                                              SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                                                                                              SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                                                                                              SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                                                                                              C:\Program Files\Wildix\WIService\fax\STDSCHMX.GDL

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2278
                                                                                                                                              Entropy (8bit):4.581866117244519
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                                                                                              MD5:932F57E78976810729855CD1B5CCD8EF
                                                                                                                                              SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                                                                                              SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                                                                                              SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                                                                                              C:\Program Files\Wildix\WIService\fax\UNIDRV.DLL

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):531760
                                                                                                                                              Entropy (8bit):6.367903460100957
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:PTIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTzOO/:PUJ/Cq2IT/PiP4dapV7LDiK
                                                                                                                                              MD5:16F86997F1BD8CDE8524DD35DA677E7D
                                                                                                                                              SHA1:F0930CB7D4CA6F4A7770A3BF037EB9B981F79F95
                                                                                                                                              SHA-256:F9F4F52C5B5C2EE59E3A6E11214F5E3599D6C5499B61C5009456BE20E95278F8
                                                                                                                                              SHA-512:FA688BC3F04BBE4876C2720E7484D8BE7C125AB619A666E86A813F2F0946D79BCF1355D9CD9CF31AE3B8FA5E41EAE54A319ED0C1F501A68336BD652D76BB1740
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0......b.....`.........................................Xp......X....................K......0)... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Program Files\Wildix\WIService\fax\UNIDRV.HLP

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:MS Windows 3.1 help, Tue Apr 17 13:11:56 2001, 21225 bytes
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):21225
                                                                                                                                              Entropy (8bit):3.9923245636306675
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:g8qo9MqLEGX9WkaNWvbAsmrEGckkwy95/HLQdu:g8rMqLwkW8AsqEHkkwy7N
                                                                                                                                              MD5:6798F64959C913673BD66CD4E47F4A65
                                                                                                                                              SHA1:C50FAA64C8267AC7106401E69DA5C15FC3F2034C
                                                                                                                                              SHA-256:0C02B226BE4E7397F8C98799E58B0A512515E462CCDAAC04EDC10E3E1091C011
                                                                                                                                              SHA-512:8D208306B6D0F892A2F16F8070A89D8EDB968589896CB70CF46F43BF4BEFB7C4CA6A278C35FE8A2685CC784505EFB77C32B0AABF80D13BCC0D10A39AE8AFB55A
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:?_...........R..r...i.....(),.aabo.utadvanc.edAllows.andareas.assigned.availabl.ebebookl.etc-.hang.e..racter@Clickc. o.de..sColo.rc.0..scon.taindefa.ultdepth.directlyi.0or..sh..PD.isplaysd.ocument.P.sdraftse.n, ex..nal.featuref.ilesfl.....PrFor..m..-.to-trayf.romgraph$ic.@sh@.to.neH.@dhig.herIfima.gesininE..atio..sta.ll.@..itLe.t..Listsl.o..*.nualm.em..meta..2mS.tM!...enhoto..Oy.w.o.per\.ngop.timizh ...@.nsor..p.......spa3.Pri.ntp.0..ed.0..0er.@-spe.cific.@s1 .m.q..ityQ.0.relaB.RET.k.ghseese.l..edsets.oftSomes0ourc}.P ed.S.@sb.'.poo...gsuchsu.pporttak.est..tha...eT..'.oTo...TrueType...l.usevie@wWhenw. e.1.rw..hwil.lyouyour.;bynewof.fs/...&....;)....z4..............................N.......|CF0.lR..|CF1..R..|CF2..R..|CF4..R..|CF5..R..|CONTEXT..)..|CTXOMAP.. ..|FONT.. ..|Petra..2..|PhrImage.....|PhrIndex.....|SYSTEM.2...|TOPIC.....|TTLBTREE..!..|TopicId.=J.......................................................................................................................................

                                                                                                                                              C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLL

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):919344
                                                                                                                                              Entropy (8bit):5.989910938073557
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:tH0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+MX:t7Hdv3DyfhP2QgYPwo3ArgX
                                                                                                                                              MD5:871B629F8F6B87CDEDCA5227F46105A2
                                                                                                                                              SHA1:5DA2291D6904CF1AEDB187FB05EA5D44ECB0D4DA
                                                                                                                                              SHA-256:A52F712705D4D67FD8B1084353CE27810DBCD01737041882D172F0CE21C5478C
                                                                                                                                              SHA-512:F42F8D745501242501CC1CA4C2CE7DBC9104F136FD9FD4781A8A132A2A67EB51D5C58F5D67635D8CA5F94CC516CE5D60BAD50E245A85504817FDC409C58CF321
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ ............`.........................................._..{...............H........1......0)..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                              C:\Program Files\Wildix\WIService\fax\UNIRES.DLL

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):856368
                                                                                                                                              Entropy (8bit):5.595317302196895
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:h9aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLhx:LaBEGbL4Np84TQazCSiRhx
                                                                                                                                              MD5:CCED2F361AA9D3858710FEF19C11EBA6
                                                                                                                                              SHA1:BB718E984F2F0AAD96C2C50862CEA7A00663FD5B
                                                                                                                                              SHA-256:492B990879411715AEC292B3730629C55AFB5490CEE7197DF71B0038294E9A1C
                                                                                                                                              SHA-512:C784EB5F64C75CC0DD77180214A4D707C3A5EDA837064738DF12F68E8515903025461E6069E636B171992BFBD72022F3F7F076D7BAEFE863BC47DE1DF5245A25
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." ......................................................................`.............................................................0...............0)...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                                                                                              C:\Program Files\Wildix\WIService\fax\imgprint.gpd

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):7996
                                                                                                                                              Entropy (8bit):5.128824009655858
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                                                                                              MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                                                                                              SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                                                                                              SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                                                                                              SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                                                                                              C:\Program Files\Wildix\WIService\fax\wfaxport.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):357680
                                                                                                                                              Entropy (8bit):6.332745772607795
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:PAcN1/tmU72EHcfmSBX/jR+vTqxqh4Gv4VCH+Jkgk7:HPmfmSBXrQvr97
                                                                                                                                              MD5:384B0FBEC35D5D101DD92BCAA3EFA18A
                                                                                                                                              SHA1:202128FFBE8D086F6CB0C870FC3B3C32A8B7B3ED
                                                                                                                                              SHA-256:EF6EF3F750E8718D8F810EBF7C45B3209375F701C853265ADDF944E96DE87DBF
                                                                                                                                              SHA-512:66B97BE9382A919686FF1B1DFCB6167AA264B7C4CE6B7D9D9E67A2C8E6C9F47C47ED65A84BBA3B2CAE7A462F62E743C42A8D52A2E5D744BAF971FD2201B1430C
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........={..\..\..\..$..\..1-..\...)..\...)..\...)..\...)..\..7..\..7..\..7..\..\..@]..H)..\..H)..\..H)..\..H)..\..H)..\..Rich.\..................PE..d......b.........." .................e...............................................]....`.............................................p...p...|....p..h....0...8...L..0)......x.......T.......................(...p...8............................................text............................... ..`.rdata...&.......(..................@..@.data....D.......<..................@....pdata...8...0...:..................@..@.rsrc...h....p.......@..............@..@.reloc..x............D..............@..B................................................................................................................................................................................................................

                                                                                                                                              C:\Program Files\Wildix\WIService\proxyex.lnk

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Wed Aug 10 09:12:30 2022, mtime=Tue Sep 20 17:48:02 2022, atime=Wed Aug 10 09:12:30 2022, length=14324528, window=hide
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):928
                                                                                                                                              Entropy (8bit):4.649283383750932
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:8bnC0YXHohecTdpF44PfjJSEFGWZPy/p/jA7lh3lPDRbbdpo8dWR8Ng58NnGm:8bIyd/JsW89AhjBdXgsGm
                                                                                                                                              MD5:72ADAB972954AB1F569B52162FC8CF0B
                                                                                                                                              SHA1:6065D8F6A9A69AD10B4612FF2E7CEF0A5F20548D
                                                                                                                                              SHA-256:98BD7C73925C41C261B15984228FCBF2147661A10FA605EAB6D16BE48AB8C8BC
                                                                                                                                              SHA-512:B5B29353C18C32FBFE0015411B43587D961BBD7620DFA97879AD4B623B31E6F92635BD62D5B9F8069D36C552D3E68358D987F8BC290A799675F558DBAAB7086D
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:L..................F.... ............+6.!...........0............................P.O. .:i.....+00.../C:\.....................1.....4U...PROGRA~1..t......L.4U.....E...............J........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....4U...Wildix..>......4U.4U.....&.....................4...W.i.l.d.i.x.....\.1.....4U...WISERV~1..D......4U.4U.............................U.W.I.S.e.r.v.i.c.e.....h.2.0....U.Q .WISERV~1.EXE..L.......U.Q4U.....#.........................w.i.s.e.r.v.i.c.e...e.x.e.......^...............-.......]...........O.._.....C:\Program Files\Wildix\WIService\wiservice.exe......\.w.i.s.e.r.v.i.c.e...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e...-.-.p.r.o.x.y.e.x.`.......X.......506407...........!a..%.H.VZAj.................-..!a..%.H.VZAj.................-.E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............

                                                                                                                                              C:\Program Files\Wildix\WIService\resources\cdr.db

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3027002
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1108992
                                                                                                                                              Entropy (8bit):6.239420122827104
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:s012KYTfqBoW+X3wUfJ0HORmsi18vFZrutsPdBx5G59IdYb6Vb38sZOOdFkUtetp:STSoW+68Wkdl3CcbsROdF2w8dfvqJY/
                                                                                                                                              MD5:D4604E2E0D76A101BECAE84ECD1EF720
                                                                                                                                              SHA1:27843D4C2FCF94BBDFDC9CF4057E25F523665D24
                                                                                                                                              SHA-256:76D199BBE65D4DBBDD614C0336D2C1164E3221B7C10FCA840901152CC5C79B42
                                                                                                                                              SHA-512:925CB8D08A4FD7815882BE21AC908B21099309F2EE41A47AF86954F4412E1949E4E65B0CAB1453C98F9EDAF92A7001949C5134275EEF0B9AA6D73E3E825DAF83
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:SQLite format 3......@ .......;..................................................................0:...........9...............................................................................................................n...%%...tableEVENTS_STATSEVENTS_STATS.CREATE TABLE EVENTS_STATS (...ID INTEGER NOT NULL,...DAY INTEGER NOT NULL,...DATE DATE NOT NULL,...MIN_ID INTEGER NOT NULL,...MAX_ID INTEGER NOT NULL,...COMPLETE TINYINT NOT NULL,...PRIMARY KEY (ID)..).f...++...tableCOUNTRIES_AREASCOUNTRIES_AREAS.CREATE TABLE COUNTRIES_AREAS (...ID INTEGER NOT NULL,...COUNTRY_ID SMALLINT NOT NULL,...NAME VARCHAR(255) NOT NULL,...NUMBER VARCHAR(255) NOT NULL,...LENGTH TINYINT,...PRIMARY KEY (ID)..)."........tableCOUNTRIESCOUNTRIES.CREATE TABLE COUNTRIES (...ID INTEGER NOT NULL,...NAME VARCHAR(255) NOT NULL,...NUMBER VARCHAR(255) NOT NULL,...PRIMARY KEY (ID)..). ........tableCLASSESCLASSES.CREATE TABLE CLASSES (...ID INTEGER NOT NULL,...NAME VARCHAR(255) NOT NULL,...NAME_LOWER VARC...D;...87...+,.

                                                                                                                                              C:\Program Files\Wildix\WIService\wildix.ico

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:MS Windows icon resource - 13 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):99667
                                                                                                                                              Entropy (8bit):6.776502745804188
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:RcfWrQG1GFkTvQnKKjRCFpgqmKN5+x3pJY:ufct1GF9n6FKqmrx3pi
                                                                                                                                              MD5:8F898251C85EE83FE4CEF753AD127FEE
                                                                                                                                              SHA1:965419910C1929CF695C530456950616B85596C5
                                                                                                                                              SHA-256:31DEE18EA1C5E7723DB0C13C630517963E79930474B275322A0CDE686C5953B5
                                                                                                                                              SHA-512:4397158E3EBA45B7CD27E931F353D72042B154416036874824CC1469FA9D533C4E67B7ED81A0A9EDB480F667A9716AE999D54B3F36EA1375344BB0E944AC8102
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:...... ......................(.......00.............. ......................h...6......... .-....!..@@.... .(B......00.... ..%......((.... .h....E.. .... ......`........ ......p........ .....3z........ .h......(... ...@...........................................................................................................................................................................`....o...................o...l..........lo....................o..........................................h....h....................................o...o...........o...............o...............o...........................o..........................l.......................`...............o.....h....|.....................................o..........................`......................h................h.................|g......................?...................................................................................................?............(....... .................................

                                                                                                                                              C:\Program Files\Wildix\WIService\wiservice.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):14324528
                                                                                                                                              Entropy (8bit):6.640223576390063
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:196608:ACEAHJqOXlWDYo49F80LRHb3g337RBALDddUev5:ARQ1Hd9F80LRqRqLDnUev5
                                                                                                                                              MD5:C66742153E3B6174EE1B9E50F71EB1D2
                                                                                                                                              SHA1:3BFDE518051ED595303DCF59E0AB7121259FD514
                                                                                                                                              SHA-256:91259558287A610203F852DBBF69AC380B97ED32CC9E528074D57F8221148DE1
                                                                                                                                              SHA-512:6BB36EDAAF0BA1EDF737FA741AE25589C3246C29977AF47329BF9C755ED2FB4456BF0F620415E81670CBABAFF5C35022C19A2490F725ECFCD33B1514DB34D8B5
                                                                                                                                              Malicious:true
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........x.m...m...m.......m..(....m.....m.......m.......m.......m.......m.......m.......m...m...h...m...m..Q...ko..Q....l..Q....m..Q..m...m...m..Q....m..Rich.m..........................PE..d.....b.........."...........E................@.....................................L....`.....................................................p.... ..`....p.......j..0)......$.......p.......................(...0...8................$...........................text............................... ..`.rdata...z0......|0.................@..@.data... A... ...4..................@....pdata.......p.......@..............@..@.rsrc...`.... ......................@..@.reloc..$...........................@..B........................................................................................................................................................................................

                                                                                                                                              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIService\Uninstall.lnk

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed Aug 10 09:12:36 2022, mtime=Tue Sep 20 17:47:29 2022, atime=Wed Aug 10 09:12:36 2022, length=158960, window=hide
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1955
                                                                                                                                              Entropy (8bit):3.4394973601807783
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:8Dd/aWoGm2UsERYhdahidVdahB2dah4z:8EWoGm2UsJGhThBXh4
                                                                                                                                              MD5:9462FF3E02A2535E3EE51375140A043A
                                                                                                                                              SHA1:1BFBB82C4B3F9A27CB49B8E3E9304D1A691A6C71
                                                                                                                                              SHA-256:2320286E9D5A47BD09F2AFDC08AC44683E9406AC70D99876BAF9ACBC3213831E
                                                                                                                                              SHA-512:BAB2165A5F850E683F522B515FD1336A21744CE440CC45D1E6E2666A9CF9478D6F5E09A058C9754C1A355BF54DA9F3EF15E5E440DB89F75178DCDCADF0EFABA2
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:L..................F.@.. .............ko!............l...........................P.O. .:i.....+00.../C:\.....................1.....4U...PROGRA~1..t......L.4U.....E...............J........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....4U...Wildix..>......4U.4U.....&.....................4...W.i.l.d.i.x.....\.1.....4U...WISERV~1..D......4U.4U.............................U.W.I.S.e.r.v.i.c.e.....z.2..l...U.Q .UNINST~1.EXE..^.......U.Q4U.....:.........................U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e.......g...............-.......f...........O.._.....C:\Program Files\Wildix\WIService\UninstallWIService.exe..J.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.\.U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.8.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.\.U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e...

                                                                                                                                              C:\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with no line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2494
                                                                                                                                              Entropy (8bit):5.251380439733372
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:2dS48pX4y/DvKWDkQpyH2YX8ICDKbNRTrxKTBM2JT52YwFPYzKEqXpUfKFkeRupi:cAn/TLtfGgzmQLeUp/B8HLSkC9+T+USs
                                                                                                                                              MD5:EB49ED970FE836B9158C6F3F464F0F65
                                                                                                                                              SHA1:2BAB65F32B763782527842E8BB7BAE29382149F7
                                                                                                                                              SHA-256:D8A490409C1692AEAE2191EC85339E878461D29461698E6727025FF0D5C94923
                                                                                                                                              SHA-512:5F9BC9AC3622DD7B3A74E3E0D46E3080F4B953C59999D0B83628ABA4410E4CDEF32A1EBE5F3BECCE0DE713C11F21808C24826DB1B62A5749934041C8B4F25185
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8"?><updateStore><sessionVariables><permanent><AUOptions dataType="3">1</AUOptions><AllowMUUpdateService dataType="3">0</AllowMUUpdateService><AreUpdatesPausedByPolicy dataType="11">False</AreUpdatesPausedByPolicy><AttentionRequiredReason dataType="19">0</AttentionRequiredReason><CurrentState dataType="19">1</CurrentState><FirstScanAttemptTime dataType="21">132399969272148706</FirstScanAttemptTime><FlightEnabled dataType="3">0</FlightEnabled><LastError dataType="19">0</LastError><LastErrorState dataType="19">0</LastErrorState><LastErrorStateType dataType="11">False</LastErrorStateType><LastMeteredScanTime dataType="21">132399969272304939</LastMeteredScanTime><LastScanAttemptTime dataType="21">132399969272148706</LastScanAttemptTime><LastScanDeferredReason dataType="19">1</LastScanDeferredReason><LastScanDeferredTime dataType="21">133051593686244000</LastScanDeferredTime><LastScanFailureError dataType="3">-2147023838</LastScanFailureError><LastScanFailu

                                                                                                                                              C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with no line terminators
                                                                                                                                              Category:modified
                                                                                                                                              Size (bytes):2494
                                                                                                                                              Entropy (8bit):5.251380439733372
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:2dS48pX4y/DvKWDkQpyH2YX8ICDKbNRTrxKTBM2JT52YwFPYzKEqXpUfKFkeRupi:cAn/TLtfGgzmQLeUp/B8HLSkC9+T+USs
                                                                                                                                              MD5:EB49ED970FE836B9158C6F3F464F0F65
                                                                                                                                              SHA1:2BAB65F32B763782527842E8BB7BAE29382149F7
                                                                                                                                              SHA-256:D8A490409C1692AEAE2191EC85339E878461D29461698E6727025FF0D5C94923
                                                                                                                                              SHA-512:5F9BC9AC3622DD7B3A74E3E0D46E3080F4B953C59999D0B83628ABA4410E4CDEF32A1EBE5F3BECCE0DE713C11F21808C24826DB1B62A5749934041C8B4F25185
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8"?><updateStore><sessionVariables><permanent><AUOptions dataType="3">1</AUOptions><AllowMUUpdateService dataType="3">0</AllowMUUpdateService><AreUpdatesPausedByPolicy dataType="11">False</AreUpdatesPausedByPolicy><AttentionRequiredReason dataType="19">0</AttentionRequiredReason><CurrentState dataType="19">1</CurrentState><FirstScanAttemptTime dataType="21">132399969272148706</FirstScanAttemptTime><FlightEnabled dataType="3">0</FlightEnabled><LastError dataType="19">0</LastError><LastErrorState dataType="19">0</LastErrorState><LastErrorStateType dataType="11">False</LastErrorStateType><LastMeteredScanTime dataType="21">132399969272304939</LastMeteredScanTime><LastScanAttemptTime dataType="21">132399969272148706</LastScanAttemptTime><LastScanDeferredReason dataType="19">1</LastScanDeferredReason><LastScanDeferredTime dataType="21">133051593686244000</LastScanDeferredTime><LastScanFailureError dataType="3">-2147023838</LastScanFailureError><LastScanFailu

                                                                                                                                              C:\ProgramData\Wildix\WIService\dissettings.json

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              File Type:ASCII text
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):56
                                                                                                                                              Entropy (8bit):4.355851127144314
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:iX0p16O9JZvAJHf9KDH:00p4GsVKD
                                                                                                                                              MD5:EA39EA80736C86AA40E41378ACAFFB6B
                                                                                                                                              SHA1:4A42A50999D885944420260DAF8CF2B2AA6E2C45
                                                                                                                                              SHA-256:1E6CCA52C207785A095A5966D7187AC18F717AE87421EEB36680F926BE3EB1E7
                                                                                                                                              SHA-512:E866E0A1E8E967537BCC1F582916A6F43461CB30BFEDB03FCA9331E6A5CAADF137422038E544C140EB1BCFE4693FCCDE9E37C11190DF710F6B7E7462424535CC
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:{. "garbage_lifespan_days": 30,. "log_level": "info".}

                                                                                                                                              C:\ProgramData\Wildix\WIService\dissettings.json.backup

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              File Type:ASCII text
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):56
                                                                                                                                              Entropy (8bit):4.355851127144314
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:iX0p16O9JZvAJHf9KDH:00p4GsVKD
                                                                                                                                              MD5:EA39EA80736C86AA40E41378ACAFFB6B
                                                                                                                                              SHA1:4A42A50999D885944420260DAF8CF2B2AA6E2C45
                                                                                                                                              SHA-256:1E6CCA52C207785A095A5966D7187AC18F717AE87421EEB36680F926BE3EB1E7
                                                                                                                                              SHA-512:E866E0A1E8E967537BCC1F582916A6F43461CB30BFEDB03FCA9331E6A5CAADF137422038E544C140EB1BCFE4693FCCDE9E37C11190DF710F6B7E7462424535CC
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:{. "garbage_lifespan_days": 30,. "log_level": "info".}

                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RegAsm.exe.log

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):42
                                                                                                                                              Entropy (8bit):4.0050635535766075
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                                                                                                              MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                                                                                                              SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                                                                                                              SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                                                                                                              SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                                                                                                                              C:\Users\user\AppData\Local\Temp\nspF522.tmp\System.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):11776
                                                                                                                                              Entropy (8bit):5.854901984552606
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:qPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4U:F7VpNo8gmOyRsVc4
                                                                                                                                              MD5:0063D48AFE5A0CDC02833145667B6641
                                                                                                                                              SHA1:E7EB614805D183ECB1127C62DECB1A6BE1B4F7A8
                                                                                                                                              SHA-256:AC9DFE3B35EA4B8932536ED7406C29A432976B685CC5322F94EF93DF920FEDE7
                                                                                                                                              SHA-512:71CBBCAEB345E09306E368717EA0503FE8DF485BE2E95200FEBC61BCD8BA74FB4211CD263C232F148C0123F6C6F2E3FD4EA20BDECC4070F5208C35C6920240F0
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L......]...........!..... ..........!).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..|....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\nspF522.tmp\modern-header.bmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PC bitmap, Windows 3.x format, 165 x 57 x 24
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):28326
                                                                                                                                              Entropy (8bit):2.5710862958427496
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:R5ZzmIhanXqiRFlbiRoXt7m4ju119MiieiK35JW0U1JIhuauz3A:R5Zz5QX1FtiRytSEu9Miiq5JW9IhuBQ
                                                                                                                                              MD5:EE5DCD5040C0616D92FA8E7A3344D455
                                                                                                                                              SHA1:D2A13B9E9965C99E9637FFE0CFDC54A791B0944D
                                                                                                                                              SHA-256:DAA94974E168B4D92C281BA0B774390C9E052833926E22929CD5A4569A0ECB97
                                                                                                                                              SHA-512:23CB22368B444E00EE5EAC5D86427801312550A1ACDF5652756A88205A32E862D9D636877323AA6503DA660107305036AFE7E7C79B9586160362E50AD138DB68
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:BM.n......6...(.......9...........pn....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\nspF522.tmp\modern-wizard.bmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):26494
                                                                                                                                              Entropy (8bit):1.9568109962493656
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
                                                                                                                                              MD5:CBE40FD2B1EC96DAEDC65DA172D90022
                                                                                                                                              SHA1:366C216220AA4329DFF6C485FD0E9B0F4F0A7944
                                                                                                                                              SHA-256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
                                                                                                                                              SHA-512:62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

                                                                                                                                              C:\Users\user\AppData\Local\Temp\nspF522.tmp\nsDialogs.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):9728
                                                                                                                                              Entropy (8bit):5.127431636878203
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:oWW4JlD3c151V1gQoE8cxM2DjDf3GEst+Nt+jvcx4P8qndYv0PLE:oWp3ggQF8REskpx8dO0PLE
                                                                                                                                              MD5:6E64E5D5F9498058A300B26B8741D9D5
                                                                                                                                              SHA1:837CE28E5E02788DA63A7F1D8F20207D2B0BF523
                                                                                                                                              SHA-256:8D4B1C275FD1CD0782A265080B56D1AEC8D1C93EDCA5EF3B050D1D20D7B61F33
                                                                                                                                              SHA-512:F53514D36021D79F85DF2494D403F03589B3AD848889B9224F962CC932EF740F127131A914C7171AD8136CA1EF631285EA1C80576DB18CCF8EA56940EB00EA1E
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L......]...........!......... ......Y........0............................................@..........................6..k....0.......`.......................p.......................................................0...............................text............................... ..`.rdata..{....0......................@..@.data........@......................@....rsrc........`....... ..............@..@.reloc..t....p......."..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\nspF522.tmp\nsExec.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):6656
                                                                                                                                              Entropy (8bit):5.150852446596736
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:4BNbUVOFvfcxEAxxxJzxLp+eELeoMEskzYzeHd0+uoyVeNSsX4:EUVOFvf9ABJFHE+FkEad0PLVeN
                                                                                                                                              MD5:293165DB1E46070410B4209519E67494
                                                                                                                                              SHA1:777B96A4F74B6C34D43A4E7C7E656757D1C97F01
                                                                                                                                              SHA-256:49B7477DB8DD22F8CF2D41EE2D79CE57797F02E8C7B9E799951A6C710384349A
                                                                                                                                              SHA-512:97012139F2DA5868FE8731C0B0BCB3CFDA29ED10C2E6E2336B504480C9CD9FB8F4728CCA23F1E0BD577D75DAA542E59F94D1D341F4E8AAEEBC7134BF61288C19
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........PE..L......]...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\Wildix\WIService\wiscfg.txt

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):38
                                                                                                                                              Entropy (8bit):3.8924071185928772
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:z0Nc4Ac+q:wNcLc+q
                                                                                                                                              MD5:79BC2DAD2D6C0232998EF454D71C4DBD
                                                                                                                                              SHA1:6A026317AC5B65340BA4F744E7DE9631EA25D504
                                                                                                                                              SHA-256:19C594461EC7DE3526592D1666788F41B5286995BD1BCAE55D05E84714531E1A
                                                                                                                                              SHA-512:E8BDEF565DB12684DEAC6E98875419056A7BA790228720D87338913C2D871187493AAAC1F8267CC91EE43102419EB8A7792D256C2E89703707C4F0AC89248B78
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:websocket:8888;lotus:9901;oiwss:8888..

                                                                                                                                              C:\Users\user\AppData\Roaming\Wildix\WIService\wissettings.json

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              File Type:ASCII text
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):398
                                                                                                                                              Entropy (8bit):4.853097704020531
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:Jh0vpUU2JEGtUwXzkQvoW4VKu3m4QXK5i:JMZWDkQvA8KgK8
                                                                                                                                              MD5:4E3451B1F1B8DC11877C214014791199
                                                                                                                                              SHA1:9BD39E518408D23E9C3147872436362F0E0C7031
                                                                                                                                              SHA-256:4C1598A99EE2C7B028DA683D5ED3426B0ED27AA9AB13A4864EEA831A3855EF47
                                                                                                                                              SHA-512:B27D0F9644A61CBCE41ACD8264711F32A231BD03F0631CFCDD12C08616657C7C50793842D475B59166485DD6B9B626AFD57B8CD76C5F230B1E69302FB1412AC9
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:{. "activityDetection": {. "enable": false,. "interval": 0. },. "activity_detection_force_disable": false,. "authorizedApps": {},. "connection_issue": "none",. "ext": "",. "feedbackEmail": "",. "garbage_lifespan_days": 14,. "http_max_threads": 4,. "log_level": "info",. "log_max_kb": 10240,. "log_str": "4479794e-9951-4581-91c2-81bb051dc1f6",. "pbx": "",. "setIconTryCount": 0.}

                                                                                                                                              C:\Users\user\AppData\Roaming\Wildix\WIService\wissettings.json.backup

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              File Type:ASCII text
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):398
                                                                                                                                              Entropy (8bit):4.853097704020531
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:Jh0vpUU2JEGtUwXzkQvoW4VKu3m4QXK5i:JMZWDkQvA8KgK8
                                                                                                                                              MD5:4E3451B1F1B8DC11877C214014791199
                                                                                                                                              SHA1:9BD39E518408D23E9C3147872436362F0E0C7031
                                                                                                                                              SHA-256:4C1598A99EE2C7B028DA683D5ED3426B0ED27AA9AB13A4864EEA831A3855EF47
                                                                                                                                              SHA-512:B27D0F9644A61CBCE41ACD8264711F32A231BD03F0631CFCDD12C08616657C7C50793842D475B59166485DD6B9B626AFD57B8CD76C5F230B1E69302FB1412AC9
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:{. "activityDetection": {. "enable": false,. "interval": 0. },. "activity_detection_force_disable": false,. "authorizedApps": {},. "connection_issue": "none",. "ext": "",. "feedbackEmail": "",. "garbage_lifespan_days": 14,. "http_max_threads": 4,. "log_level": "info",. "log_max_kb": 10240,. "log_str": "4479794e-9951-4581-91c2-81bb051dc1f6",. "pbx": "",. "setIconTryCount": 0.}

                                                                                                                                              C:\Windows\Logs\waasmedic\waasmedic.20220920_184629_427.etl

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):8192
                                                                                                                                              Entropy (8bit):2.741893340197872
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:a1Er52EXNoFb7kUmAb7kEZb7klhb7kCb7kbIl9lUb7k0tplfb7kTb7kNb7kwKb7L:p2EX00UmA0y0z0C0U9+0Clf0T0N0V09O
                                                                                                                                              MD5:A1C2EE86B3C18C9B18956615412A3414
                                                                                                                                              SHA1:C8EDE6485E603DEB7034F423F36FA988446922FE
                                                                                                                                              SHA-256:D9D312FD05F42E4D8B31C95FCC76073FE7CFDAED75A80704E8A6B7326B6D1277
                                                                                                                                              SHA-512:1E79135ED9EAAE52237EC11616E168F6256C143B2542F20D137088069B836BDF5AEE59D64A8D084D8F6DAE5D74F5C98B7969BEB0EB860B9452884FE74E4EBFB3
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:....................................................!..................................../.......................B........zo!...Zb....... ..........................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1.............................................................WW...... .....F..K!...........E.C.C.B.1.7.5.F.-.1.E.B.2.-.4.3.D.A.-.B.F.B.5.-.A.8.D.5.8.A.4.0.A.4.D.7...C.:.\.W.i.n.d.o.w.s.\.l.o.g.s.\.w.a.a.s.m.e.d.i.c.\.w.a.a.s.m.e.d.i.c...2.0.2.2.0.9.2.0._.1.8.4.6.2.9._.4.2.7...e.t.l.............P.P........../..................................................................9.B../......17134.1.amd64fre.rs4_release.180410-1804............5.@../......OYo."(.s..O........WaaSMedicSvc.pdb............................................................................................................................................................................................................................

                                                                                                                                              C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                              File Type:Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
                                                                                                                                              Category:modified
                                                                                                                                              Size (bytes):10874
                                                                                                                                              Entropy (8bit):3.1636474472474165
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:cY+38+DJl+ibJ6+ioJJ+i3N+WtT+E9tD+Ett3d+E3z5+6I3+zJXp+6j:j+s+v+b+P+m+0+Q+q+q+73+zX+O
                                                                                                                                              MD5:3310BC53FC4F042A083B0F0D1481C134
                                                                                                                                              SHA1:9B479AD166E22829B80FB0422EB2CC8209618207
                                                                                                                                              SHA-256:706EEC590236B91257AFCA10413AD3E7F60A94D50F1063440CAC8805541CA767
                                                                                                                                              SHA-512:0793F549698FEE90D8E18F63887CCE4974955563F01125BABE44B98AEB68B61992B51CC11FB52A39041F09916A4DE8DE4606C19889565A31A7216273FB5A1E90
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. T.h.u. .. J.u.n. .. 2.7. .. 2.0.1.9. .0.1.:.2.9.:.4.9.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....E.R.R.O.R.:. .M.p.W.D.E.n.a.b.l.e.(.T.R.U.E.). .f.a.i.l.e.d. .(.8.0.0.7.0.4.E.C.).....M.p.C.m.d.R.u.n.:. .E.n.d. .T.i.m.e.:. .. T.h.u. .. J.u.n. .. 2.7. .. 2.0.1.9. .0.1.:.2.9.:.4.9.....-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.............-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

                                                                                                                                              C:\Windows\System32\drivers\etc\hosts

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                              Category:modified
                                                                                                                                              Size (bytes):857
                                                                                                                                              Entropy (8bit):4.712765723284222
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:QWDZh+ragzMZfuMMs1L/JU5fFCkK8T1rTto:vDZhyoZWM9rU5fFcr
                                                                                                                                              MD5:9AC77B45979A66F73EDB70B72908A616
                                                                                                                                              SHA1:8B22CFA695F10D31B8300C06790B728A4E209324
                                                                                                                                              SHA-256:A7777E702D4BEAD5529BFC2D026BFA2088BB64A5504DAFB57EF308CE92469E20
                                                                                                                                              SHA-512:C01644C1C13F7126ED455D76A63CD3CEEB314D74265256B07AC7120F6DA512B1B632D4F21167B9E8C7AD106F75D1F20809A7B129BE6871441F8F3FF6A390CFFF
                                                                                                                                              Malicious:true
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:# Copyright (c) 1993-2009 Microsoft Corp...#..# This is a sample HOSTS file used by Microsoft TCP/IP for Windows...#..# This file contains the mappings of IP addresses to host names. Each..# entry should be kept on an individual line. The IP address should..# be placed in the first column followed by the corresponding host name...# The IP address and the host name should be separated by at least one..# space...#..# Additionally, comments (such as these) may be inserted on individual..# lines or following the machine name denoted by a '#' symbol...#..# For example:..#..# 102.54.94.97 rhino.acme.com # source server..# 38.25.63.10 x.acme.com # x client host....# localhost name resolution is handled within DNS itself...#.127.0.0.1 localhost..#.::1 localhost...127.0.0.1..wildixintegration.eu.

                                                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\imgprint.gpd

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):7996
                                                                                                                                              Entropy (8bit):5.128824009655858
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                                                                                              MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                                                                                              SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                                                                                              SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                                                                                              SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\stddtype.gdl

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):23812
                                                                                                                                              Entropy (8bit):5.102231290969022
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                                                                                              MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                                                                                              SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                                                                                              SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                                                                                              SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\stdnames.gpd

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):14362
                                                                                                                                              Entropy (8bit):4.18034476253744
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                                                                                              MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                                                                                              SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                                                                                              SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                                                                                              SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\stdschem.gdl

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):59116
                                                                                                                                              Entropy (8bit):5.051886370413466
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                                                                                              MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                                                                                              SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                                                                                              SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                                                                                              SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\stdschmx.gdl

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2278
                                                                                                                                              Entropy (8bit):4.581866117244519
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                                                                                              MD5:932F57E78976810729855CD1B5CCD8EF
                                                                                                                                              SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                                                                                              SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                                                                                              SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):531760
                                                                                                                                              Entropy (8bit):6.367903460100957
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:PTIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTzOO/:PUJ/Cq2IT/PiP4dapV7LDiK
                                                                                                                                              MD5:16F86997F1BD8CDE8524DD35DA677E7D
                                                                                                                                              SHA1:F0930CB7D4CA6F4A7770A3BF037EB9B981F79F95
                                                                                                                                              SHA-256:F9F4F52C5B5C2EE59E3A6E11214F5E3599D6C5499B61C5009456BE20E95278F8
                                                                                                                                              SHA-512:FA688BC3F04BBE4876C2720E7484D8BE7C125AB619A666E86A813F2F0946D79BCF1355D9CD9CF31AE3B8FA5E41EAE54A319ED0C1F501A68336BD652D76BB1740
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0......b.....`.........................................Xp......X....................K......0)... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):919344
                                                                                                                                              Entropy (8bit):5.989910938073557
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:tH0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+MX:t7Hdv3DyfhP2QgYPwo3ArgX
                                                                                                                                              MD5:871B629F8F6B87CDEDCA5227F46105A2
                                                                                                                                              SHA1:5DA2291D6904CF1AEDB187FB05EA5D44ECB0D4DA
                                                                                                                                              SHA-256:A52F712705D4D67FD8B1084353CE27810DBCD01737041882D172F0CE21C5478C
                                                                                                                                              SHA-512:F42F8D745501242501CC1CA4C2CE7DBC9104F136FD9FD4781A8A132A2A67EB51D5C58F5D67635D8CA5F94CC516CE5D60BAD50E245A85504817FDC409C58CF321
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ ............`.........................................._..{...............H........1......0)..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\unires.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):856368
                                                                                                                                              Entropy (8bit):5.595317302196895
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:h9aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLhx:LaBEGbL4Np84TQazCSiRhx
                                                                                                                                              MD5:CCED2F361AA9D3858710FEF19C11EBA6
                                                                                                                                              SHA1:BB718E984F2F0AAD96C2C50862CEA7A00663FD5B
                                                                                                                                              SHA-256:492B990879411715AEC292B3730629C55AFB5490CEE7197DF71B0038294E9A1C
                                                                                                                                              SHA-512:C784EB5F64C75CC0DD77180214A4D707C3A5EDA837064738DF12F68E8515903025461E6069E636B171992BFBD72022F3F7F076D7BAEFE863BC47DE1DF5245A25
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." ......................................................................`.............................................................0...............0)...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                                                                                              C:\Windows\System32\spool\drivers\x64\3\imgprint.BUD

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):19336
                                                                                                                                              Entropy (8bit):4.312288104152102
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:7mXKNT6+Y9QeSU83XGtzdHeQhlJqeB+Pu7HnjtoX2PSuNip:T6+LU832tzd+pM+Pu7HGX2quNu
                                                                                                                                              MD5:115996B67784E69002E510C37A308236
                                                                                                                                              SHA1:DBF83174EAE0610626B5E45663B18477255DEA99
                                                                                                                                              SHA-256:296209C0B41ECE97A7474648C5357D61F0BD7F46DE42598C50A1C48CAA31FD57
                                                                                                                                              SHA-512:E483C52DC80CEBCEFC277890D2C2AF83B1232716628260AA302229B4EB623A8D77D32DE4ADB039C424F3AE3DB2871DF1370E12718CB3EDD628250CEB3EA4C4B5
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:.K.. DPGr...ta..I..)........................................z........... ...........................c.......@...J........$..4........)...........+..:........-...........-...........-...........-...........-...........6...........6...........6...........6...........6...........7...........WINNT_40.WINNT_50.WINNT_51.WINNT_60.PARSER_VER_1.0.C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.s.p.o.o.l.\.D.R.I.V.E.R.S.\.x.6.4.\.3.\.i.m.g.p.r.i.n.t...g.p.d...StdNames.gpdC.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.s.p.o.o.l.\.D.R.I.V.E.R.S.\.x.6.4.\.3.\.S.t.d.N.a.m.e.s...g.p.d...ORIENTATION_DISPLAY.PAPER_SIZE_DISPLAY.PAPER_SOURCE_DISPLAY.RESOLUTION_DISPLAY.MEDIA_TYPE_DISPLAY.TEXT_QUALITY_DISPLAY.COLOR_PRINTING_MODE_DISPLAY.PRINTER_MEMORY_DISPLAY.TWO_SIDED_PRINTING_DISPLAY.PAGE_PROTECTION_DISPLAY.HALFTONING_DISPLAY.OUTPUTBIN_DISPLAY.IMAGECONTROL_DISPLAY.PRINTDENSITY_DISPLAY.GRAPHICSMODE_DISPLAY.TEXTHALFTONE_DISPLAY.GRAPHICSHALFTONE_DISPLAY.PHOTOHALFTONE_DISPLAY.RCID_DMPAPER_SYSTEM_NAME.LETTER_DISPLAY.LETTERS

                                                                                                                                              C:\Windows\System32\spool\drivers\x64\imgprint.gpd

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):7996
                                                                                                                                              Entropy (8bit):5.128824009655858
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                                                                                              MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                                                                                              SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                                                                                              SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                                                                                              SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                                                                                              C:\Windows\System32\spool\drivers\x64\stddtype.gdl

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):23812
                                                                                                                                              Entropy (8bit):5.102231290969022
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                                                                                              MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                                                                                              SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                                                                                              SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                                                                                              SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                                                                                              C:\Windows\System32\spool\drivers\x64\stdnames.gpd

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):14362
                                                                                                                                              Entropy (8bit):4.18034476253744
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                                                                                              MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                                                                                              SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                                                                                              SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                                                                                              SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                                                                                              C:\Windows\System32\spool\drivers\x64\stdschem.gdl

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):59116
                                                                                                                                              Entropy (8bit):5.051886370413466
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                                                                                              MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                                                                                              SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                                                                                              SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                                                                                              SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                                                                                              C:\Windows\System32\spool\drivers\x64\stdschmx.gdl

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:modified
                                                                                                                                              Size (bytes):2278
                                                                                                                                              Entropy (8bit):4.581866117244519
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                                                                                              MD5:932F57E78976810729855CD1B5CCD8EF
                                                                                                                                              SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                                                                                              SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                                                                                              SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                                                                                              C:\Windows\System32\spool\drivers\x64\unidrv.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):531760
                                                                                                                                              Entropy (8bit):6.367903460100957
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:PTIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTzOO/:PUJ/Cq2IT/PiP4dapV7LDiK
                                                                                                                                              MD5:16F86997F1BD8CDE8524DD35DA677E7D
                                                                                                                                              SHA1:F0930CB7D4CA6F4A7770A3BF037EB9B981F79F95
                                                                                                                                              SHA-256:F9F4F52C5B5C2EE59E3A6E11214F5E3599D6C5499B61C5009456BE20E95278F8
                                                                                                                                              SHA-512:FA688BC3F04BBE4876C2720E7484D8BE7C125AB619A666E86A813F2F0946D79BCF1355D9CD9CF31AE3B8FA5E41EAE54A319ED0C1F501A68336BD652D76BB1740
                                                                                                                                              Malicious:true
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0......b.....`.........................................Xp......X....................K......0)... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Windows\System32\spool\drivers\x64\unidrvui.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):919344
                                                                                                                                              Entropy (8bit):5.989910938073557
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:tH0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+MX:t7Hdv3DyfhP2QgYPwo3ArgX
                                                                                                                                              MD5:871B629F8F6B87CDEDCA5227F46105A2
                                                                                                                                              SHA1:5DA2291D6904CF1AEDB187FB05EA5D44ECB0D4DA
                                                                                                                                              SHA-256:A52F712705D4D67FD8B1084353CE27810DBCD01737041882D172F0CE21C5478C
                                                                                                                                              SHA-512:F42F8D745501242501CC1CA4C2CE7DBC9104F136FD9FD4781A8A132A2A67EB51D5C58F5D67635D8CA5F94CC516CE5D60BAD50E245A85504817FDC409C58CF321
                                                                                                                                              Malicious:true
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ ............`.........................................._..{...............H........1......0)..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                              C:\Windows\System32\spool\drivers\x64\unires.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):856368
                                                                                                                                              Entropy (8bit):5.595317302196895
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:h9aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLhx:LaBEGbL4Np84TQazCSiRhx
                                                                                                                                              MD5:CCED2F361AA9D3858710FEF19C11EBA6
                                                                                                                                              SHA1:BB718E984F2F0AAD96C2C50862CEA7A00663FD5B
                                                                                                                                              SHA-256:492B990879411715AEC292B3730629C55AFB5490CEE7197DF71B0038294E9A1C
                                                                                                                                              SHA-512:C784EB5F64C75CC0DD77180214A4D707C3A5EDA837064738DF12F68E8515903025461E6069E636B171992BFBD72022F3F7F076D7BAEFE863BC47DE1DF5245A25
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." ......................................................................`.............................................................0...............0)...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                                                                                              C:\Windows\System32\wfaxport.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):357680
                                                                                                                                              Entropy (8bit):6.332745772607795
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:PAcN1/tmU72EHcfmSBX/jR+vTqxqh4Gv4VCH+Jkgk7:HPmfmSBXrQvr97
                                                                                                                                              MD5:384B0FBEC35D5D101DD92BCAA3EFA18A
                                                                                                                                              SHA1:202128FFBE8D086F6CB0C870FC3B3C32A8B7B3ED
                                                                                                                                              SHA-256:EF6EF3F750E8718D8F810EBF7C45B3209375F701C853265ADDF944E96DE87DBF
                                                                                                                                              SHA-512:66B97BE9382A919686FF1B1DFCB6167AA264B7C4CE6B7D9D9E67A2C8E6C9F47C47ED65A84BBA3B2CAE7A462F62E743C42A8D52A2E5D744BAF971FD2201B1430C
                                                                                                                                              Malicious:true
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........={..\..\..\..$..\..1-..\...)..\...)..\...)..\...)..\..7..\..7..\..7..\..\..@]..H)..\..H)..\..H)..\..H)..\..H)..\..Rich.\..................PE..d......b.........." .................e...............................................]....`.............................................p...p...|....p..h....0...8...L..0)......x.......T.......................(...p...8............................................text............................... ..`.rdata...&.......(..................@..@.data....D.......<..................@....pdata...8...0...:..................@..@.rsrc...h....p.......@..............@..@.reloc..x............D..............@..B................................................................................................................................................................................................................

                                                                                                                                              C:\Windows\system32\spool\DRIVERS\x64\3\imgprint.gpd (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):7996
                                                                                                                                              Entropy (8bit):5.128824009655858
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                                                                                              MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                                                                                              SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                                                                                              SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                                                                                              SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                                                                                              C:\Windows\system32\spool\drivers\x64\3\stddtype.gdl (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):23812
                                                                                                                                              Entropy (8bit):5.102231290969022
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                                                                                              MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                                                                                              SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                                                                                              SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                                                                                              SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                                                                                              C:\Windows\system32\spool\drivers\x64\3\stdnames.gpd (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):14362
                                                                                                                                              Entropy (8bit):4.18034476253744
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                                                                                              MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                                                                                              SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                                                                                              SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                                                                                              SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                                                                                              C:\Windows\system32\spool\drivers\x64\3\stdschem.gdl (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):59116
                                                                                                                                              Entropy (8bit):5.051886370413466
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                                                                                              MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                                                                                              SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                                                                                              SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                                                                                              SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                                                                                              C:\Windows\system32\spool\drivers\x64\3\stdschmx.gdl (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2278
                                                                                                                                              Entropy (8bit):4.581866117244519
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                                                                                              MD5:932F57E78976810729855CD1B5CCD8EF
                                                                                                                                              SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                                                                                              SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                                                                                              SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                                                                                              C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):531760
                                                                                                                                              Entropy (8bit):6.367903460100957
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:PTIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTzOO/:PUJ/Cq2IT/PiP4dapV7LDiK
                                                                                                                                              MD5:16F86997F1BD8CDE8524DD35DA677E7D
                                                                                                                                              SHA1:F0930CB7D4CA6F4A7770A3BF037EB9B981F79F95
                                                                                                                                              SHA-256:F9F4F52C5B5C2EE59E3A6E11214F5E3599D6C5499B61C5009456BE20E95278F8
                                                                                                                                              SHA-512:FA688BC3F04BBE4876C2720E7484D8BE7C125AB619A666E86A813F2F0946D79BCF1355D9CD9CF31AE3B8FA5E41EAE54A319ED0C1F501A68336BD652D76BB1740
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0......b.....`.........................................Xp......X....................K......0)... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):919344
                                                                                                                                              Entropy (8bit):5.989910938073557
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:tH0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+MX:t7Hdv3DyfhP2QgYPwo3ArgX
                                                                                                                                              MD5:871B629F8F6B87CDEDCA5227F46105A2
                                                                                                                                              SHA1:5DA2291D6904CF1AEDB187FB05EA5D44ECB0D4DA
                                                                                                                                              SHA-256:A52F712705D4D67FD8B1084353CE27810DBCD01737041882D172F0CE21C5478C
                                                                                                                                              SHA-512:F42F8D745501242501CC1CA4C2CE7DBC9104F136FD9FD4781A8A132A2A67EB51D5C58F5D67635D8CA5F94CC516CE5D60BAD50E245A85504817FDC409C58CF321
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ ............`.........................................._..{...............H........1......0)..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                              C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):856368
                                                                                                                                              Entropy (8bit):5.595317302196895
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:h9aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLhx:LaBEGbL4Np84TQazCSiRhx
                                                                                                                                              MD5:CCED2F361AA9D3858710FEF19C11EBA6
                                                                                                                                              SHA1:BB718E984F2F0AAD96C2C50862CEA7A00663FD5B
                                                                                                                                              SHA-256:492B990879411715AEC292B3730629C55AFB5490CEE7197DF71B0038294E9A1C
                                                                                                                                              SHA-512:C784EB5F64C75CC0DD77180214A4D707C3A5EDA837064738DF12F68E8515903025461E6069E636B171992BFBD72022F3F7F076D7BAEFE863BC47DE1DF5245A25
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:unknown
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." ......................................................................`.............................................................0...............0)...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                                                                                              Static File Info

                                                                                                                                              General

                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                              Entropy (8bit):7.9938288458310875
                                                                                                                                              TrID:
                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                              File name:SetupWIService.exe
                                                                                                                                              File size:11834040
                                                                                                                                              MD5:141d46ba18a6fb07ac40b69a22fbbcbc
                                                                                                                                              SHA1:f5da2877a28f5bc52d0b3d991308a5fa8e97a262
                                                                                                                                              SHA256:e22b3ffcb9eb55e53b6a95d34433567ef5d16fe8459199896229c899ff8a72b8
                                                                                                                                              SHA512:76e4fc48136cd360fe9880f12e4ff0f27af3406b81f929b5eafa359f48f5936a6b7007156953af7187575fc1b3ac3ffcece725b490828fb495a59f2c84a2c67b
                                                                                                                                              SSDEEP:196608:S6q1keR6vsyc5QztJX3NimlY72Y+CMUHWijGEwB1LnrqJ38EtlqVvFJ7FfYhI4:SrTcvbvztdN90jWXE4VEfqxzpw
                                                                                                                                              TLSH:69C6339814E1D525CF0E02B2B6640FAE2A837D4B8739DD45823B75DFF993983604A93F
                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.w.F.*.....F...v...F...@...F.Rich..F.........PE..L......].................d...|......k2............@

                                                                                                                                              File Icon

                                                                                                                                              Icon Hash:f0ecacadb296d470

                                                                                                                                              Static PE Info

                                                                                                                                              General

                                                                                                                                              Entrypoint:0x40326b
                                                                                                                                              Entrypoint Section:.text
                                                                                                                                              Digitally signed:true
                                                                                                                                              Imagebase:0x400000
                                                                                                                                              Subsystem:windows gui
                                                                                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                              Time Stamp:0x5DF6D4F0 [Mon Dec 16 00:50:56 2019 UTC]
                                                                                                                                              TLS Callbacks:
                                                                                                                                              CLR (.Net) Version:
                                                                                                                                              OS Version Major:4
                                                                                                                                              OS Version Minor:0
                                                                                                                                              File Version Major:4
                                                                                                                                              File Version Minor:0
                                                                                                                                              Subsystem Version Major:4
                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                              Import Hash:e9c0657252137ac61c1eeeba4c021000

                                                                                                                                              Authenticode Signature

                                                                                                                                              Signature Valid:true
                                                                                                                                              Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                                                                                                                              Signature Validation Error:The operation completed successfully
                                                                                                                                              Error Number:0
                                                                                                                                              Not Before, Not After
                                                                                                                                              • 9/28/2021 5:00:00 PM 9/28/2024 4:59:59 PM
                                                                                                                                              Subject Chain
                                                                                                                                              • CN=Wildix EE OU, O=Wildix EE OU, S=Harjumaa, C=EE
                                                                                                                                              Version:3
                                                                                                                                              Thumbprint MD5:E55C37638C7C0FF8823DB33F19D887EC
                                                                                                                                              Thumbprint SHA-1:FECCAC6BD522C81598A4C44307F6960E9C2DAE01
                                                                                                                                              Thumbprint SHA-256:82CECC21617A201B0F87783A802716469AD2F6CA6725513168445AF20F9E732C
                                                                                                                                              Serial:00C090271985B3889571FAD0EA7DF6AF45

                                                                                                                                              Entrypoint Preview

                                                                                                                                              Instruction
                                                                                                                                              sub esp, 00000184h
                                                                                                                                              push ebx
                                                                                                                                              push esi
                                                                                                                                              push edi
                                                                                                                                              xor ebx, ebx
                                                                                                                                              push 00008001h
                                                                                                                                              mov dword ptr [esp+18h], ebx
                                                                                                                                              mov dword ptr [esp+10h], 0040A198h
                                                                                                                                              mov dword ptr [esp+20h], ebx
                                                                                                                                              mov byte ptr [esp+14h], 00000020h
                                                                                                                                              call dword ptr [004080A0h]
                                                                                                                                              call dword ptr [0040809Ch]
                                                                                                                                              and eax, BFFFFFFFh
                                                                                                                                              cmp ax, 00000006h
                                                                                                                                              mov dword ptr [0042F40Ch], eax
                                                                                                                                              je 00007F0884A79B63h
                                                                                                                                              push ebx
                                                                                                                                              call 00007F0884A7CC4Bh
                                                                                                                                              cmp eax, ebx
                                                                                                                                              je 00007F0884A79B59h
                                                                                                                                              push 00000C00h
                                                                                                                                              call eax
                                                                                                                                              mov esi, 00408298h
                                                                                                                                              push esi
                                                                                                                                              call 00007F0884A7CBC7h
                                                                                                                                              push esi
                                                                                                                                              call dword ptr [00408098h]
                                                                                                                                              lea esi, dword ptr [esi+eax+01h]
                                                                                                                                              cmp byte ptr [esi], bl
                                                                                                                                              jne 00007F0884A79B3Dh
                                                                                                                                              push 0000000Ah
                                                                                                                                              call 00007F0884A7CC1Fh
                                                                                                                                              push 00000008h
                                                                                                                                              call 00007F0884A7CC18h
                                                                                                                                              push 00000006h
                                                                                                                                              mov dword ptr [0042F404h], eax
                                                                                                                                              call 00007F0884A7CC0Ch
                                                                                                                                              cmp eax, ebx
                                                                                                                                              je 00007F0884A79B61h
                                                                                                                                              push 0000001Eh
                                                                                                                                              call eax
                                                                                                                                              test eax, eax
                                                                                                                                              je 00007F0884A79B59h
                                                                                                                                              or byte ptr [0042F40Fh], 00000040h
                                                                                                                                              push ebp
                                                                                                                                              call dword ptr [00408040h]
                                                                                                                                              push ebx
                                                                                                                                              call dword ptr [00408284h]
                                                                                                                                              mov dword ptr [0042F4D8h], eax
                                                                                                                                              push ebx
                                                                                                                                              lea eax, dword ptr [esp+38h]
                                                                                                                                              push 00000160h
                                                                                                                                              push eax
                                                                                                                                              push ebx
                                                                                                                                              push 00429830h
                                                                                                                                              call dword ptr [00408178h]
                                                                                                                                              push 0040A188h

                                                                                                                                              Rich Headers

                                                                                                                                              Programming Language:
                                                                                                                                              • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                              Data Directories

                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x853c0xa0.rdata
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x410000x191f8.rsrc
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0xb469880x2930
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x80000x294.rdata
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                              Sections

                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                              .text0x10000x62ff0x6400False0.672421875data6.457821426487787IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                              .rdata0x80000x134a0x1400False0.459765625data5.238921057104071IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                              .data0xa0000x255180x600False0.4557291666666667data4.049203760121162IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                              .ndata0x300000x110000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                              .rsrc0x410000x191f80x19200False0.7030472636815921data6.749189154571692IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                              Resources

                                                                                                                                              NameRVASizeTypeLanguageCountry
                                                                                                                                              RT_ICON0x414000xbc2dPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                              RT_ICON0x4d0300x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 65279, next used block 4286513152EnglishUnited States
                                                                                                                                              RT_ICON0x512580x25a8dataEnglishUnited States
                                                                                                                                              RT_ICON0x538000x1a68dataEnglishUnited States
                                                                                                                                              RT_ICON0x552680x10a8dataEnglishUnited States
                                                                                                                                              RT_ICON0x563100xea8dataEnglishUnited States
                                                                                                                                              RT_ICON0x571b80x988dataEnglishUnited States
                                                                                                                                              RT_ICON0x57b400x8a8dataEnglishUnited States
                                                                                                                                              RT_ICON0x583e80x6b8dataEnglishUnited States
                                                                                                                                              RT_ICON0x58aa00x568GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                              RT_ICON0x590080x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                              RT_ICON0x594700x2e8dataEnglishUnited States
                                                                                                                                              RT_ICON0x597580x128GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                              RT_DIALOG0x598800x200dataEnglishUnited States
                                                                                                                                              RT_DIALOG0x59a800xf8dataEnglishUnited States
                                                                                                                                              RT_DIALOG0x59b780xa0dataEnglishUnited States
                                                                                                                                              RT_DIALOG0x59c180xeedataEnglishUnited States
                                                                                                                                              RT_GROUP_ICON0x59d080xbcdataEnglishUnited States
                                                                                                                                              RT_MANIFEST0x59dc80x42eXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                                                              Imports

                                                                                                                                              DLLImport
                                                                                                                                              KERNEL32.dllGetTempPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, Sleep, GetTickCount, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GetWindowsDirectoryA, SetFileAttributesA, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileTime, GetFileAttributesA, SetCurrentDirectoryA, MoveFileA, GetFullPathNameA, GetShortPathNameA, SearchPathA, CloseHandle, lstrcmpiA, CreateThread, GlobalLock, lstrcmpA, DeleteFileA, FindFirstFileA, FindNextFileA, FindClose, SetFilePointer, GetPrivateProfileStringA, WritePrivateProfileStringA, MulDiv, MultiByteToWideChar, FreeLibrary, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA
                                                                                                                                              USER32.dllGetSystemMenu, SetClassLongA, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, LoadImageA, CreateDialogParamA, SetTimer, SetWindowTextA, SetForegroundWindow, ShowWindow, SetWindowLongA, SendMessageTimeoutA, FindWindowExA, IsWindow, AppendMenuA, TrackPopupMenu, CreatePopupMenu, DrawTextA, EndPaint, DestroyWindow, wsprintfA, PostQuitMessage
                                                                                                                                              GDI32.dllSelectObject, SetTextColor, SetBkMode, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, GetDeviceCaps, SetBkColor
                                                                                                                                              SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA
                                                                                                                                              ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                                                                                              COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                                              ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                                              Possible Origin

                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                              EnglishUnited States

                                                                                                                                              Network Behavior

                                                                                                                                              Network Port Distribution

                                                                                                                                              TCP Packets

                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                              Sep 20, 2022 11:47:43.784569025 CEST49721443192.168.2.335.157.107.60
                                                                                                                                              Sep 20, 2022 11:47:43.784611940 CEST4434972135.157.107.60192.168.2.3
                                                                                                                                              Sep 20, 2022 11:47:43.784686089 CEST49721443192.168.2.335.157.107.60
                                                                                                                                              Sep 20, 2022 11:47:43.789053917 CEST49721443192.168.2.335.157.107.60
                                                                                                                                              Sep 20, 2022 11:47:43.789093971 CEST4434972135.157.107.60192.168.2.3
                                                                                                                                              Sep 20, 2022 11:47:43.864429951 CEST4434972135.157.107.60192.168.2.3
                                                                                                                                              Sep 20, 2022 11:47:43.866550922 CEST49721443192.168.2.335.157.107.60
                                                                                                                                              Sep 20, 2022 11:47:43.866576910 CEST4434972135.157.107.60192.168.2.3
                                                                                                                                              Sep 20, 2022 11:47:43.868436098 CEST4434972135.157.107.60192.168.2.3
                                                                                                                                              Sep 20, 2022 11:47:43.868571997 CEST49721443192.168.2.335.157.107.60
                                                                                                                                              Sep 20, 2022 11:47:43.871071100 CEST49721443192.168.2.335.157.107.60
                                                                                                                                              Sep 20, 2022 11:47:43.871251106 CEST4434972135.157.107.60192.168.2.3
                                                                                                                                              Sep 20, 2022 11:47:43.871593952 CEST49721443192.168.2.335.157.107.60
                                                                                                                                              Sep 20, 2022 11:47:43.871603966 CEST4434972135.157.107.60192.168.2.3
                                                                                                                                              Sep 20, 2022 11:47:43.926836014 CEST49721443192.168.2.335.157.107.60
                                                                                                                                              Sep 20, 2022 11:47:43.957470894 CEST4434972135.157.107.60192.168.2.3
                                                                                                                                              Sep 20, 2022 11:47:43.957613945 CEST4434972135.157.107.60192.168.2.3
                                                                                                                                              Sep 20, 2022 11:47:43.957670927 CEST49721443192.168.2.335.157.107.60
                                                                                                                                              Sep 20, 2022 11:47:43.976078987 CEST49721443192.168.2.335.157.107.60
                                                                                                                                              Sep 20, 2022 11:47:43.976109028 CEST4434972135.157.107.60192.168.2.3
                                                                                                                                              Sep 20, 2022 11:47:47.710249901 CEST49722443192.168.2.352.57.145.52
                                                                                                                                              Sep 20, 2022 11:47:47.710279942 CEST4434972252.57.145.52192.168.2.3
                                                                                                                                              Sep 20, 2022 11:47:47.712038040 CEST49722443192.168.2.352.57.145.52
                                                                                                                                              Sep 20, 2022 11:47:47.715194941 CEST49722443192.168.2.352.57.145.52
                                                                                                                                              Sep 20, 2022 11:47:47.715207100 CEST4434972252.57.145.52192.168.2.3
                                                                                                                                              Sep 20, 2022 11:47:47.780221939 CEST4434972252.57.145.52192.168.2.3
                                                                                                                                              Sep 20, 2022 11:47:47.782924891 CEST49722443192.168.2.352.57.145.52
                                                                                                                                              Sep 20, 2022 11:47:47.782943964 CEST4434972252.57.145.52192.168.2.3
                                                                                                                                              Sep 20, 2022 11:47:47.783979893 CEST4434972252.57.145.52192.168.2.3
                                                                                                                                              Sep 20, 2022 11:47:47.784149885 CEST49722443192.168.2.352.57.145.52
                                                                                                                                              Sep 20, 2022 11:47:47.792269945 CEST49722443192.168.2.352.57.145.52
                                                                                                                                              Sep 20, 2022 11:47:47.792279005 CEST49722443192.168.2.352.57.145.52
                                                                                                                                              Sep 20, 2022 11:47:47.792283058 CEST4434972252.57.145.52192.168.2.3
                                                                                                                                              Sep 20, 2022 11:47:47.792346001 CEST4434972252.57.145.52192.168.2.3
                                                                                                                                              Sep 20, 2022 11:47:47.880130053 CEST4434972252.57.145.52192.168.2.3
                                                                                                                                              Sep 20, 2022 11:47:47.880213976 CEST49722443192.168.2.352.57.145.52
                                                                                                                                              Sep 20, 2022 11:47:47.882826090 CEST49722443192.168.2.352.57.145.52
                                                                                                                                              Sep 20, 2022 11:47:47.882839918 CEST4434972252.57.145.52192.168.2.3

                                                                                                                                              UDP Packets

                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                              Sep 20, 2022 11:47:43.716272116 CEST6058253192.168.2.38.8.8.8
                                                                                                                                              Sep 20, 2022 11:47:43.738590956 CEST53605828.8.8.8192.168.2.3
                                                                                                                                              Sep 20, 2022 11:47:47.440412998 CEST5713453192.168.2.38.8.8.8
                                                                                                                                              Sep 20, 2022 11:47:47.463524103 CEST53571348.8.8.8192.168.2.3

                                                                                                                                              DNS Queries

                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                              Sep 20, 2022 11:47:43.716272116 CEST192.168.2.38.8.8.80xc02Standard query (0)feedback.wildix.comA (IP address)IN (0x0001)false
                                                                                                                                              Sep 20, 2022 11:47:47.440412998 CEST192.168.2.38.8.8.80x48e6Standard query (0)feedback.wildix.comA (IP address)IN (0x0001)false

                                                                                                                                              DNS Answers

                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                              Sep 20, 2022 11:47:43.738590956 CEST8.8.8.8192.168.2.30xc02No error (0)feedback.wildix.com35.157.107.60A (IP address)IN (0x0001)false
                                                                                                                                              Sep 20, 2022 11:47:43.738590956 CEST8.8.8.8192.168.2.30xc02No error (0)feedback.wildix.com52.57.145.52A (IP address)IN (0x0001)false
                                                                                                                                              Sep 20, 2022 11:47:47.463524103 CEST8.8.8.8192.168.2.30x48e6No error (0)feedback.wildix.com52.57.145.52A (IP address)IN (0x0001)false
                                                                                                                                              Sep 20, 2022 11:47:47.463524103 CEST8.8.8.8192.168.2.30x48e6No error (0)feedback.wildix.com35.157.107.60A (IP address)IN (0x0001)false

                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                              • feedback.wildix.com

                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                              0192.168.2.34972135.157.107.60443C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                              2022-09-20 09:47:43 UTC0OUTPOST /api/v1/Analytics/wiservice HTTP/1.1
                                                                                                                                              Host: feedback.wildix.com
                                                                                                                                              Accept: */*
                                                                                                                                              Content-Length: 404
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              2022-09-20 09:47:43 UTC0OUTData Raw: 65 76 65 6e 74 3d 77 69 53 65 72 76 69 63 65 53 74 61 72 74 65 64 26 64 61 74 61 3d 7b 22 61 70 70 4e 61 6d 65 22 3a 22 77 69 73 65 72 76 69 63 65 22 2c 22 61 75 74 6f 55 70 64 61 74 65 22 3a 22 64 69 73 61 62 6c 65 64 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 33 2e 39 2e 31 2e 31 22 7d 26 63 6f 6e 74 65 78 74 3d 7b 22 65 78 74 65 6e 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 65 72 22 3a 22 65 78 65 22 2c 22 6d 61 63 68 69 6e 65 49 64 22 3a 22 22 2c 22 6d 65 73 73 61 67 65 49 64 22 3a 22 64 62 64 65 30 36 38 66 2d 62 64 62 32 2d 34 30 64 65 2d 61 64 61 66 2d 32 65 31 35 63 35 62 35 33 31 65 62 22 2c 22 6f 73 22 3a 22 57 69 6e 64 6f 77 73 5f 4e 54 22 2c 22 6f 73 42 69 74 73 22 3a 22 36 34 62 69 74 22 2c 22 6f 73 42 75 69 6c 64 22 3a 22 22 2c 22 6f 73
                                                                                                                                              Data Ascii: event=wiServiceStarted&data={"appName":"wiservice","autoUpdate":"disabled","version":"3.9.1.1"}&context={"extension":"","installer":"exe","machineId":"","messageId":"dbde068f-bdb2-40de-adaf-2e15c5b531eb","os":"Windows_NT","osBits":"64bit","osBuild":"","os
                                                                                                                                              2022-09-20 09:47:43 UTC0INHTTP/1.1 200 OK
                                                                                                                                              Date: Tue, 20 Sep 2022 09:47:43 GMT
                                                                                                                                              Content-Type: text/html;charset=UTF-8
                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                              Connection: close
                                                                                                                                              Server: nginx/1.16.1
                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                              Access-Control-Allow-Headers: accept, authorization, content-type
                                                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                                                              P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
                                                                                                                                              2022-09-20 09:47:43 UTC0INData Raw: 30 0d 0a 0d 0a
                                                                                                                                              Data Ascii: 0


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                              1192.168.2.34972252.57.145.52443C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                              2022-09-20 09:47:47 UTC0OUTPOST /api/v1/Analytics/wiservice HTTP/1.1
                                                                                                                                              Host: feedback.wildix.com
                                                                                                                                              Accept: */*
                                                                                                                                              Content-Length: 382
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              2022-09-20 09:47:47 UTC1OUTData Raw: 65 76 65 6e 74 3d 68 65 61 64 73 65 74 49 6e 74 65 67 72 61 74 69 6f 6e 43 6f 6e 6e 65 63 74 65 64 26 64 61 74 61 3d 7b 22 61 70 70 4e 61 6d 65 22 3a 22 68 65 61 64 73 65 74 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 22 7d 26 63 6f 6e 74 65 78 74 3d 7b 22 65 78 74 65 6e 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 65 72 22 3a 22 65 78 65 22 2c 22 6d 61 63 68 69 6e 65 49 64 22 3a 22 22 2c 22 6d 65 73 73 61 67 65 49 64 22 3a 22 64 65 63 63 33 34 64 39 2d 66 33 31 32 2d 34 35 32 33 2d 62 35 32 39 2d 61 31 62 64 64 30 35 34 32 31 34 61 22 2c 22 6f 73 22 3a 22 57 69 6e 64 6f 77 73 5f 4e 54 22 2c 22 6f 73 42 69 74 73 22 3a 22 36 34 62 69 74 22 2c 22 6f 73 42 75 69 6c 64 22 3a 22 22 2c 22 6f 73 4e 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 22
                                                                                                                                              Data Ascii: event=headsetIntegrationConnected&data={"appName":"headset","version":""}&context={"extension":"","installer":"exe","machineId":"","messageId":"decc34d9-f312-4523-b529-a1bdd054214a","os":"Windows_NT","osBits":"64bit","osBuild":"","osName":"Windows 10 Pro"
                                                                                                                                              2022-09-20 09:47:47 UTC1INHTTP/1.1 200 OK
                                                                                                                                              Date: Tue, 20 Sep 2022 09:47:47 GMT
                                                                                                                                              Content-Type: text/html;charset=UTF-8
                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                              Connection: close
                                                                                                                                              Server: nginx/1.16.1
                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                              Access-Control-Allow-Headers: accept, authorization, content-type
                                                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                                                              P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
                                                                                                                                              2022-09-20 09:47:47 UTC1INData Raw: 30 0d 0a 0d 0a
                                                                                                                                              Data Ascii: 0


                                                                                                                                              Statistics

                                                                                                                                              CPU Usage

                                                                                                                                              Click to jump to process

                                                                                                                                              Memory Usage

                                                                                                                                              Click to jump to process

                                                                                                                                              High Level Behavior Distribution

                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                              Behavior

                                                                                                                                              Click to jump to process

                                                                                                                                              System Behavior

                                                                                                                                              General

                                                                                                                                              Target ID:0
                                                                                                                                              Start time:11:46:04
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Users\user\Desktop\SetupWIService.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:"C:\Users\user\Desktop\SetupWIService.exe"
                                                                                                                                              Imagebase:0x400000
                                                                                                                                              File size:11834040 bytes
                                                                                                                                              MD5 hash:141D46BA18A6FB07AC40B69A22FBBCBC
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:low

                                                                                                                                              General

                                                                                                                                              Target ID:1
                                                                                                                                              Start time:11:46:06
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:cmd /C taskkill /F /IM WIService.exe
                                                                                                                                              Imagebase:0xb0000
                                                                                                                                              File size:232960 bytes
                                                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high

                                                                                                                                              General

                                                                                                                                              Target ID:2
                                                                                                                                              Start time:11:46:07
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                              Imagebase:0x7ff745070000
                                                                                                                                              File size:625664 bytes
                                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high

                                                                                                                                              General

                                                                                                                                              Target ID:3
                                                                                                                                              Start time:11:46:07
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:taskkill /F /IM WIService.exe
                                                                                                                                              Imagebase:0x1220000
                                                                                                                                              File size:74752 bytes
                                                                                                                                              MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high

                                                                                                                                              General

                                                                                                                                              Target ID:4
                                                                                                                                              Start time:11:46:08
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:cmd /C taskkill /F /IM WIui.exe
                                                                                                                                              Imagebase:0xb0000
                                                                                                                                              File size:232960 bytes
                                                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high

                                                                                                                                              General

                                                                                                                                              Target ID:5
                                                                                                                                              Start time:11:46:09
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                              Imagebase:0x7ff745070000
                                                                                                                                              File size:625664 bytes
                                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high

                                                                                                                                              General

                                                                                                                                              Target ID:6
                                                                                                                                              Start time:11:46:09
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:taskkill /F /IM WIui.exe
                                                                                                                                              Imagebase:0x1220000
                                                                                                                                              File size:74752 bytes
                                                                                                                                              MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high

                                                                                                                                              General

                                                                                                                                              Target ID:7
                                                                                                                                              Start time:11:46:10
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:cmd /C taskkill /F /IM wirtpproxy.exe
                                                                                                                                              Imagebase:0xb0000
                                                                                                                                              File size:232960 bytes
                                                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high

                                                                                                                                              General

                                                                                                                                              Target ID:8
                                                                                                                                              Start time:11:46:11
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                              Imagebase:0x7ff745070000
                                                                                                                                              File size:625664 bytes
                                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high

                                                                                                                                              General

                                                                                                                                              Target ID:9
                                                                                                                                              Start time:11:46:11
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:taskkill /F /IM wirtpproxy.exe
                                                                                                                                              Imagebase:0x1220000
                                                                                                                                              File size:74752 bytes
                                                                                                                                              MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:10
                                                                                                                                              Start time:11:46:12
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:cmd /C taskkill /F /IM wiservice-ui.exe
                                                                                                                                              Imagebase:0xb0000
                                                                                                                                              File size:232960 bytes
                                                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:11
                                                                                                                                              Start time:11:46:13
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                              Imagebase:0x7ff745070000
                                                                                                                                              File size:625664 bytes
                                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:12
                                                                                                                                              Start time:11:46:13
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:taskkill /F /IM wiservice-ui.exe
                                                                                                                                              Imagebase:0x1220000
                                                                                                                                              File size:74752 bytes
                                                                                                                                              MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:13
                                                                                                                                              Start time:11:46:14
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:cmd /C taskkill /F /IM vncsrv.exe
                                                                                                                                              Imagebase:0xb0000
                                                                                                                                              File size:232960 bytes
                                                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:14
                                                                                                                                              Start time:11:46:15
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                              Imagebase:0x7ff745070000
                                                                                                                                              File size:625664 bytes
                                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:15
                                                                                                                                              Start time:11:46:15
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:taskkill /F /IM vncsrv.exe
                                                                                                                                              Imagebase:0x1220000
                                                                                                                                              File size:74752 bytes
                                                                                                                                              MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:16
                                                                                                                                              Start time:11:46:16
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:cmd /C taskkill /F /IM WildixOutlookIntegration.exe
                                                                                                                                              Imagebase:0xb0000
                                                                                                                                              File size:232960 bytes
                                                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:17
                                                                                                                                              Start time:11:46:17
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                              Imagebase:0x7ff745070000
                                                                                                                                              File size:625664 bytes
                                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:18
                                                                                                                                              Start time:11:46:17
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:taskkill /F /IM WildixOutlookIntegration.exe
                                                                                                                                              Imagebase:0x1220000
                                                                                                                                              File size:74752 bytes
                                                                                                                                              MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:19
                                                                                                                                              Start time:11:46:22
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                                                                                                                              Imagebase:0x7ff651c80000
                                                                                                                                              File size:51288 bytes
                                                                                                                                              MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:20
                                                                                                                                              Start time:11:46:22
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:c:\windows\system32\svchost.exe -k unistacksvcgroup
                                                                                                                                              Imagebase:0x7ff651c80000
                                                                                                                                              File size:51288 bytes
                                                                                                                                              MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                              Has elevated privileges:false
                                                                                                                                              Has administrator privileges:false
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:21
                                                                                                                                              Start time:11:46:23
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
                                                                                                                                              Imagebase:0x7ff651c80000
                                                                                                                                              File size:51288 bytes
                                                                                                                                              MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:false
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:22
                                                                                                                                              Start time:11:46:24
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
                                                                                                                                              Imagebase:0x7ff651c80000
                                                                                                                                              File size:51288 bytes
                                                                                                                                              MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:false
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:24
                                                                                                                                              Start time:11:46:25
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p
                                                                                                                                              Imagebase:0x7ff651c80000
                                                                                                                                              File size:51288 bytes
                                                                                                                                              MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:false
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:25
                                                                                                                                              Start time:11:46:26
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\SgrmBroker.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\SgrmBroker.exe
                                                                                                                                              Imagebase:0x7ff7a1aa0000
                                                                                                                                              File size:163336 bytes
                                                                                                                                              MD5 hash:D3170A3F3A9626597EEE1888686E3EA6
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:26
                                                                                                                                              Start time:11:46:26
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --removesvc
                                                                                                                                              Imagebase:0x7ff68bf90000
                                                                                                                                              File size:14324528 bytes
                                                                                                                                              MD5 hash:C66742153E3B6174EE1B9E50F71EB1D2
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:27
                                                                                                                                              Start time:11:46:27
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:c:\windows\system32\svchost.exe -k netsvcs -p
                                                                                                                                              Imagebase:0x7ff651c80000
                                                                                                                                              File size:51288 bytes
                                                                                                                                              MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:28
                                                                                                                                              Start time:11:46:27
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                                              Imagebase:0x7ff651c80000
                                                                                                                                              File size:51288 bytes
                                                                                                                                              MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:29
                                                                                                                                              Start time:11:46:29
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:c:\windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
                                                                                                                                              Imagebase:0x7ff651c80000
                                                                                                                                              File size:51288 bytes
                                                                                                                                              MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:30
                                                                                                                                              Start time:11:46:29
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
                                                                                                                                              Imagebase:0x7ff651c80000
                                                                                                                                              File size:51288 bytes
                                                                                                                                              MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:false
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:31
                                                                                                                                              Start time:11:46:36
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter
                                                                                                                                              Imagebase:0x7ff68bf90000
                                                                                                                                              File size:14324528 bytes
                                                                                                                                              MD5 hash:C66742153E3B6174EE1B9E50F71EB1D2
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:32
                                                                                                                                              Start time:11:46:38
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                                              Imagebase:0x7ff651c80000
                                                                                                                                              File size:51288 bytes
                                                                                                                                              MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:33
                                                                                                                                              Start time:11:46:41
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\spoolsv.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\System32\spoolsv.exe
                                                                                                                                              Imagebase:0x7ff733a70000
                                                                                                                                              File size:768512 bytes
                                                                                                                                              MD5 hash:C05A19A38D7D203B738771FD1854656F
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:34
                                                                                                                                              Start time:11:46:46
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\spoolsv.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\System32\spoolsv.exe
                                                                                                                                              Imagebase:0x7ff733a70000
                                                                                                                                              File size:768512 bytes
                                                                                                                                              MD5 hash:C05A19A38D7D203B738771FD1854656F
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:35
                                                                                                                                              Start time:11:47:01
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase
                                                                                                                                              Imagebase:0x29123520000
                                                                                                                                              File size:64096 bytes
                                                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                                                              General

                                                                                                                                              Target ID:36
                                                                                                                                              Start time:11:47:02
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                              Imagebase:0x7ff745070000
                                                                                                                                              File size:625664 bytes
                                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:37
                                                                                                                                              Start time:11:47:04
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase
                                                                                                                                              Imagebase:0x27000390000
                                                                                                                                              File size:64096 bytes
                                                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                                                              General

                                                                                                                                              Target ID:38
                                                                                                                                              Start time:11:47:05
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                              Imagebase:0x7ff745070000
                                                                                                                                              File size:625664 bytes
                                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:39
                                                                                                                                              Start time:11:47:07
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase
                                                                                                                                              Imagebase:0x1222b4e0000
                                                                                                                                              File size:64096 bytes
                                                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                                                              General

                                                                                                                                              Target ID:40
                                                                                                                                              Start time:11:47:07
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                              Imagebase:0x7ff745070000
                                                                                                                                              File size:625664 bytes
                                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:41
                                                                                                                                              Start time:11:47:10
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase
                                                                                                                                              Imagebase:0x20e4fd60000
                                                                                                                                              File size:64096 bytes
                                                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                                                              General

                                                                                                                                              Target ID:42
                                                                                                                                              Start time:11:47:11
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                              Imagebase:0x7ff745070000
                                                                                                                                              File size:625664 bytes
                                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:43
                                                                                                                                              Start time:11:47:13
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase
                                                                                                                                              Imagebase:0x20013530000
                                                                                                                                              File size:64096 bytes
                                                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                                                              General

                                                                                                                                              Target ID:44
                                                                                                                                              Start time:11:47:14
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                              Imagebase:0x7ff745070000
                                                                                                                                              File size:625664 bytes
                                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:45
                                                                                                                                              Start time:11:47:18
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase
                                                                                                                                              Imagebase:0x19b61ff0000
                                                                                                                                              File size:64096 bytes
                                                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                                                              General

                                                                                                                                              Target ID:46
                                                                                                                                              Start time:11:47:19
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                              Imagebase:0x7ff745070000
                                                                                                                                              File size:625664 bytes
                                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:49
                                                                                                                                              Start time:11:47:22
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase
                                                                                                                                              Imagebase:0x20d267f0000
                                                                                                                                              File size:64096 bytes
                                                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                                                              General

                                                                                                                                              Target ID:50
                                                                                                                                              Start time:11:47:23
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                              Imagebase:0x7ff745070000
                                                                                                                                              File size:625664 bytes
                                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:51
                                                                                                                                              Start time:11:47:25
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent
                                                                                                                                              Imagebase:0x1da93800000
                                                                                                                                              File size:64096 bytes
                                                                                                                                              MD5 hash:2B5D765B33C67EBA41E9F47954227BC3
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:.Net C# or VB.NET

                                                                                                                                              General

                                                                                                                                              Target ID:52
                                                                                                                                              Start time:11:47:26
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                              Imagebase:0x7ff70b1a0000
                                                                                                                                              File size:625664 bytes
                                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:53
                                                                                                                                              Start time:11:47:30
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                                                                                                                                              Imagebase:0x7ff735e30000
                                                                                                                                              File size:455656 bytes
                                                                                                                                              MD5 hash:A267555174BFA53844371226F482B86B
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:false
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:54
                                                                                                                                              Start time:11:47:30
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
                                                                                                                                              Imagebase:0x7ff707bb0000
                                                                                                                                              File size:273920 bytes
                                                                                                                                              MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:55
                                                                                                                                              Start time:11:47:30
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                              Imagebase:0x7ff745070000
                                                                                                                                              File size:625664 bytes
                                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:false
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:56
                                                                                                                                              Start time:11:47:31
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                              Imagebase:0x7ff745070000
                                                                                                                                              File size:625664 bytes
                                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:57
                                                                                                                                              Start time:11:47:31
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
                                                                                                                                              Imagebase:0x7ff653c10000
                                                                                                                                              File size:226816 bytes
                                                                                                                                              MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:58
                                                                                                                                              Start time:11:47:32
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                                                              Imagebase:0x7ff707bb0000
                                                                                                                                              File size:273920 bytes
                                                                                                                                              MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:59
                                                                                                                                              Start time:11:47:33
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                              Imagebase:0x7ff745070000
                                                                                                                                              File size:625664 bytes
                                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:60
                                                                                                                                              Start time:11:47:34
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\netsh.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                                                              Imagebase:0x7ff6c9260000
                                                                                                                                              File size:92672 bytes
                                                                                                                                              MD5 hash:98CC37BBF363A38834253E22C80A8F32
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:61
                                                                                                                                              Start time:11:47:35
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                                                              Imagebase:0x7ff707bb0000
                                                                                                                                              File size:273920 bytes
                                                                                                                                              MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:62
                                                                                                                                              Start time:11:47:36
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                              Imagebase:0x7ff745070000
                                                                                                                                              File size:625664 bytes
                                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:63
                                                                                                                                              Start time:11:47:39
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Windows\System32\netsh.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                                                              Imagebase:0x7ff6c9260000
                                                                                                                                              File size:92672 bytes
                                                                                                                                              MD5 hash:98CC37BBF363A38834253E22C80A8F32
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:64
                                                                                                                                              Start time:11:47:40
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\WIService.exe"
                                                                                                                                              Imagebase:0x7ff68bf90000
                                                                                                                                              File size:14324528 bytes
                                                                                                                                              MD5 hash:C66742153E3B6174EE1B9E50F71EB1D2
                                                                                                                                              Has elevated privileges:false
                                                                                                                                              Has administrator privileges:false
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:65
                                                                                                                                              Start time:11:47:41
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
                                                                                                                                              Imagebase:0x7ff68bf90000
                                                                                                                                              File size:14324528 bytes
                                                                                                                                              MD5 hash:C66742153E3B6174EE1B9E50F71EB1D2
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:66
                                                                                                                                              Start time:11:47:49
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc
                                                                                                                                              Imagebase:0x7ff68bf90000
                                                                                                                                              File size:14324528 bytes
                                                                                                                                              MD5 hash:C66742153E3B6174EE1B9E50F71EB1D2
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:67
                                                                                                                                              Start time:11:47:52
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --hostsvc
                                                                                                                                              Imagebase:0x7ff68bf90000
                                                                                                                                              File size:14324528 bytes
                                                                                                                                              MD5 hash:C66742153E3B6174EE1B9E50F71EB1D2
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              General

                                                                                                                                              Target ID:68
                                                                                                                                              Start time:11:47:57
                                                                                                                                              Start date:20/09/2022
                                                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher
                                                                                                                                              Imagebase:0x1390000
                                                                                                                                              File size:14324528 bytes
                                                                                                                                              MD5 hash:C66742153E3B6174EE1B9E50F71EB1D2
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language

                                                                                                                                              Disassembly

                                                                                                                                              Reset < >

                                                                                                                                                Execution Graph

                                                                                                                                                Execution Coverage:32.3%
                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                Signature Coverage:17.4%
                                                                                                                                                Total number of Nodes:1302
                                                                                                                                                Total number of Limit Nodes:47
                                                                                                                                                execution_graph 2846 401d41 2847 401d54 GetDlgItem 2846->2847 2848 401d47 2846->2848 2850 401d4e 2847->2850 2857 402b0a 2848->2857 2851 401d8f GetClientRect LoadImageA SendMessageA 2850->2851 2860 402b2c 2850->2860 2854 4029b8 2851->2854 2855 401deb 2851->2855 2855->2854 2856 401df3 DeleteObject 2855->2856 2856->2854 2866 406032 2857->2866 2859 402b1f 2859->2850 2861 402b38 2860->2861 2862 406032 17 API calls 2861->2862 2863 402b59 2862->2863 2864 402b65 2863->2864 2865 40627a 5 API calls 2863->2865 2864->2851 2865->2864 2867 40603f 2866->2867 2868 406261 2867->2868 2871 40623b lstrlenA 2867->2871 2873 406032 10 API calls 2867->2873 2876 406157 GetSystemDirectoryA 2867->2876 2877 40616a GetWindowsDirectoryA 2867->2877 2879 406032 10 API calls 2867->2879 2880 4061e4 lstrcatA 2867->2880 2881 40619e SHGetSpecialFolderLocation 2867->2881 2883 405ef7 2867->2883 2888 40627a 2867->2888 2897 405f6e wsprintfA 2867->2897 2898 406010 lstrcpynA 2867->2898 2869 406276 2868->2869 2899 406010 lstrcpynA 2868->2899 2869->2859 2871->2867 2873->2871 2876->2867 2877->2867 2879->2867 2880->2867 2881->2867 2882 4061b6 SHGetPathFromIDListA CoTaskMemFree 2881->2882 2882->2867 2900 405e96 2883->2900 2886 405f5a 2886->2867 2887 405f2b RegQueryValueExA RegCloseKey 2887->2886 2894 406286 2888->2894 2889 4062ee 2890 4062f2 CharPrevA 2889->2890 2893 40630d 2889->2893 2890->2889 2891 4062e3 CharNextA 2891->2889 2891->2894 2893->2867 2894->2889 2894->2891 2895 4062d1 CharNextA 2894->2895 2896 4062de CharNextA 2894->2896 2904 4059d3 2894->2904 2895->2894 2896->2891 2897->2867 2898->2867 2899->2869 2901 405ea5 2900->2901 2902 405ea9 2901->2902 2903 405eae RegOpenKeyExA 2901->2903 2902->2886 2902->2887 2903->2902 2905 4059d9 2904->2905 2906 4059ec 2905->2906 2907 4059df CharNextA 2905->2907 2906->2894 2907->2905 3792 401ec3 3793 402b2c 17 API calls 3792->3793 3794 401ec9 3793->3794 3795 402b2c 17 API calls 3794->3795 3796 401ed2 3795->3796 3797 402b2c 17 API calls 3796->3797 3798 401edb 3797->3798 3799 402b2c 17 API calls 3798->3799 3800 401ee4 3799->3800 3801 401423 24 API calls 3800->3801 3802 401eeb 3801->3802 3809 4056f2 ShellExecuteExA 3802->3809 3804 401f29 3805 40641d 5 API calls 3804->3805 3807 402783 3804->3807 3806 401f43 FindCloseChangeNotification 3805->3806 3806->3807 3809->3804 2908 401746 2909 402b2c 17 API calls 2908->2909 2910 40174d 2909->2910 2914 405bd8 2910->2914 2912 401754 2913 405bd8 2 API calls 2912->2913 2913->2912 2915 405be3 GetTickCount GetTempFileNameA 2914->2915 2916 405c10 2915->2916 2917 405c14 2915->2917 2916->2915 2916->2917 2917->2912 3810 401947 3811 402b2c 17 API calls 3810->3811 3812 40194e lstrlenA 3811->3812 3813 4025e4 3812->3813 2918 401f48 2919 402b2c 17 API calls 2918->2919 2920 401f4e 2919->2920 2931 405137 2920->2931 2925 402783 2928 401f7f FindCloseChangeNotification 2928->2925 2929 401f73 2929->2928 2950 405f6e wsprintfA 2929->2950 2932 405152 2931->2932 2941 401f58 2931->2941 2933 40516f lstrlenA 2932->2933 2934 406032 17 API calls 2932->2934 2935 405198 2933->2935 2936 40517d lstrlenA 2933->2936 2934->2933 2938 4051ab 2935->2938 2939 40519e SetWindowTextA 2935->2939 2937 40518f lstrcatA 2936->2937 2936->2941 2937->2935 2940 4051b1 SendMessageA SendMessageA SendMessageA 2938->2940 2938->2941 2939->2938 2940->2941 2942 4056af CreateProcessA 2941->2942 2943 4056e2 CloseHandle 2942->2943 2944 401f5e 2942->2944 2943->2944 2944->2925 2944->2928 2945 40641d WaitForSingleObject 2944->2945 2946 406437 2945->2946 2947 406449 GetExitCodeProcess 2946->2947 2951 4063e4 2946->2951 2947->2929 2950->2928 2952 406401 PeekMessageA 2951->2952 2953 406411 WaitForSingleObject 2952->2953 2954 4063f7 DispatchMessageA 2952->2954 2953->2946 2954->2952 3814 401fc8 3815 402b2c 17 API calls 3814->3815 3816 401fcf 3815->3816 3817 4063a8 5 API calls 3816->3817 3818 401fde 3817->3818 3819 401ff6 GlobalAlloc 3818->3819 3821 40205e 3818->3821 3820 40200a 3819->3820 3819->3821 3822 4063a8 5 API calls 3820->3822 3823 402011 3822->3823 3824 4063a8 5 API calls 3823->3824 3825 40201b 3824->3825 3825->3821 3829 405f6e wsprintfA 3825->3829 3827 402052 3830 405f6e wsprintfA 3827->3830 3829->3827 3830->3821 3831 4025c8 3832 402b2c 17 API calls 3831->3832 3833 4025cf 3832->3833 3836 405ba9 GetFileAttributesA CreateFileA 3833->3836 3835 4025db 3836->3835 2955 403bca 2956 403be2 2955->2956 2957 403d1d 2955->2957 2956->2957 2958 403bee 2956->2958 2959 403d6e 2957->2959 2960 403d2e GetDlgItem GetDlgItem 2957->2960 2962 403bf9 SetWindowPos 2958->2962 2963 403c0c 2958->2963 2961 403dc8 2959->2961 2969 401389 2 API calls 2959->2969 3024 40409e 2960->3024 3016 403d18 2961->3016 3030 4040ea 2961->3030 2962->2963 2966 403c11 ShowWindow 2963->2966 2967 403c29 2963->2967 2966->2967 2970 403c31 DestroyWindow 2967->2970 2971 403c4b 2967->2971 2968 403d58 KiUserCallbackDispatcher 3027 40140b 2968->3027 2973 403da0 2969->2973 3023 404027 2970->3023 2974 403c50 SetWindowLongA 2971->2974 2975 403c61 2971->2975 2973->2961 2977 403da4 SendMessageA 2973->2977 2974->3016 2976 403c6d GetDlgItem 2975->2976 2989 403cd8 2975->2989 2980 403c80 SendMessageA IsWindowEnabled 2976->2980 2983 403c9d 2976->2983 2977->3016 2978 40140b 2 API calls 3013 403dda 2978->3013 2979 404029 DestroyWindow KiUserCallbackDispatcher 2979->3023 2980->2983 2980->3016 2982 404058 ShowWindow 2982->3016 2985 403caa 2983->2985 2986 403cf1 SendMessageA 2983->2986 2987 403cbd 2983->2987 2995 403ca2 2983->2995 2984 406032 17 API calls 2984->3013 2985->2986 2985->2995 2986->2989 2990 403cc5 2987->2990 2991 403cda 2987->2991 3046 404105 2989->3046 2994 40140b 2 API calls 2990->2994 2993 40140b 2 API calls 2991->2993 2992 40409e 18 API calls 2992->3013 2993->2995 2994->2995 2995->2989 3043 404077 2995->3043 2996 40409e 18 API calls 2997 403e55 GetDlgItem 2996->2997 2998 403e72 ShowWindow KiUserCallbackDispatcher 2997->2998 2999 403e6a 2997->2999 3033 4040c0 KiUserCallbackDispatcher 2998->3033 2999->2998 3001 403e9c EnableWindow 3006 403eb0 3001->3006 3002 403eb5 GetSystemMenu EnableMenuItem SendMessageA 3003 403ee5 SendMessageA 3002->3003 3002->3006 3003->3006 3006->3002 3034 4040d3 SendMessageA 3006->3034 3035 403bab 3006->3035 3038 406010 lstrcpynA 3006->3038 3008 403f14 lstrlenA 3009 406032 17 API calls 3008->3009 3010 403f25 SetWindowTextA 3009->3010 3039 401389 3010->3039 3012 403f69 DestroyWindow 3014 403f83 CreateDialogParamA 3012->3014 3012->3023 3013->2978 3013->2979 3013->2984 3013->2992 3013->2996 3013->3012 3013->3016 3015 403fb6 3014->3015 3014->3023 3017 40409e 18 API calls 3015->3017 3018 403fc1 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3017->3018 3019 401389 2 API calls 3018->3019 3020 404007 3019->3020 3020->3016 3021 40400f ShowWindow 3020->3021 3022 4040ea SendMessageA 3021->3022 3022->3023 3023->2982 3023->3016 3025 406032 17 API calls 3024->3025 3026 4040a9 SetDlgItemTextA 3025->3026 3026->2968 3028 401389 2 API calls 3027->3028 3029 401420 3028->3029 3029->2959 3031 404102 3030->3031 3032 4040f3 SendMessageA 3030->3032 3031->3013 3032->3031 3033->3001 3034->3006 3036 406032 17 API calls 3035->3036 3037 403bb9 SetWindowTextA 3036->3037 3037->3006 3038->3008 3041 401390 3039->3041 3040 4013fe 3040->3013 3041->3040 3042 4013cb MulDiv SendMessageA 3041->3042 3042->3041 3044 404084 SendMessageA 3043->3044 3045 40407e 3043->3045 3044->2989 3045->3044 3047 4041c8 3046->3047 3048 40411d GetWindowLongA 3046->3048 3047->3016 3048->3047 3049 404132 3048->3049 3049->3047 3050 404162 3049->3050 3051 40415f GetSysColor 3049->3051 3052 404172 SetBkMode 3050->3052 3053 404168 SetTextColor 3050->3053 3051->3050 3054 404190 3052->3054 3055 40418a GetSysColor 3052->3055 3053->3052 3056 4041a1 3054->3056 3057 404197 SetBkColor 3054->3057 3055->3054 3056->3047 3058 4041b4 DeleteObject 3056->3058 3059 4041bb CreateBrushIndirect 3056->3059 3057->3056 3058->3059 3059->3047 3060 4014ca 3061 405137 24 API calls 3060->3061 3062 4014d1 3061->3062 3085 40254c 3095 402b6c 3085->3095 3088 402b0a 17 API calls 3089 40255f 3088->3089 3090 402586 RegEnumValueA 3089->3090 3091 40257a RegEnumKeyA 3089->3091 3093 402783 3089->3093 3092 40259b RegCloseKey 3090->3092 3091->3092 3092->3093 3096 402b2c 17 API calls 3095->3096 3097 402b83 3096->3097 3098 405e96 RegOpenKeyExA 3097->3098 3099 402556 3098->3099 3099->3088 3108 403753 3109 40376b 3108->3109 3110 40375d CloseHandle 3108->3110 3115 403798 3109->3115 3110->3109 3116 4037a6 3115->3116 3117 403770 3116->3117 3118 4037ab FreeLibrary GlobalFree 3116->3118 3119 4057d8 3117->3119 3118->3117 3118->3118 3156 405a96 3119->3156 3122 405800 DeleteFileA 3151 40377c 3122->3151 3123 405817 3126 405945 3123->3126 3170 406010 lstrcpynA 3123->3170 3125 40583d 3127 405850 3125->3127 3128 405843 lstrcatA 3125->3128 3126->3151 3188 406313 FindFirstFileA 3126->3188 3180 4059ef lstrlenA 3127->3180 3130 405856 3128->3130 3133 405864 lstrcatA 3130->3133 3134 40586f lstrlenA FindFirstFileA 3130->3134 3133->3134 3134->3126 3154 405893 3134->3154 3136 4059d3 CharNextA 3136->3154 3138 405790 5 API calls 3139 40597f 3138->3139 3140 405983 3139->3140 3141 405999 3139->3141 3146 405137 24 API calls 3140->3146 3140->3151 3142 405137 24 API calls 3141->3142 3142->3151 3143 405924 FindNextFileA 3145 40593c FindClose 3143->3145 3143->3154 3145->3126 3147 405990 3146->3147 3148 405def 36 API calls 3147->3148 3148->3151 3150 4057d8 60 API calls 3150->3154 3152 405137 24 API calls 3152->3143 3153 405137 24 API calls 3153->3154 3154->3136 3154->3143 3154->3150 3154->3152 3154->3153 3171 406010 lstrcpynA 3154->3171 3172 405790 3154->3172 3184 405def MoveFileExA 3154->3184 3194 406010 lstrcpynA 3156->3194 3158 405aa7 3195 405a41 CharNextA CharNextA 3158->3195 3161 4057f8 3161->3122 3161->3123 3162 40627a 5 API calls 3168 405abd 3162->3168 3163 405ae8 lstrlenA 3164 405af3 3163->3164 3163->3168 3166 4059a8 3 API calls 3164->3166 3165 406313 2 API calls 3165->3168 3167 405af8 GetFileAttributesA 3166->3167 3167->3161 3168->3161 3168->3163 3168->3165 3169 4059ef 2 API calls 3168->3169 3169->3163 3170->3125 3171->3154 3201 405b84 GetFileAttributesA 3172->3201 3175 4057bd 3175->3154 3176 4057b3 DeleteFileA 3178 4057b9 3176->3178 3177 4057ab RemoveDirectoryA 3177->3178 3178->3175 3179 4057c9 SetFileAttributesA 3178->3179 3179->3175 3181 4059fc 3180->3181 3182 405a01 CharPrevA 3181->3182 3183 405a0d 3181->3183 3182->3181 3182->3183 3183->3130 3185 405e10 3184->3185 3186 405e03 3184->3186 3185->3154 3204 405c7f 3186->3204 3189 405969 3188->3189 3190 406329 FindClose 3188->3190 3189->3151 3191 4059a8 lstrlenA CharPrevA 3189->3191 3190->3189 3192 4059c2 lstrcatA 3191->3192 3193 405973 3191->3193 3192->3193 3193->3138 3194->3158 3196 405a5c 3195->3196 3199 405a6c 3195->3199 3198 405a67 CharNextA 3196->3198 3196->3199 3197 405a8c 3197->3161 3197->3162 3198->3197 3199->3197 3200 4059d3 CharNextA 3199->3200 3200->3199 3202 40579c 3201->3202 3203 405b96 SetFileAttributesA 3201->3203 3202->3175 3202->3176 3202->3177 3203->3202 3205 405ca5 3204->3205 3206 405ccb GetShortPathNameA 3204->3206 3231 405ba9 GetFileAttributesA CreateFileA 3205->3231 3208 405ce0 3206->3208 3209 405dea 3206->3209 3208->3209 3211 405ce8 wsprintfA 3208->3211 3209->3185 3210 405caf CloseHandle GetShortPathNameA 3210->3209 3212 405cc3 3210->3212 3213 406032 17 API calls 3211->3213 3212->3206 3212->3209 3214 405d10 3213->3214 3232 405ba9 GetFileAttributesA CreateFileA 3214->3232 3216 405d1d 3216->3209 3217 405d2c GetFileSize GlobalAlloc 3216->3217 3218 405de3 CloseHandle 3217->3218 3219 405d4e 3217->3219 3218->3209 3233 405c21 ReadFile 3219->3233 3224 405d81 3226 405b0e 4 API calls 3224->3226 3225 405d6d lstrcpyA 3227 405d8f 3225->3227 3226->3227 3228 405dc6 SetFilePointer 3227->3228 3240 405c50 WriteFile 3228->3240 3231->3210 3232->3216 3234 405c3f 3233->3234 3234->3218 3235 405b0e lstrlenA 3234->3235 3236 405b4f lstrlenA 3235->3236 3237 405b57 3236->3237 3238 405b28 lstrcmpiA 3236->3238 3237->3224 3237->3225 3238->3237 3239 405b46 CharNextA 3238->3239 3239->3236 3241 405c6e GlobalFree 3240->3241 3241->3218 3837 4041d4 lstrcpynA lstrlenA 3245 4014d6 3246 402b0a 17 API calls 3245->3246 3247 4014dc Sleep 3246->3247 3249 4029b8 3247->3249 3250 401759 3251 402b2c 17 API calls 3250->3251 3252 401760 3251->3252 3253 401786 3252->3253 3254 40177e 3252->3254 3310 406010 lstrcpynA 3253->3310 3309 406010 lstrcpynA 3254->3309 3257 401791 3259 4059a8 3 API calls 3257->3259 3258 401784 3261 40627a 5 API calls 3258->3261 3260 401797 lstrcatA 3259->3260 3260->3258 3264 4017a3 3261->3264 3262 406313 2 API calls 3262->3264 3264->3262 3265 405b84 2 API calls 3264->3265 3266 4017ba CompareFileTime 3264->3266 3267 40187e 3264->3267 3268 401855 3264->3268 3271 406010 lstrcpynA 3264->3271 3276 406032 17 API calls 3264->3276 3288 405ba9 GetFileAttributesA CreateFileA 3264->3288 3311 40572c 3264->3311 3265->3264 3266->3264 3269 405137 24 API calls 3267->3269 3270 405137 24 API calls 3268->3270 3278 40186a 3268->3278 3272 401888 3269->3272 3270->3278 3271->3264 3289 402ffb 3272->3289 3275 4018af SetFileTime 3277 4018c1 FindCloseChangeNotification 3275->3277 3276->3264 3277->3278 3279 4018d2 3277->3279 3280 4018d7 3279->3280 3281 4018ea 3279->3281 3282 406032 17 API calls 3280->3282 3283 406032 17 API calls 3281->3283 3284 4018df lstrcatA 3282->3284 3285 4018f2 3283->3285 3284->3285 3287 40572c MessageBoxIndirectA 3285->3287 3287->3278 3288->3264 3290 403011 3289->3290 3291 40303f 3290->3291 3318 403223 SetFilePointer 3290->3318 3315 40320d 3291->3315 3295 4031a6 3297 4031e8 3295->3297 3302 4031aa 3295->3302 3296 40305c GetTickCount 3304 40189b 3296->3304 3306 4030ab 3296->3306 3299 40320d ReadFile 3297->3299 3298 40320d ReadFile 3298->3306 3299->3304 3300 40320d ReadFile 3300->3302 3301 405c50 WriteFile 3301->3302 3302->3300 3302->3301 3302->3304 3303 403101 GetTickCount 3303->3306 3304->3275 3304->3277 3305 403126 MulDiv wsprintfA 3307 405137 24 API calls 3305->3307 3306->3298 3306->3303 3306->3304 3306->3305 3308 405c50 WriteFile 3306->3308 3307->3306 3308->3306 3309->3258 3310->3257 3312 405741 3311->3312 3313 40578d 3312->3313 3314 405755 MessageBoxIndirectA 3312->3314 3313->3264 3314->3313 3316 405c21 ReadFile 3315->3316 3317 40304a 3316->3317 3317->3295 3317->3296 3317->3304 3318->3291 3838 401659 3839 402b2c 17 API calls 3838->3839 3840 40165f 3839->3840 3841 406313 2 API calls 3840->3841 3842 401665 3841->3842 3843 401959 3844 402b0a 17 API calls 3843->3844 3845 401960 3844->3845 3846 402b0a 17 API calls 3845->3846 3847 40196d 3846->3847 3848 402b2c 17 API calls 3847->3848 3849 401984 lstrlenA 3848->3849 3850 401994 3849->3850 3851 4019d4 3850->3851 3855 406010 lstrcpynA 3850->3855 3853 4019c4 3853->3851 3854 4019c9 lstrlenA 3853->3854 3854->3851 3855->3853 3319 4024da 3320 402b6c 17 API calls 3319->3320 3321 4024e4 3320->3321 3322 402b2c 17 API calls 3321->3322 3323 4024ed 3322->3323 3324 4024f7 RegQueryValueExA 3323->3324 3329 402783 3323->3329 3325 402517 3324->3325 3326 40251d RegCloseKey 3324->3326 3325->3326 3330 405f6e wsprintfA 3325->3330 3326->3329 3330->3326 3856 401cda 3857 402b0a 17 API calls 3856->3857 3858 401ce0 IsWindow 3857->3858 3859 401a0e 3858->3859 3860 402cdd 3861 402cec SetTimer 3860->3861 3863 402d05 3860->3863 3861->3863 3862 402d5a 3863->3862 3864 402d1f MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 3863->3864 3864->3862 3865 401a5e 3866 402b0a 17 API calls 3865->3866 3867 401a67 3866->3867 3868 402b0a 17 API calls 3867->3868 3869 401a0e 3868->3869 3331 401b63 3332 401b70 3331->3332 3333 401bb4 3331->3333 3334 40233b 3332->3334 3340 401b87 3332->3340 3335 401bb8 3333->3335 3336 401bdd GlobalAlloc 3333->3336 3338 406032 17 API calls 3334->3338 3341 401bf8 3335->3341 3352 406010 lstrcpynA 3335->3352 3337 406032 17 API calls 3336->3337 3337->3341 3339 402348 3338->3339 3345 40572c MessageBoxIndirectA 3339->3345 3350 406010 lstrcpynA 3340->3350 3344 401bca GlobalFree 3344->3341 3345->3341 3346 401b96 3351 406010 lstrcpynA 3346->3351 3348 401ba5 3353 406010 lstrcpynA 3348->3353 3350->3346 3351->3348 3352->3344 3353->3341 3870 401563 3871 402960 3870->3871 3874 405f6e wsprintfA 3871->3874 3873 402965 3874->3873 3875 402363 3876 402371 3875->3876 3877 40236b 3875->3877 3879 402b2c 17 API calls 3876->3879 3881 402381 3876->3881 3878 402b2c 17 API calls 3877->3878 3878->3876 3879->3881 3880 40238f 3883 402b2c 17 API calls 3880->3883 3881->3880 3882 402b2c 17 API calls 3881->3882 3882->3880 3884 402398 WritePrivateProfileStringA 3883->3884 3354 402765 3355 402b2c 17 API calls 3354->3355 3356 40276c FindFirstFileA 3355->3356 3357 40278f 3356->3357 3361 40277f 3356->3361 3362 405f6e wsprintfA 3357->3362 3359 402796 3363 406010 lstrcpynA 3359->3363 3362->3359 3363->3361 3364 4023e8 3365 40241a 3364->3365 3366 4023ef 3364->3366 3368 402b2c 17 API calls 3365->3368 3367 402b6c 17 API calls 3366->3367 3370 4023f6 3367->3370 3369 402421 3368->3369 3375 402bea 3369->3375 3372 402b2c 17 API calls 3370->3372 3373 40242e 3370->3373 3374 402407 RegDeleteValueA RegCloseKey 3372->3374 3374->3373 3376 402bf6 3375->3376 3377 402bfd 3375->3377 3376->3373 3377->3376 3379 402c2e 3377->3379 3380 405e96 RegOpenKeyExA 3379->3380 3381 402c5c 3380->3381 3382 402cd6 3381->3382 3384 402c60 3381->3384 3382->3376 3383 402c82 RegEnumKeyA 3383->3384 3385 402c99 RegCloseKey 3383->3385 3384->3383 3384->3385 3387 402cba RegCloseKey 3384->3387 3389 402c2e 6 API calls 3384->3389 3392 4063a8 GetModuleHandleA 3385->3392 3387->3382 3389->3384 3390 402cca RegDeleteKeyA 3390->3382 3391 402cad 3391->3382 3393 4063c4 3392->3393 3394 4063ce GetProcAddress 3392->3394 3398 40633a GetSystemDirectoryA 3393->3398 3396 402ca9 3394->3396 3396->3390 3396->3391 3397 4063ca 3397->3394 3397->3396 3400 40635c wsprintfA LoadLibraryExA 3398->3400 3400->3397 3885 4044e9 3886 4044f9 3885->3886 3887 40451f 3885->3887 3888 40409e 18 API calls 3886->3888 3889 404105 8 API calls 3887->3889 3890 404506 SetDlgItemTextA 3888->3890 3891 40452b 3889->3891 3890->3887 3401 40206a 3402 40207c 3401->3402 3411 40212a 3401->3411 3403 402b2c 17 API calls 3402->3403 3405 402083 3403->3405 3404 401423 24 API calls 3412 4022a9 3404->3412 3406 402b2c 17 API calls 3405->3406 3407 40208c 3406->3407 3408 4020a1 LoadLibraryExA 3407->3408 3409 402094 GetModuleHandleA 3407->3409 3410 4020b1 GetProcAddress 3408->3410 3408->3411 3409->3408 3409->3410 3413 4020c0 3410->3413 3414 4020fd 3410->3414 3411->3404 3417 4020d0 3413->3417 3419 401423 3413->3419 3415 405137 24 API calls 3414->3415 3415->3417 3417->3412 3418 40211e FreeLibrary 3417->3418 3418->3412 3420 405137 24 API calls 3419->3420 3421 401431 3420->3421 3421->3417 3892 40166a 3893 402b2c 17 API calls 3892->3893 3894 401671 3893->3894 3895 402b2c 17 API calls 3894->3895 3896 40167a 3895->3896 3897 402b2c 17 API calls 3896->3897 3898 401683 MoveFileA 3897->3898 3899 401696 3898->3899 3900 40168f 3898->3900 3901 406313 2 API calls 3899->3901 3904 4022a9 3899->3904 3902 401423 24 API calls 3900->3902 3903 4016a5 3901->3903 3902->3904 3903->3904 3905 405def 36 API calls 3903->3905 3905->3900 3906 4025ea 3907 402603 3906->3907 3908 4025ef 3906->3908 3909 402b2c 17 API calls 3907->3909 3910 402b0a 17 API calls 3908->3910 3911 40260a lstrlenA 3909->3911 3912 4025f8 3910->3912 3911->3912 3913 405c50 WriteFile 3912->3913 3914 40262c 3912->3914 3913->3914 3422 40326b SetErrorMode GetVersion 3423 4032ac 3422->3423 3424 4032b2 3422->3424 3425 4063a8 5 API calls 3423->3425 3426 40633a 3 API calls 3424->3426 3425->3424 3427 4032c8 lstrlenA 3426->3427 3427->3424 3428 4032d7 3427->3428 3429 4063a8 5 API calls 3428->3429 3430 4032de 3429->3430 3431 4063a8 5 API calls 3430->3431 3432 4032e5 3431->3432 3433 4063a8 5 API calls 3432->3433 3435 4032f1 #17 OleInitialize SHGetFileInfoA 3433->3435 3512 406010 lstrcpynA 3435->3512 3437 40333d GetCommandLineA 3513 406010 lstrcpynA 3437->3513 3439 40334f 3440 4059d3 CharNextA 3439->3440 3441 403378 CharNextA 3440->3441 3449 403388 3441->3449 3442 403452 3443 403465 GetTempPathA 3442->3443 3514 40323a 3443->3514 3445 40347d 3447 403481 GetWindowsDirectoryA lstrcatA 3445->3447 3448 4034d7 DeleteFileA 3445->3448 3446 4059d3 CharNextA 3446->3449 3450 40323a 12 API calls 3447->3450 3524 402dc4 GetTickCount GetModuleFileNameA 3448->3524 3449->3442 3449->3446 3453 403454 3449->3453 3452 40349d 3450->3452 3452->3448 3455 4034a1 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 3452->3455 3608 406010 lstrcpynA 3453->3608 3454 4034eb 3456 403585 ExitProcess OleUninitialize 3454->3456 3459 403571 3454->3459 3466 4059d3 CharNextA 3454->3466 3458 40323a 12 API calls 3455->3458 3460 4036b9 3456->3460 3461 40359b 3456->3461 3464 4034cf 3458->3464 3552 40382d 3459->3552 3462 4036c1 GetCurrentProcess OpenProcessToken 3460->3462 3463 40373b ExitProcess 3460->3463 3467 40572c MessageBoxIndirectA 3461->3467 3468 40370c 3462->3468 3469 4036dc LookupPrivilegeValueA AdjustTokenPrivileges 3462->3469 3464->3448 3464->3456 3471 403506 3466->3471 3473 4035a9 ExitProcess 3467->3473 3474 4063a8 5 API calls 3468->3474 3469->3468 3470 403581 3470->3456 3475 4035b1 3471->3475 3476 40354c 3471->3476 3477 403713 3474->3477 3611 405697 3475->3611 3479 405a96 18 API calls 3476->3479 3480 403728 ExitWindowsEx 3477->3480 3483 403734 3477->3483 3482 403557 3479->3482 3480->3463 3480->3483 3482->3456 3609 406010 lstrcpynA 3482->3609 3486 40140b 2 API calls 3483->3486 3484 4035d2 lstrcatA lstrcmpiA 3484->3456 3487 4035ee 3484->3487 3485 4035c7 lstrcatA 3485->3484 3486->3463 3489 4035f3 3487->3489 3490 4035fa 3487->3490 3614 4055fd CreateDirectoryA 3489->3614 3619 40567a CreateDirectoryA 3490->3619 3491 403566 3610 406010 lstrcpynA 3491->3610 3496 4035ff SetCurrentDirectoryA 3497 403619 3496->3497 3498 40360e 3496->3498 3623 406010 lstrcpynA 3497->3623 3622 406010 lstrcpynA 3498->3622 3501 406032 17 API calls 3502 403658 DeleteFileA 3501->3502 3503 403665 CopyFileA 3502->3503 3509 403627 3502->3509 3503->3509 3504 4036ad 3506 405def 36 API calls 3504->3506 3505 405def 36 API calls 3505->3509 3507 4036b4 3506->3507 3507->3456 3508 406032 17 API calls 3508->3509 3509->3501 3509->3504 3509->3505 3509->3508 3510 4056af 2 API calls 3509->3510 3511 403699 CloseHandle 3509->3511 3510->3509 3511->3509 3512->3437 3513->3439 3515 40627a 5 API calls 3514->3515 3516 403246 3515->3516 3517 403250 3516->3517 3518 4059a8 3 API calls 3516->3518 3517->3445 3519 403258 3518->3519 3520 40567a 2 API calls 3519->3520 3521 40325e 3520->3521 3522 405bd8 2 API calls 3521->3522 3523 403269 3522->3523 3523->3445 3624 405ba9 GetFileAttributesA CreateFileA 3524->3624 3526 402e04 3547 402e14 3526->3547 3625 406010 lstrcpynA 3526->3625 3528 402e2a 3529 4059ef 2 API calls 3528->3529 3530 402e30 3529->3530 3626 406010 lstrcpynA 3530->3626 3532 402e3b GetFileSize 3533 402f35 3532->3533 3545 402e52 3532->3545 3627 402d60 3533->3627 3535 402f3e 3537 402f6e GlobalAlloc 3535->3537 3535->3547 3639 403223 SetFilePointer 3535->3639 3536 40320d ReadFile 3536->3545 3638 403223 SetFilePointer 3537->3638 3539 402fa1 3543 402d60 6 API calls 3539->3543 3541 402f57 3544 40320d ReadFile 3541->3544 3542 402f89 3546 402ffb 31 API calls 3542->3546 3543->3547 3548 402f62 3544->3548 3545->3533 3545->3536 3545->3539 3545->3547 3549 402d60 6 API calls 3545->3549 3550 402f95 3546->3550 3547->3454 3548->3537 3548->3547 3549->3545 3550->3547 3550->3550 3551 402fd2 SetFilePointer 3550->3551 3551->3547 3553 4063a8 5 API calls 3552->3553 3554 403841 3553->3554 3555 403847 3554->3555 3556 403859 3554->3556 3655 405f6e wsprintfA 3555->3655 3557 405ef7 3 API calls 3556->3557 3558 403884 3557->3558 3560 4038a2 lstrcatA 3558->3560 3562 405ef7 3 API calls 3558->3562 3561 403857 3560->3561 3640 403af2 3561->3640 3562->3560 3565 405a96 18 API calls 3566 4038d4 3565->3566 3567 40395d 3566->3567 3569 405ef7 3 API calls 3566->3569 3568 405a96 18 API calls 3567->3568 3570 403963 3568->3570 3571 403900 3569->3571 3572 403973 LoadImageA 3570->3572 3573 406032 17 API calls 3570->3573 3571->3567 3576 40391c lstrlenA 3571->3576 3580 4059d3 CharNextA 3571->3580 3574 403a19 3572->3574 3575 40399a RegisterClassA 3572->3575 3573->3572 3579 40140b 2 API calls 3574->3579 3577 4039d0 SystemParametersInfoA CreateWindowExA 3575->3577 3578 403a23 3575->3578 3581 403950 3576->3581 3582 40392a lstrcmpiA 3576->3582 3577->3574 3578->3470 3583 403a1f 3579->3583 3584 40391a 3580->3584 3586 4059a8 3 API calls 3581->3586 3582->3581 3585 40393a GetFileAttributesA 3582->3585 3583->3578 3588 403af2 18 API calls 3583->3588 3584->3576 3587 403946 3585->3587 3589 403956 3586->3589 3587->3581 3591 4059ef 2 API calls 3587->3591 3592 403a30 3588->3592 3656 406010 lstrcpynA 3589->3656 3591->3581 3593 403a3c ShowWindow 3592->3593 3594 403abf 3592->3594 3595 40633a 3 API calls 3593->3595 3648 405209 OleInitialize 3594->3648 3597 403a54 3595->3597 3599 403a62 GetClassInfoA 3597->3599 3602 40633a 3 API calls 3597->3602 3598 403ac5 3600 403ae1 3598->3600 3601 403ac9 3598->3601 3604 403a76 GetClassInfoA RegisterClassA 3599->3604 3605 403a8c DialogBoxParamA 3599->3605 3603 40140b 2 API calls 3600->3603 3601->3578 3606 40140b 2 API calls 3601->3606 3602->3599 3603->3578 3604->3605 3607 40140b 2 API calls 3605->3607 3606->3578 3607->3578 3608->3443 3609->3491 3610->3459 3612 4063a8 5 API calls 3611->3612 3613 4035b6 lstrcatA 3612->3613 3613->3484 3613->3485 3615 4035f8 3614->3615 3616 40564e GetLastError 3614->3616 3615->3496 3616->3615 3617 40565d SetFileSecurityA 3616->3617 3617->3615 3618 405673 GetLastError 3617->3618 3618->3615 3620 40568a 3619->3620 3621 40568e GetLastError 3619->3621 3620->3496 3621->3620 3622->3497 3623->3509 3624->3526 3625->3528 3626->3532 3628 402d81 3627->3628 3629 402d69 3627->3629 3632 402d91 GetTickCount 3628->3632 3633 402d89 3628->3633 3630 402d72 DestroyWindow 3629->3630 3631 402d79 3629->3631 3630->3631 3631->3535 3634 402dc2 3632->3634 3635 402d9f CreateDialogParamA ShowWindow 3632->3635 3636 4063e4 2 API calls 3633->3636 3634->3535 3635->3634 3637 402d8f 3636->3637 3637->3535 3638->3542 3639->3541 3641 403b06 3640->3641 3657 405f6e wsprintfA 3641->3657 3643 403b77 3644 403bab 18 API calls 3643->3644 3646 403b7c 3644->3646 3645 4038b2 3645->3565 3646->3645 3647 406032 17 API calls 3646->3647 3647->3646 3649 4040ea SendMessageA 3648->3649 3652 40522c 3649->3652 3650 405253 3651 4040ea SendMessageA 3650->3651 3653 405265 OleUninitialize 3651->3653 3652->3650 3654 401389 2 API calls 3652->3654 3653->3598 3654->3652 3655->3561 3656->3567 3657->3643 3915 4037eb 3916 4037f6 3915->3916 3917 4037fa 3916->3917 3918 4037fd GlobalAlloc 3916->3918 3918->3917 3919 4019ed 3920 402b2c 17 API calls 3919->3920 3921 4019f4 3920->3921 3922 402b2c 17 API calls 3921->3922 3923 4019fd 3922->3923 3924 401a04 lstrcmpiA 3923->3924 3925 401a16 lstrcmpA 3923->3925 3926 401a0a 3924->3926 3925->3926 3658 4026ef 3659 4026f6 3658->3659 3662 402965 3658->3662 3660 402b0a 17 API calls 3659->3660 3661 4026fd 3660->3661 3663 40270c SetFilePointer 3661->3663 3663->3662 3664 40271c 3663->3664 3666 405f6e wsprintfA 3664->3666 3666->3662 3927 40156f 3928 401586 3927->3928 3929 40157f ShowWindow 3927->3929 3930 401594 ShowWindow 3928->3930 3931 4029b8 3928->3931 3929->3928 3930->3931 3932 4014f4 SetForegroundWindow 3933 4029b8 3932->3933 3673 405275 3674 405420 3673->3674 3675 405297 GetDlgItem GetDlgItem GetDlgItem 3673->3675 3677 405450 3674->3677 3678 405428 GetDlgItem CreateThread FindCloseChangeNotification 3674->3678 3718 4040d3 SendMessageA 3675->3718 3680 40547e 3677->3680 3681 405466 ShowWindow ShowWindow 3677->3681 3682 40549f 3677->3682 3678->3677 3721 405209 5 API calls 3678->3721 3679 405307 3687 40530e GetClientRect GetSystemMetrics SendMessageA SendMessageA 3679->3687 3684 4054b2 ShowWindow 3680->3684 3685 40548e 3680->3685 3688 4054d9 3680->3688 3720 4040d3 SendMessageA 3681->3720 3686 404105 8 API calls 3682->3686 3691 4054d2 3684->3691 3692 4054c4 3684->3692 3689 404077 SendMessageA 3685->3689 3690 4054ab 3686->3690 3693 405360 SendMessageA SendMessageA 3687->3693 3694 40537c 3687->3694 3688->3682 3695 4054e6 SendMessageA 3688->3695 3689->3682 3700 404077 SendMessageA 3691->3700 3699 405137 24 API calls 3692->3699 3693->3694 3696 405381 SendMessageA 3694->3696 3697 40538f 3694->3697 3695->3690 3698 4054ff CreatePopupMenu 3695->3698 3696->3697 3702 40409e 18 API calls 3697->3702 3701 406032 17 API calls 3698->3701 3699->3691 3700->3688 3703 40550f AppendMenuA 3701->3703 3704 40539f 3702->3704 3705 405540 TrackPopupMenu 3703->3705 3706 40552d GetWindowRect 3703->3706 3707 4053a8 ShowWindow 3704->3707 3708 4053dc GetDlgItem SendMessageA 3704->3708 3705->3690 3709 40555c 3705->3709 3706->3705 3710 4053cb 3707->3710 3711 4053be ShowWindow 3707->3711 3708->3690 3712 405403 SendMessageA SendMessageA 3708->3712 3713 40557b SendMessageA 3709->3713 3719 4040d3 SendMessageA 3710->3719 3711->3710 3712->3690 3713->3713 3714 405598 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3713->3714 3716 4055ba SendMessageA 3714->3716 3716->3716 3717 4055dc GlobalUnlock SetClipboardData CloseClipboard 3716->3717 3717->3690 3718->3679 3719->3708 3720->3680 3934 401cfb 3935 402b0a 17 API calls 3934->3935 3936 401d02 3935->3936 3937 402b0a 17 API calls 3936->3937 3938 401d0e GetDlgItem 3937->3938 3939 4025e4 3938->3939 3940 4018fd 3941 401934 3940->3941 3942 402b2c 17 API calls 3941->3942 3943 401939 3942->3943 3944 4057d8 67 API calls 3943->3944 3945 401942 3944->3945 3946 401dff GetDC 3947 402b0a 17 API calls 3946->3947 3948 401e11 GetDeviceCaps MulDiv ReleaseDC 3947->3948 3949 402b0a 17 API calls 3948->3949 3950 401e42 3949->3950 3951 406032 17 API calls 3950->3951 3952 401e7f CreateFontIndirectA 3951->3952 3953 4025e4 3952->3953 3954 401000 3955 401037 BeginPaint GetClientRect 3954->3955 3956 40100c DefWindowProcA 3954->3956 3958 4010f3 3955->3958 3959 401179 3956->3959 3960 401073 CreateBrushIndirect FillRect DeleteObject 3958->3960 3961 4010fc 3958->3961 3960->3958 3962 401102 CreateFontIndirectA 3961->3962 3963 401167 EndPaint 3961->3963 3962->3963 3964 401112 6 API calls 3962->3964 3963->3959 3964->3963 3965 401900 3966 402b2c 17 API calls 3965->3966 3967 401907 3966->3967 3968 40572c MessageBoxIndirectA 3967->3968 3969 401910 3968->3969 3970 404881 3971 404891 3970->3971 3972 4048ad 3970->3972 3981 405710 GetDlgItemTextA 3971->3981 3974 4048e0 3972->3974 3975 4048b3 SHGetPathFromIDListA 3972->3975 3977 4048c3 3975->3977 3980 4048ca SendMessageA 3975->3980 3976 40489e SendMessageA 3976->3972 3979 40140b 2 API calls 3977->3979 3979->3980 3980->3974 3981->3976 3982 401502 3983 40150a 3982->3983 3985 40151d 3982->3985 3984 402b0a 17 API calls 3983->3984 3984->3985 3986 404209 3987 40421f 3986->3987 3988 40432b 3986->3988 3990 40409e 18 API calls 3987->3990 3989 40439a 3988->3989 3991 404464 3988->3991 3996 40436f GetDlgItem SendMessageA 3988->3996 3989->3991 3992 4043a4 GetDlgItem 3989->3992 3993 404275 3990->3993 3998 404105 8 API calls 3991->3998 3994 404422 3992->3994 3995 4043ba 3992->3995 3997 40409e 18 API calls 3993->3997 3994->3991 4003 404434 3994->4003 3995->3994 4002 4043e0 SendMessageA LoadCursorA SetCursor 3995->4002 4019 4040c0 KiUserCallbackDispatcher 3996->4019 4000 404282 CheckDlgButton 3997->4000 4001 40445f 3998->4001 4017 4040c0 KiUserCallbackDispatcher 4000->4017 4023 4044ad 4002->4023 4007 40443a SendMessageA 4003->4007 4008 40444b 4003->4008 4004 404395 4020 404489 4004->4020 4007->4008 4008->4001 4009 404451 SendMessageA 4008->4009 4009->4001 4011 4042a0 GetDlgItem 4018 4040d3 SendMessageA 4011->4018 4014 4042b6 SendMessageA 4015 4042d4 GetSysColor 4014->4015 4016 4042dd SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 4014->4016 4015->4016 4016->4001 4017->4011 4018->4014 4019->4004 4021 404497 4020->4021 4022 40449c SendMessageA 4020->4022 4021->4022 4022->3989 4026 4056f2 ShellExecuteExA 4023->4026 4025 404413 LoadCursorA SetCursor 4025->3994 4026->4025 3063 401c0a 3064 402b0a 17 API calls 3063->3064 3065 401c11 3064->3065 3066 402b0a 17 API calls 3065->3066 3067 401c1e 3066->3067 3068 401c33 3067->3068 3070 402b2c 17 API calls 3067->3070 3069 401c43 3068->3069 3071 402b2c 17 API calls 3068->3071 3072 401c9a 3069->3072 3073 401c4e 3069->3073 3070->3068 3071->3069 3075 402b2c 17 API calls 3072->3075 3074 402b0a 17 API calls 3073->3074 3076 401c53 3074->3076 3077 401c9f 3075->3077 3078 402b0a 17 API calls 3076->3078 3079 402b2c 17 API calls 3077->3079 3081 401c5f 3078->3081 3080 401ca8 FindWindowExA 3079->3080 3084 401cc6 3080->3084 3082 401c8a SendMessageA 3081->3082 3083 401c6c SendMessageTimeoutA 3081->3083 3082->3084 3083->3084 3100 401e8f 3101 402b0a 17 API calls 3100->3101 3102 401e95 3101->3102 3103 402b0a 17 API calls 3102->3103 3104 401ea1 3103->3104 3105 401eb8 EnableWindow 3104->3105 3106 401ead ShowWindow 3104->3106 3107 4029b8 3105->3107 3106->3107 4027 401490 4028 405137 24 API calls 4027->4028 4029 401497 4028->4029 3242 402993 SendMessageA 3243 4029b8 3242->3243 3244 4029ad InvalidateRect 3242->3244 3244->3243 4030 401f98 4031 402b2c 17 API calls 4030->4031 4032 401f9f 4031->4032 4033 406313 2 API calls 4032->4033 4034 401fa5 4033->4034 4036 401fb7 4034->4036 4037 405f6e wsprintfA 4034->4037 4037->4036 4038 40149d 4039 4014ab PostQuitMessage 4038->4039 4040 40234e 4038->4040 4039->4040 4041 40159d 4042 402b2c 17 API calls 4041->4042 4043 4015a4 SetFileAttributesA 4042->4043 4044 4015b6 4043->4044 4045 401a1e 4046 402b2c 17 API calls 4045->4046 4047 401a27 ExpandEnvironmentStringsA 4046->4047 4048 401a3b 4047->4048 4050 401a4e 4047->4050 4049 401a40 lstrcmpA 4048->4049 4048->4050 4049->4050 4056 40171f 4057 402b2c 17 API calls 4056->4057 4058 401726 SearchPathA 4057->4058 4059 401741 4058->4059 4060 401d20 4061 402b0a 17 API calls 4060->4061 4062 401d2e SetWindowLongA 4061->4062 4063 4029b8 4062->4063 4064 402721 4065 402727 4064->4065 4066 4029b8 4065->4066 4067 40272f FindClose 4065->4067 4067->4066 4068 404aa3 GetDlgItem GetDlgItem 4069 404d20 4068->4069 4070 404af9 7 API calls 4068->4070 4075 404e02 4069->4075 4102 404d8f 4069->4102 4121 4049f1 SendMessageA 4069->4121 4071 404ba1 DeleteObject 4070->4071 4072 404b95 SendMessageA 4070->4072 4073 404bac 4071->4073 4072->4071 4074 404be3 4073->4074 4076 406032 17 API calls 4073->4076 4077 40409e 18 API calls 4074->4077 4078 404eae 4075->4078 4083 404d13 4075->4083 4087 404e5b SendMessageA 4075->4087 4081 404bc5 SendMessageA SendMessageA 4076->4081 4082 404bf7 4077->4082 4079 404ec0 4078->4079 4080 404eb8 SendMessageA 4078->4080 4090 404ed2 ImageList_Destroy 4079->4090 4091 404ed9 4079->4091 4098 404ee9 4079->4098 4080->4079 4081->4073 4086 40409e 18 API calls 4082->4086 4088 404105 8 API calls 4083->4088 4084 404df4 SendMessageA 4084->4075 4103 404c08 4086->4103 4087->4083 4093 404e70 SendMessageA 4087->4093 4089 4050a4 4088->4089 4090->4091 4094 404ee2 GlobalFree 4091->4094 4091->4098 4092 405058 4092->4083 4099 40506a ShowWindow GetDlgItem ShowWindow 4092->4099 4096 404e83 4093->4096 4094->4098 4095 404ce2 GetWindowLongA SetWindowLongA 4097 404cfb 4095->4097 4108 404e94 SendMessageA 4096->4108 4100 404d00 ShowWindow 4097->4100 4101 404d18 4097->4101 4098->4092 4115 404f24 4098->4115 4126 404a71 4098->4126 4099->4083 4119 4040d3 SendMessageA 4100->4119 4120 4040d3 SendMessageA 4101->4120 4102->4075 4102->4084 4103->4095 4104 404cdd 4103->4104 4107 404c5a SendMessageA 4103->4107 4109 404c98 SendMessageA 4103->4109 4110 404cac SendMessageA 4103->4110 4104->4095 4104->4097 4107->4103 4108->4078 4109->4103 4110->4103 4112 40502e InvalidateRect 4112->4092 4113 405044 4112->4113 4135 4049ac 4113->4135 4114 404f52 SendMessageA 4118 404f68 4114->4118 4115->4114 4115->4118 4117 404fdc SendMessageA SendMessageA 4117->4118 4118->4112 4118->4117 4119->4083 4120->4069 4122 404a50 SendMessageA 4121->4122 4123 404a14 GetMessagePos ScreenToClient SendMessageA 4121->4123 4124 404a48 4122->4124 4123->4124 4125 404a4d 4123->4125 4124->4102 4125->4122 4138 406010 lstrcpynA 4126->4138 4128 404a84 4139 405f6e wsprintfA 4128->4139 4130 404a8e 4131 40140b 2 API calls 4130->4131 4132 404a97 4131->4132 4140 406010 lstrcpynA 4132->4140 4134 404a9e 4134->4115 4141 4048e7 4135->4141 4137 4049c1 4137->4092 4138->4128 4139->4130 4140->4134 4142 4048fd 4141->4142 4143 406032 17 API calls 4142->4143 4144 404961 4143->4144 4145 406032 17 API calls 4144->4145 4146 40496c 4145->4146 4147 406032 17 API calls 4146->4147 4148 404982 lstrlenA wsprintfA SetDlgItemTextA 4147->4148 4148->4137 4149 4027a3 4150 402b2c 17 API calls 4149->4150 4151 4027b1 4150->4151 4152 4027c7 4151->4152 4153 402b2c 17 API calls 4151->4153 4154 405b84 2 API calls 4152->4154 4153->4152 4155 4027cd 4154->4155 4177 405ba9 GetFileAttributesA CreateFileA 4155->4177 4157 4027da 4158 4027e6 GlobalAlloc 4157->4158 4159 40287d 4157->4159 4162 402874 CloseHandle 4158->4162 4163 4027ff 4158->4163 4160 402885 DeleteFileA 4159->4160 4161 402898 4159->4161 4160->4161 4162->4159 4178 403223 SetFilePointer 4163->4178 4165 402805 4166 40320d ReadFile 4165->4166 4167 40280e GlobalAlloc 4166->4167 4168 402852 4167->4168 4169 40281e 4167->4169 4171 405c50 WriteFile 4168->4171 4170 402ffb 31 API calls 4169->4170 4176 40282b 4170->4176 4172 40285e GlobalFree 4171->4172 4173 402ffb 31 API calls 4172->4173 4175 402871 4173->4175 4174 402849 GlobalFree 4174->4168 4175->4162 4176->4174 4177->4157 4178->4165 4179 4023a7 4180 402b2c 17 API calls 4179->4180 4181 4023b8 4180->4181 4182 402b2c 17 API calls 4181->4182 4183 4023c1 4182->4183 4184 402b2c 17 API calls 4183->4184 4185 4023cb GetPrivateProfileStringA 4184->4185 4186 4050ab 4187 4050bb 4186->4187 4188 4050cf 4186->4188 4189 4050c1 4187->4189 4190 405118 4187->4190 4191 4050d7 IsWindowVisible 4188->4191 4197 4050ee 4188->4197 4192 4040ea SendMessageA 4189->4192 4194 40511d CallWindowProcA 4190->4194 4191->4190 4193 4050e4 4191->4193 4195 4050cb 4192->4195 4196 4049f1 5 API calls 4193->4196 4194->4195 4196->4197 4197->4194 4198 404a71 4 API calls 4197->4198 4198->4190 4199 40292c 4200 402b0a 17 API calls 4199->4200 4201 402932 4200->4201 4202 402967 4201->4202 4203 402783 4201->4203 4205 402944 4201->4205 4202->4203 4204 406032 17 API calls 4202->4204 4204->4203 4205->4203 4207 405f6e wsprintfA 4205->4207 4207->4203 4208 404530 4209 40455c 4208->4209 4210 40456d 4208->4210 4269 405710 GetDlgItemTextA 4209->4269 4212 404579 GetDlgItem 4210->4212 4219 4045d8 4210->4219 4213 40458d 4212->4213 4217 4045a1 SetWindowTextA 4213->4217 4222 405a41 4 API calls 4213->4222 4214 4046bc 4218 404866 4214->4218 4271 405710 GetDlgItemTextA 4214->4271 4215 404567 4216 40627a 5 API calls 4215->4216 4216->4210 4223 40409e 18 API calls 4217->4223 4221 404105 8 API calls 4218->4221 4219->4214 4219->4218 4224 406032 17 API calls 4219->4224 4226 40487a 4221->4226 4227 404597 4222->4227 4228 4045bd 4223->4228 4229 40464c SHBrowseForFolderA 4224->4229 4225 4046ec 4230 405a96 18 API calls 4225->4230 4227->4217 4234 4059a8 3 API calls 4227->4234 4231 40409e 18 API calls 4228->4231 4229->4214 4232 404664 CoTaskMemFree 4229->4232 4233 4046f2 4230->4233 4235 4045cb 4231->4235 4236 4059a8 3 API calls 4232->4236 4272 406010 lstrcpynA 4233->4272 4234->4217 4270 4040d3 SendMessageA 4235->4270 4238 404671 4236->4238 4241 4046a8 SetDlgItemTextA 4238->4241 4245 406032 17 API calls 4238->4245 4240 4045d1 4243 4063a8 5 API calls 4240->4243 4241->4214 4242 404709 4244 4063a8 5 API calls 4242->4244 4243->4219 4251 404710 4244->4251 4246 404690 lstrcmpiA 4245->4246 4246->4241 4248 4046a1 lstrcatA 4246->4248 4247 40474c 4273 406010 lstrcpynA 4247->4273 4248->4241 4250 404753 4252 405a41 4 API calls 4250->4252 4251->4247 4256 4059ef 2 API calls 4251->4256 4257 4047a4 4251->4257 4253 404759 GetDiskFreeSpaceA 4252->4253 4255 40477d MulDiv 4253->4255 4253->4257 4255->4257 4256->4251 4258 404815 4257->4258 4260 4049ac 20 API calls 4257->4260 4259 404838 4258->4259 4261 40140b 2 API calls 4258->4261 4274 4040c0 KiUserCallbackDispatcher 4259->4274 4262 404802 4260->4262 4261->4259 4264 404817 SetDlgItemTextA 4262->4264 4265 404807 4262->4265 4264->4258 4266 4048e7 20 API calls 4265->4266 4266->4258 4267 404854 4267->4218 4268 404489 SendMessageA 4267->4268 4268->4218 4269->4215 4270->4240 4271->4225 4272->4242 4273->4250 4274->4267 4275 402631 4276 402b0a 17 API calls 4275->4276 4280 40263b 4276->4280 4277 4026a9 4278 405c21 ReadFile 4278->4280 4279 4026ab 4284 405f6e wsprintfA 4279->4284 4280->4277 4280->4278 4280->4279 4281 4026bb 4280->4281 4281->4277 4283 4026d1 SetFilePointer 4281->4283 4283->4277 4284->4277 4285 4022b2 4286 402b2c 17 API calls 4285->4286 4287 4022b8 4286->4287 4288 402b2c 17 API calls 4287->4288 4289 4022c1 4288->4289 4290 402b2c 17 API calls 4289->4290 4291 4022ca 4290->4291 4292 406313 2 API calls 4291->4292 4293 4022d3 4292->4293 4294 4022e4 lstrlenA lstrlenA 4293->4294 4298 4022d7 4293->4298 4296 405137 24 API calls 4294->4296 4295 405137 24 API calls 4299 4022df 4295->4299 4297 402320 SHFileOperationA 4296->4297 4297->4298 4297->4299 4298->4295 4298->4299 4300 402334 4301 40233b 4300->4301 4304 40234e 4300->4304 4302 406032 17 API calls 4301->4302 4303 402348 4302->4303 4305 40572c MessageBoxIndirectA 4303->4305 4305->4304 4306 4014b7 4307 4014bd 4306->4307 4308 401389 2 API calls 4307->4308 4309 4014c5 4308->4309 3722 402138 3723 402b2c 17 API calls 3722->3723 3724 40213f 3723->3724 3725 402b2c 17 API calls 3724->3725 3726 402149 3725->3726 3727 402b2c 17 API calls 3726->3727 3728 402153 3727->3728 3729 402b2c 17 API calls 3728->3729 3730 40215d 3729->3730 3731 402b2c 17 API calls 3730->3731 3732 402167 3731->3732 3733 4021a9 CoCreateInstance 3732->3733 3734 402b2c 17 API calls 3732->3734 3737 4021c8 3733->3737 3739 402273 3733->3739 3734->3733 3735 401423 24 API calls 3736 4022a9 3735->3736 3738 402253 MultiByteToWideChar 3737->3738 3737->3739 3738->3739 3739->3735 3739->3736 3740 4015bb 3741 402b2c 17 API calls 3740->3741 3742 4015c2 3741->3742 3743 405a41 4 API calls 3742->3743 3758 4015ca 3743->3758 3744 401624 3746 401652 3744->3746 3747 401629 3744->3747 3745 4059d3 CharNextA 3745->3758 3749 401423 24 API calls 3746->3749 3748 401423 24 API calls 3747->3748 3750 401630 3748->3750 3755 40164a 3749->3755 3759 406010 lstrcpynA 3750->3759 3751 40567a 2 API calls 3751->3758 3753 405697 5 API calls 3753->3758 3754 40163b SetCurrentDirectoryA 3754->3755 3756 40160c GetFileAttributesA 3756->3758 3757 4055fd 4 API calls 3757->3758 3758->3744 3758->3745 3758->3751 3758->3753 3758->3756 3758->3757 3759->3754 3760 40273b 3761 402741 3760->3761 3762 402745 FindNextFileA 3761->3762 3765 402757 3761->3765 3763 402796 3762->3763 3762->3765 3766 406010 lstrcpynA 3763->3766 3766->3765 4310 4016bb 4311 402b2c 17 API calls 4310->4311 4312 4016c1 GetFullPathNameA 4311->4312 4313 4016d8 4312->4313 4319 4016f9 4312->4319 4316 406313 2 API calls 4313->4316 4313->4319 4314 4029b8 4315 40170d GetShortPathNameA 4315->4314 4317 4016e9 4316->4317 4317->4319 4320 406010 lstrcpynA 4317->4320 4319->4314 4319->4315 4320->4319 3767 40243d 3768 402b2c 17 API calls 3767->3768 3769 40244f 3768->3769 3770 402b2c 17 API calls 3769->3770 3771 402459 3770->3771 3784 402bbc 3771->3784 3774 40248e 3775 40249a 3774->3775 3777 402b0a 17 API calls 3774->3777 3778 4024b9 RegSetValueExA 3775->3778 3780 402ffb 31 API calls 3775->3780 3776 402b2c 17 API calls 3779 402487 lstrlenA 3776->3779 3777->3775 3781 4024cf RegCloseKey 3778->3781 3779->3774 3780->3778 3783 402783 3781->3783 3785 402bd7 3784->3785 3788 405ec4 3785->3788 3789 405ed3 3788->3789 3790 402469 3789->3790 3791 405ede RegCreateKeyExA 3789->3791 3790->3774 3790->3776 3790->3783 3791->3790 4321 401b3f 4322 402b2c 17 API calls 4321->4322 4323 401b46 4322->4323 4324 402b0a 17 API calls 4323->4324 4325 401b4f wsprintfA 4324->4325 4326 4029b8 4325->4326

                                                                                                                                                Executed Functions

                                                                                                                                                Function 0040326B Relevance: 93.1, APIs: 33, Strings: 20, Instructions: 366stringcomfileCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 0 40326b-4032aa SetErrorMode GetVersion 1 4032ac-4032b4 call 4063a8 0->1 2 4032bd 0->2 1->2 8 4032b6 1->8 4 4032c2-4032d5 call 40633a lstrlenA 2->4 9 4032d7-4032f3 call 4063a8 * 3 4->9 8->2 16 403304-403362 #17 OleInitialize SHGetFileInfoA call 406010 GetCommandLineA call 406010 9->16 17 4032f5-4032fb 9->17 24 403364-403369 16->24 25 40336e-403383 call 4059d3 CharNextA 16->25 17->16 22 4032fd 17->22 22->16 24->25 28 403448-40344c 25->28 29 403452 28->29 30 403388-40338b 28->30 33 403465-40347f GetTempPathA call 40323a 29->33 31 403393-40339b 30->31 32 40338d-403391 30->32 34 4033a3-4033a6 31->34 35 40339d-40339e 31->35 32->31 32->32 43 403481-40349f GetWindowsDirectoryA lstrcatA call 40323a 33->43 44 4034d7-4034f1 DeleteFileA call 402dc4 33->44 37 403438-403445 call 4059d3 34->37 38 4033ac-4033b0 34->38 35->34 37->28 56 403447 37->56 41 4033b2-4033b8 38->41 42 4033c8-4033f5 38->42 50 4033ba-4033bc 41->50 51 4033be 41->51 45 4033f7-4033fd 42->45 46 403408-403436 42->46 43->44 58 4034a1-4034d1 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 40323a 43->58 59 403585-403595 ExitProcess OleUninitialize 44->59 60 4034f7-4034fd 44->60 52 403403 45->52 53 4033ff-403401 45->53 46->37 55 403454-403460 call 406010 46->55 50->42 50->51 51->42 52->46 53->46 53->52 55->33 56->28 58->44 58->59 65 4036b9-4036bf 59->65 66 40359b-4035ab call 40572c ExitProcess 59->66 63 403575-40357c call 40382d 60->63 64 4034ff-40350a call 4059d3 60->64 75 403581 63->75 81 403540-40354a 64->81 82 40350c-403535 64->82 67 4036c1-4036da GetCurrentProcess OpenProcessToken 65->67 68 40373b-403743 65->68 73 40370c-40371a call 4063a8 67->73 74 4036dc-403706 LookupPrivilegeValueA AdjustTokenPrivileges 67->74 77 403745 68->77 78 403749-40374d ExitProcess 68->78 89 403728-403732 ExitWindowsEx 73->89 90 40371c-403726 73->90 74->73 75->59 77->78 83 4035b1-4035c5 call 405697 lstrcatA 81->83 84 40354c-403559 call 405a96 81->84 86 403537-403539 82->86 95 4035d2-4035ec lstrcatA lstrcmpiA 83->95 96 4035c7-4035cd lstrcatA 83->96 84->59 97 40355b-403571 call 406010 * 2 84->97 86->81 91 40353b-40353e 86->91 89->68 94 403734-403736 call 40140b 89->94 90->89 90->94 91->81 91->86 94->68 95->59 100 4035ee-4035f1 95->100 96->95 97->63 102 4035f3-4035f8 call 4055fd 100->102 103 4035fa call 40567a 100->103 110 4035ff-40360c SetCurrentDirectoryA 102->110 103->110 111 403619-403641 call 406010 110->111 112 40360e-403614 call 406010 110->112 116 403647-403663 call 406032 DeleteFileA 111->116 112->111 119 4036a4-4036ab 116->119 120 403665-403675 CopyFileA 116->120 119->116 122 4036ad-4036b4 call 405def 119->122 120->119 121 403677-403697 call 405def call 406032 call 4056af 120->121 121->119 131 403699-4036a0 CloseHandle 121->131 122->59 131->119
                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                			_entry_() {
				signed int _t42;
				intOrPtr* _t47;
				CHAR* _t51;
				char* _t53;
				CHAR* _t55;
				void* _t59;
				intOrPtr _t61;
				int _t62;
				int _t65;
				signed int _t66;
				int _t67;
				signed int _t69;
				void* _t93;
				signed int _t109;
				void* _t112;
				void* _t117;
				intOrPtr* _t118;
				char _t121;
				signed int _t140;
				signed int _t141;
				int _t149;
				void* _t150;
				intOrPtr* _t152;
				CHAR* _t155;
				CHAR* _t156;
				void* _t158;
				char* _t159;
				void* _t162;
				void* _t163;
				char _t188;

				 *(_t163 + 0x18) = 0;
				 *((intOrPtr*)(_t163 + 0x10)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t163 + 0x20) = 0;
				 *(_t163 + 0x14) = 0x20;
				SetErrorMode(0x8001); // executed
				_t42 = GetVersion() & 0xbfffffff;
				 *0x42f40c = _t42;
				if(_t42 != 6) {
					_t118 = E004063A8(0);
					if(_t118 != 0) {
						 *_t118(0xc00);
					}
				}
				_t155 = "UXTHEME";
				do {
					E0040633A(_t155); // executed
					_t155 =  &(_t155[lstrlenA(_t155) + 1]);
				} while ( *_t155 != 0);
				E004063A8(0xa);
				 *0x42f404 = E004063A8(8);
				_t47 = E004063A8(6);
				if(_t47 != 0) {
					_t47 =  *_t47(0x1e);
					if(_t47 != 0) {
						 *0x42f40f =  *0x42f40f | 0x00000040;
					}
				}
				__imp__#17(_t158);
				__imp__OleInitialize(0); // executed
				 *0x42f4d8 = _t47;
				SHGetFileInfoA(0x429830, 0, _t163 + 0x38, 0x160, 0); // executed
				E00406010("Wildix Integration Service v3.9.1 Setup", "NSIS Error");
				_t51 = GetCommandLineA();
				_t159 = "\"C:\\Users\\hardz\\Desktop\\SetupWIService.exe\" ";
				E00406010(_t159, _t51);
				 *0x42f400 = 0x400000;
				_t53 = _t159;
				if("\"C:\\Users\\hardz\\Desktop\\SetupWIService.exe\" " == 0x22) {
					 *(_t163 + 0x14) = 0x22;
					_t53 =  &M00435001;
				}
				_t55 = CharNextA(E004059D3(_t53,  *(_t163 + 0x14)));
				 *(_t163 + 0x1c) = _t55;
				while(1) {
					_t121 =  *_t55;
					_t171 = _t121;
					if(_t121 == 0) {
						break;
					}
					__eflags = _t121 - 0x20;
					if(_t121 != 0x20) {
						L13:
						__eflags =  *_t55 - 0x22;
						 *(_t163 + 0x14) = 0x20;
						if( *_t55 == 0x22) {
							_t55 =  &(_t55[1]);
							__eflags = _t55;
							 *(_t163 + 0x14) = 0x22;
						}
						__eflags =  *_t55 - 0x2f;
						if( *_t55 != 0x2f) {
							L25:
							_t55 = E004059D3(_t55,  *(_t163 + 0x14));
							__eflags =  *_t55 - 0x22;
							if(__eflags == 0) {
								_t55 =  &(_t55[1]);
								__eflags = _t55;
							}
							continue;
						} else {
							_t55 =  &(_t55[1]);
							__eflags =  *_t55 - 0x53;
							if( *_t55 != 0x53) {
								L20:
								__eflags =  *_t55 - ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC");
								if( *_t55 != ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC")) {
									L24:
									__eflags =  *((intOrPtr*)(_t55 - 2)) - ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=");
									if( *((intOrPtr*)(_t55 - 2)) == ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=")) {
										 *((char*)(_t55 - 2)) = 0;
										__eflags =  &(_t55[2]);
										E00406010("C:\\Program Files\\Wildix\\WIService",  &(_t55[2]));
										L30:
										_t156 = "C:\\Users\\hardz\\AppData\\Local\\Temp\\";
										GetTempPathA(0x400, _t156);
										_t59 = E0040323A(_t171);
										_t172 = _t59;
										if(_t59 != 0) {
											L33:
											DeleteFileA("1033"); // executed
											_t61 = E00402DC4(_t174,  *(_t163 + 0x20)); // executed
											 *((intOrPtr*)(_t163 + 0x10)) = _t61;
											if(_t61 != 0) {
												L43:
												ExitProcess(); // executed
												__imp__OleUninitialize(); // executed
												_t184 =  *((intOrPtr*)(_t163 + 0x10));
												if( *((intOrPtr*)(_t163 + 0x10)) == 0) {
													__eflags =  *0x42f4b4;
													if( *0x42f4b4 == 0) {
														L67:
														_t62 =  *0x42f4cc;
														__eflags = _t62 - 0xffffffff;
														if(_t62 != 0xffffffff) {
															 *(_t163 + 0x14) = _t62;
														}
														ExitProcess( *(_t163 + 0x14));
													}
													_t65 = OpenProcessToken(GetCurrentProcess(), 0x28, _t163 + 0x18);
													__eflags = _t65;
													_t149 = 2;
													if(_t65 != 0) {
														LookupPrivilegeValueA(0, "SeShutdownPrivilege", _t163 + 0x24);
														 *(_t163 + 0x38) = 1;
														 *(_t163 + 0x44) = _t149;
														AdjustTokenPrivileges( *(_t163 + 0x2c), 0, _t163 + 0x28, 0, 0, 0);
													}
													_t66 = E004063A8(4);
													__eflags = _t66;
													if(_t66 == 0) {
														L65:
														_t67 = ExitWindowsEx(_t149, 0x80040002);
														__eflags = _t67;
														if(_t67 != 0) {
															goto L67;
														}
														goto L66;
													} else {
														_t69 =  *_t66(0, 0, 0, 0x25, 0x80040002);
														__eflags = _t69;
														if(_t69 == 0) {
															L66:
															E0040140B(9);
															goto L67;
														}
														goto L65;
													}
												}
												E0040572C( *((intOrPtr*)(_t163 + 0x10)), 0x200010);
												ExitProcess(2);
											}
											if( *0x42f420 == 0) {
												L42:
												 *0x42f4cc =  *0x42f4cc | 0xffffffff;
												 *(_t163 + 0x18) = E0040382D( *0x42f4cc);
												goto L43;
											}
											_t152 = E004059D3(_t159, 0);
											if(_t152 < _t159) {
												L39:
												_t181 = _t152 - _t159;
												 *((intOrPtr*)(_t163 + 0x10)) = "Error launching installer";
												if(_t152 < _t159) {
													_t150 = E00405697(_t184);
													lstrcatA(_t156, "~nsu");
													if(_t150 != 0) {
														lstrcatA(_t156, "A");
													}
													lstrcatA(_t156, ".tmp");
													_t161 = "C:\\Users\\hardz\\Desktop";
													if(lstrcmpiA(_t156, "C:\\Users\\hardz\\Desktop") != 0) {
														_push(_t156);
														if(_t150 == 0) {
															E0040567A();
														} else {
															E004055FD();
														}
														SetCurrentDirectoryA(_t156);
														_t188 = "C:\\Program Files\\Wildix\\WIService"; // 0x43
														if(_t188 == 0) {
															E00406010("C:\\Program Files\\Wildix\\WIService", _t161);
														}
														E00406010("0x00004688",  *(_t163 + 0x1c));
														_t136 = "A";
														_t162 = 0x1a;
														 *0x430400 = "A";
														do {
															E00406032(0, 0x429430, _t156, 0x429430,  *((intOrPtr*)( *0x42f414 + 0x120)));
															DeleteFileA(0x429430);
															if( *((intOrPtr*)(_t163 + 0x10)) != 0 && CopyFileA("C:\\Users\\hardz\\Desktop\\SetupWIService.exe", 0x429430, 1) != 0) {
																E00405DEF(_t136, 0x429430, 0);
																E00406032(0, 0x429430, _t156, 0x429430,  *((intOrPtr*)( *0x42f414 + 0x124)));
																_t93 = E004056AF(0x429430);
																if(_t93 != 0) {
																	CloseHandle(_t93);
																	 *((intOrPtr*)(_t163 + 0x10)) = 0;
																}
															}
															 *0x430400 =  *0x430400 + 1;
															_t162 = _t162 - 1;
														} while (_t162 != 0);
														E00405DEF(_t136, _t156, 0);
													}
													goto L43;
												}
												 *_t152 = 0;
												_t153 = _t152 + 4;
												if(E00405A96(_t181, _t152 + 4) == 0) {
													goto L43;
												}
												E00406010("C:\\Program Files\\Wildix\\WIService", _t153);
												E00406010("C:\\Program Files\\Wildix\\WIService", _t153);
												 *((intOrPtr*)(_t163 + 0x10)) = 0;
												goto L42;
											}
											_t109 = (( *0x40a15b << 0x00000008 |  *0x40a15a) << 0x00000008 |  *0x40a159) << 0x00000008 | " _?=";
											while( *_t152 != _t109) {
												_t152 = _t152 - 1;
												if(_t152 >= _t159) {
													continue;
												}
												goto L39;
											}
											goto L39;
										}
										GetWindowsDirectoryA(_t156, 0x3fb);
										lstrcatA(_t156, "\\Temp");
										_t112 = E0040323A(_t172);
										_t173 = _t112;
										if(_t112 != 0) {
											goto L33;
										}
										GetTempPathA(0x3fc, _t156);
										lstrcatA(_t156, "Low");
										SetEnvironmentVariableA("TEMP", _t156);
										SetEnvironmentVariableA("TMP", _t156);
										_t117 = E0040323A(_t173);
										_t174 = _t117;
										if(_t117 == 0) {
											goto L43;
										}
										goto L33;
									}
									goto L25;
								}
								_t140 = _t55[4];
								__eflags = _t140 - 0x20;
								if(_t140 == 0x20) {
									L23:
									_t15 = _t163 + 0x20;
									 *_t15 =  *(_t163 + 0x20) | 0x00000004;
									__eflags =  *_t15;
									goto L24;
								}
								__eflags = _t140;
								if(_t140 != 0) {
									goto L24;
								}
								goto L23;
							}
							_t141 = _t55[1];
							__eflags = _t141 - 0x20;
							if(_t141 == 0x20) {
								L19:
								 *0x42f4c0 = 1;
								goto L20;
							}
							__eflags = _t141;
							if(_t141 != 0) {
								goto L20;
							}
							goto L19;
						}
					} else {
						goto L12;
					}
					do {
						L12:
						_t55 =  &(_t55[1]);
						__eflags =  *_t55 - 0x20;
					} while ( *_t55 == 0x20);
					goto L13;
				}
				goto L30;
			}

































                                                                                                                                                0x0040327b
                                                                                                                                                0x0040327f
                                                                                                                                                0x00403287
                                                                                                                                                0x0040328b
                                                                                                                                                0x00403290
                                                                                                                                                0x0040329c
                                                                                                                                                0x004032a5
                                                                                                                                                0x004032aa
                                                                                                                                                0x004032ad
                                                                                                                                                0x004032b4
                                                                                                                                                0x004032bb
                                                                                                                                                0x004032bb
                                                                                                                                                0x004032b4
                                                                                                                                                0x004032bd
                                                                                                                                                0x004032c2
                                                                                                                                                0x004032c3
                                                                                                                                                0x004032cf
                                                                                                                                                0x004032d3
                                                                                                                                                0x004032d9
                                                                                                                                                0x004032e7
                                                                                                                                                0x004032ec
                                                                                                                                                0x004032f3
                                                                                                                                                0x004032f7
                                                                                                                                                0x004032fb
                                                                                                                                                0x004032fd
                                                                                                                                                0x004032fd
                                                                                                                                                0x004032fb
                                                                                                                                                0x00403305
                                                                                                                                                0x0040330c
                                                                                                                                                0x00403312
                                                                                                                                                0x00403328
                                                                                                                                                0x00403338
                                                                                                                                                0x0040333d
                                                                                                                                                0x00403343
                                                                                                                                                0x0040334a
                                                                                                                                                0x00403356
                                                                                                                                                0x00403360
                                                                                                                                                0x00403362
                                                                                                                                                0x00403364
                                                                                                                                                0x00403369
                                                                                                                                                0x00403369
                                                                                                                                                0x00403379
                                                                                                                                                0x0040337f
                                                                                                                                                0x00403448
                                                                                                                                                0x00403448
                                                                                                                                                0x0040344a
                                                                                                                                                0x0040344c
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403388
                                                                                                                                                0x0040338b
                                                                                                                                                0x00403393
                                                                                                                                                0x00403393
                                                                                                                                                0x00403396
                                                                                                                                                0x0040339b
                                                                                                                                                0x0040339d
                                                                                                                                                0x0040339d
                                                                                                                                                0x0040339e
                                                                                                                                                0x0040339e
                                                                                                                                                0x004033a3
                                                                                                                                                0x004033a6
                                                                                                                                                0x00403438
                                                                                                                                                0x0040343d
                                                                                                                                                0x00403442
                                                                                                                                                0x00403445
                                                                                                                                                0x00403447
                                                                                                                                                0x00403447
                                                                                                                                                0x00403447
                                                                                                                                                0x00000000
                                                                                                                                                0x004033ac
                                                                                                                                                0x004033ac
                                                                                                                                                0x004033ad
                                                                                                                                                0x004033b0
                                                                                                                                                0x004033c8
                                                                                                                                                0x004033f3
                                                                                                                                                0x004033f5
                                                                                                                                                0x00403408
                                                                                                                                                0x00403433
                                                                                                                                                0x00403436
                                                                                                                                                0x00403454
                                                                                                                                                0x00403457
                                                                                                                                                0x00403460
                                                                                                                                                0x00403465
                                                                                                                                                0x0040346b
                                                                                                                                                0x00403476
                                                                                                                                                0x00403478
                                                                                                                                                0x0040347d
                                                                                                                                                0x0040347f
                                                                                                                                                0x004034d7
                                                                                                                                                0x004034dc
                                                                                                                                                0x004034e6
                                                                                                                                                0x004034ed
                                                                                                                                                0x004034f1
                                                                                                                                                0x00403585
                                                                                                                                                0x00403585
                                                                                                                                                0x0040358a
                                                                                                                                                0x00403590
                                                                                                                                                0x00403595
                                                                                                                                                0x004036b9
                                                                                                                                                0x004036bf
                                                                                                                                                0x0040373b
                                                                                                                                                0x0040373b
                                                                                                                                                0x00403740
                                                                                                                                                0x00403743
                                                                                                                                                0x00403745
                                                                                                                                                0x00403745
                                                                                                                                                0x0040374d
                                                                                                                                                0x0040374d
                                                                                                                                                0x004036cf
                                                                                                                                                0x004036d7
                                                                                                                                                0x004036d9
                                                                                                                                                0x004036da
                                                                                                                                                0x004036e7
                                                                                                                                                0x004036fa
                                                                                                                                                0x00403702
                                                                                                                                                0x00403706
                                                                                                                                                0x00403706
                                                                                                                                                0x0040370e
                                                                                                                                                0x00403713
                                                                                                                                                0x0040371a
                                                                                                                                                0x00403728
                                                                                                                                                0x0040372a
                                                                                                                                                0x00403730
                                                                                                                                                0x00403732
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040371c
                                                                                                                                                0x00403722
                                                                                                                                                0x00403724
                                                                                                                                                0x00403726
                                                                                                                                                0x00403734
                                                                                                                                                0x00403736
                                                                                                                                                0x00000000
                                                                                                                                                0x00403736
                                                                                                                                                0x00000000
                                                                                                                                                0x00403726
                                                                                                                                                0x0040371a
                                                                                                                                                0x004035a4
                                                                                                                                                0x004035ab
                                                                                                                                                0x004035ab
                                                                                                                                                0x004034fd
                                                                                                                                                0x00403575
                                                                                                                                                0x00403575
                                                                                                                                                0x00403581
                                                                                                                                                0x00000000
                                                                                                                                                0x00403581
                                                                                                                                                0x00403506
                                                                                                                                                0x0040350a
                                                                                                                                                0x00403540
                                                                                                                                                0x00403540
                                                                                                                                                0x00403542
                                                                                                                                                0x0040354a
                                                                                                                                                0x004035bc
                                                                                                                                                0x004035be
                                                                                                                                                0x004035c5
                                                                                                                                                0x004035cd
                                                                                                                                                0x004035cd
                                                                                                                                                0x004035d8
                                                                                                                                                0x004035dd
                                                                                                                                                0x004035ec
                                                                                                                                                0x004035f0
                                                                                                                                                0x004035f1
                                                                                                                                                0x004035fa
                                                                                                                                                0x004035f3
                                                                                                                                                0x004035f3
                                                                                                                                                0x004035f3
                                                                                                                                                0x00403600
                                                                                                                                                0x00403606
                                                                                                                                                0x0040360c
                                                                                                                                                0x00403614
                                                                                                                                                0x00403614
                                                                                                                                                0x00403622
                                                                                                                                                0x00403627
                                                                                                                                                0x00403639
                                                                                                                                                0x00403641
                                                                                                                                                0x00403647
                                                                                                                                                0x00403653
                                                                                                                                                0x00403659
                                                                                                                                                0x00403663
                                                                                                                                                0x00403679
                                                                                                                                                0x0040368a
                                                                                                                                                0x00403690
                                                                                                                                                0x00403697
                                                                                                                                                0x0040369a
                                                                                                                                                0x004036a0
                                                                                                                                                0x004036a0
                                                                                                                                                0x00403697
                                                                                                                                                0x004036a4
                                                                                                                                                0x004036aa
                                                                                                                                                0x004036aa
                                                                                                                                                0x004036af
                                                                                                                                                0x004036af
                                                                                                                                                0x00000000
                                                                                                                                                0x004035ec
                                                                                                                                                0x0040354c
                                                                                                                                                0x0040354e
                                                                                                                                                0x00403559
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403561
                                                                                                                                                0x0040356c
                                                                                                                                                0x00403571
                                                                                                                                                0x00000000
                                                                                                                                                0x00403571
                                                                                                                                                0x00403535
                                                                                                                                                0x00403537
                                                                                                                                                0x0040353b
                                                                                                                                                0x0040353e
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040353e
                                                                                                                                                0x00000000
                                                                                                                                                0x00403537
                                                                                                                                                0x00403487
                                                                                                                                                0x00403493
                                                                                                                                                0x00403498
                                                                                                                                                0x0040349d
                                                                                                                                                0x0040349f
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004034a7
                                                                                                                                                0x004034af
                                                                                                                                                0x004034c0
                                                                                                                                                0x004034c8
                                                                                                                                                0x004034ca
                                                                                                                                                0x004034cf
                                                                                                                                                0x004034d1
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004034d1
                                                                                                                                                0x00000000
                                                                                                                                                0x00403436
                                                                                                                                                0x004033f7
                                                                                                                                                0x004033fa
                                                                                                                                                0x004033fd
                                                                                                                                                0x00403403
                                                                                                                                                0x00403403
                                                                                                                                                0x00403403
                                                                                                                                                0x00403403
                                                                                                                                                0x00000000
                                                                                                                                                0x00403403
                                                                                                                                                0x004033ff
                                                                                                                                                0x00403401
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403401
                                                                                                                                                0x004033b2
                                                                                                                                                0x004033b5
                                                                                                                                                0x004033b8
                                                                                                                                                0x004033be
                                                                                                                                                0x004033be
                                                                                                                                                0x00000000
                                                                                                                                                0x004033be
                                                                                                                                                0x004033ba
                                                                                                                                                0x004033bc
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004033bc
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040338d
                                                                                                                                                0x0040338d
                                                                                                                                                0x0040338d
                                                                                                                                                0x0040338e
                                                                                                                                                0x0040338e
                                                                                                                                                0x00000000
                                                                                                                                                0x0040338d
                                                                                                                                                0x00000000

                                                                                                                                                APIs
                                                                                                                                                • SetErrorMode.KERNELBASE ref: 00403290
                                                                                                                                                • GetVersion.KERNEL32 ref: 00403296
                                                                                                                                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004032C9
                                                                                                                                                • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403305
                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 0040330C
                                                                                                                                                • SHGetFileInfoA.SHELL32(00429830,00000000,?,00000160,00000000,?,00000006,00000008,0000000A), ref: 00403328
                                                                                                                                                • GetCommandLineA.KERNEL32(Wildix Integration Service v3.9.1 Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040333D
                                                                                                                                                • CharNextA.USER32(00000000,"C:\Users\user\Desktop\SetupWIService.exe" ,00000020,"C:\Users\user\Desktop\SetupWIService.exe" ,00000000,?,00000006,00000008,0000000A), ref: 00403379
                                                                                                                                                • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000006,00000008,0000000A), ref: 00403476
                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 00403487
                                                                                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 00403493
                                                                                                                                                • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004034A7
                                                                                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004034AF
                                                                                                                                                • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004034C0
                                                                                                                                                • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 004034C8
                                                                                                                                                • DeleteFileA.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 004034DC
                                                                                                                                                  • Part of subcall function 004063A8: GetModuleHandleA.KERNEL32(?,?,?,004032DE,0000000A), ref: 004063BA
                                                                                                                                                  • Part of subcall function 004063A8: GetProcAddress.KERNEL32(00000000,?), ref: 004063D5
                                                                                                                                                  • Part of subcall function 0040382D: lstrlenA.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Wildix\WIService,1033,Wildix Integration Service v3.9.1 Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix Integration Service v3.9.1 Setup ,00000000,00000002,74D0FA90), ref: 0040391D
                                                                                                                                                  • Part of subcall function 0040382D: lstrcmpiA.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Wildix\WIService,1033,Wildix Integration Service v3.9.1 Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix Integration Service v3.9.1 Setup ,00000000), ref: 00403930
                                                                                                                                                  • Part of subcall function 0040382D: GetFileAttributesA.KERNEL32(Remove folder: ), ref: 0040393B
                                                                                                                                                  • Part of subcall function 0040382D: LoadImageA.USER32 ref: 00403984
                                                                                                                                                  • Part of subcall function 0040382D: RegisterClassA.USER32 ref: 004039C1
                                                                                                                                                • ExitProcess.KERNEL32(?,?,00000006,00000008,0000000A), ref: 00403585
                                                                                                                                                  • Part of subcall function 00403753: CloseHandle.KERNEL32(FFFFFFFF,0040358A,?,?,00000006,00000008,0000000A), ref: 0040375E
                                                                                                                                                • OleUninitialize.OLE32(?,?,00000006,00000008,0000000A), ref: 0040358A
                                                                                                                                                • ExitProcess.KERNEL32 ref: 004035AB
                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,00000006,00000008,0000000A), ref: 004036C8
                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 004036CF
                                                                                                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004036E7
                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00403706
                                                                                                                                                • ExitWindowsEx.USER32 ref: 0040372A
                                                                                                                                                • ExitProcess.KERNEL32 ref: 0040374D
                                                                                                                                                  • Part of subcall function 0040572C: MessageBoxIndirectA.USER32 ref: 00405787
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Process$Exit$File$EnvironmentHandlePathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCloseCommandCurrentDeleteDirectoryErrorImageIndirectInfoInitializeLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeValueVersionlstrcmpi
                                                                                                                                                • String ID: "$"C:\Users\user\Desktop\SetupWIService.exe" $.tmp$0x00004688$1033$C:\Program Files\Wildix\WIService$C:\Program Files\Wildix\WIService$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SetupWIService.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$Wildix Integration Service v3.9.1 Setup$\Temp$~nsu
                                                                                                                                                • API String ID: 562314493-3898083899
                                                                                                                                                • Opcode ID: 57b328a9d407dd4592a3e97bc7691f38fe75e35d48feec3e52135ce9b33548f1
                                                                                                                                                • Instruction ID: c488d4947f624a60ea111d8e8e2b3f6be1d3d76fce8bfd42f4ae142e8cae794f
                                                                                                                                                • Opcode Fuzzy Hash: 57b328a9d407dd4592a3e97bc7691f38fe75e35d48feec3e52135ce9b33548f1
                                                                                                                                                • Instruction Fuzzy Hash: 9EC10570104741AAD7216F759D49B2F3EA8AF4570AF44443FF582B61E2CB7C8A198B2F
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00405275 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 132 405275-405291 133 405420-405426 132->133 134 405297-40535e GetDlgItem * 3 call 4040d3 call 4049c4 GetClientRect GetSystemMetrics SendMessageA * 2 132->134 136 405450-40545c 133->136 137 405428-40544a GetDlgItem CreateThread FindCloseChangeNotification 133->137 156 405360-40537a SendMessageA * 2 134->156 157 40537c-40537f 134->157 139 40547e-405484 136->139 140 40545e-405464 136->140 137->136 141 405486-40548c 139->141 142 4054d9-4054dc 139->142 144 405466-405479 ShowWindow * 2 call 4040d3 140->144 145 40549f-4054a6 call 404105 140->145 147 4054b2-4054c2 ShowWindow 141->147 148 40548e-40549a call 404077 141->148 142->145 151 4054de-4054e4 142->151 144->139 153 4054ab-4054af 145->153 154 4054d2-4054d4 call 404077 147->154 155 4054c4-4054cd call 405137 147->155 148->145 151->145 158 4054e6-4054f9 SendMessageA 151->158 154->142 155->154 156->157 159 405381-40538d SendMessageA 157->159 160 40538f-4053a6 call 40409e 157->160 161 4055f6-4055f8 158->161 162 4054ff-40552b CreatePopupMenu call 406032 AppendMenuA 158->162 159->160 171 4053a8-4053bc ShowWindow 160->171 172 4053dc-4053fd GetDlgItem SendMessageA 160->172 161->153 169 405540-405556 TrackPopupMenu 162->169 170 40552d-40553d GetWindowRect 162->170 169->161 173 40555c-405576 169->173 170->169 174 4053cb 171->174 175 4053be-4053c9 ShowWindow 171->175 172->161 176 405403-40541b SendMessageA * 2 172->176 177 40557b-405596 SendMessageA 173->177 178 4053d1-4053d7 call 4040d3 174->178 175->178 176->161 177->177 179 405598-4055b8 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 177->179 178->172 181 4055ba-4055da SendMessageA 179->181 181->181 182 4055dc-4055f0 GlobalUnlock SetClipboardData CloseClipboard 181->182 182->161
                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                			E00405275(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				struct tagRECT _v24;
				void* _v32;
				signed int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				void* _v56;
				void* _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t87;
				struct HWND__* _t89;
				long _t90;
				int _t95;
				int _t96;
				long _t99;
				void* _t102;
				intOrPtr _t113;
				void* _t121;
				intOrPtr _t124;
				struct HWND__* _t128;
				int _t150;
				int _t153;
				long _t157;
				struct HWND__* _t161;
				struct HMENU__* _t163;
				long _t165;
				void* _t166;
				char* _t167;
				char* _t168;
				int _t169;

				_t87 =  *0x42ebe4; // 0x10452
				_t157 = _a8;
				_t150 = 0;
				_v8 = _t87;
				if(_t157 != 0x110) {
					__eflags = _t157 - 0x405;
					if(_t157 == 0x405) {
						_t121 = CreateThread(0, 0, E00405209, GetDlgItem(_a4, 0x3ec), 0,  &_a8); // executed
						FindCloseChangeNotification(_t121);
					}
					__eflags = _t157 - 0x111;
					if(_t157 != 0x111) {
						L17:
						__eflags = _t157 - 0x404;
						if(_t157 != 0x404) {
							L25:
							__eflags = _t157 - 0x7b;
							if(_t157 != 0x7b) {
								goto L20;
							}
							_t89 = _v8;
							__eflags = _a12 - _t89;
							if(_a12 != _t89) {
								goto L20;
							}
							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
							__eflags = _t90 - _t150;
							_a12 = _t90;
							if(_t90 <= _t150) {
								L36:
								return 0;
							}
							_t163 = CreatePopupMenu();
							AppendMenuA(_t163, _t150, 1, E00406032(_t150, _t157, _t163, _t150, 0xffffffe1));
							_t95 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t153 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v24);
								_t95 = _v24.left;
								_t153 = _v24.top;
							}
							_t96 = TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150);
							__eflags = _t96 - 1;
							if(_t96 == 1) {
								_t165 = 1;
								__eflags = 1;
								_v56 = _t150;
								_v44 = 0x42a870;
								_v40 = 0x1000;
								_a4 = _a12;
								do {
									_a4 = _a4 - 1;
									_t99 = SendMessageA(_v8, 0x102d, _a4,  &_v64);
									__eflags = _a4 - _t150;
									_t165 = _t165 + _t99 + 2;
								} while (_a4 != _t150);
								OpenClipboard(_t150);
								EmptyClipboard();
								_t102 = GlobalAlloc(0x42, _t165);
								_a4 = _t102;
								_t166 = GlobalLock(_t102);
								do {
									_v44 = _t166;
									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
									 *_t167 = 0xd;
									_t168 = _t167 + 1;
									 *_t168 = 0xa;
									_t166 = _t168 + 1;
									_t150 = _t150 + 1;
									__eflags = _t150 - _a12;
								} while (_t150 < _a12);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x42ebcc - _t150; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x42f408, 8); // executed
							__eflags =  *0x42f4ac - _t150;
							if( *0x42f4ac == _t150) {
								_t113 =  *0x42a048; // 0x72c0ec
								E00405137( *((intOrPtr*)(_t113 + 0x34)), _t150); // executed
							}
							E00404077(1);
							goto L25;
						}
						 *0x429c40 = 2;
						E00404077(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00404105(_t157, _a12, _a16);
						}
						ShowWindow( *0x42ebd0, _t150);
						ShowWindow(_v8, 8);
						E004040D3(_v8);
						goto L17;
					}
				}
				_v48 = _v48 | 0xffffffff;
				_v36 = _v36 | 0xffffffff;
				_t169 = 2;
				_v56 = _t169;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				_t124 =  *0x42f414;
				_a12 =  *((intOrPtr*)(_t124 + 0x5c));
				_a8 =  *((intOrPtr*)(_t124 + 0x60));
				 *0x42ebd0 = GetDlgItem(_a4, 0x403);
				 *0x42ebc8 = GetDlgItem(_a4, 0x3ee);
				_t128 = GetDlgItem(_a4, 0x3f8);
				 *0x42ebe4 = _t128;
				_v8 = _t128;
				E004040D3( *0x42ebd0);
				 *0x42ebd4 = E004049C4(4);
				 *0x42ebec = 0;
				GetClientRect(_v8,  &_v24);
				_v48 = _v24.right - GetSystemMetrics(_t169);
				SendMessageA(_v8, 0x101b, 0,  &_v56);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a12 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a12);
					SendMessageA(_v8, 0x1026, 0, _a12);
				}
				if(_a8 >= _t150) {
					SendMessageA(_v8, 0x1024, _t150, _a8);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E0040409E(_a4);
				if(( *0x42f41c & 0x00000003) != 0) {
					ShowWindow( *0x42ebd0, _t150);
					if(( *0x42f41c & 0x00000002) != 0) {
						 *0x42ebd0 = _t150;
					} else {
						ShowWindow(_v8, 8);
					}
					E004040D3( *0x42ebc8);
				}
				_t161 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t161, 0x401, _t150, 0x75300000);
				if(( *0x42f41c & 0x00000004) != 0) {
					SendMessageA(_t161, 0x409, _t150, _a8);
					SendMessageA(_t161, 0x2001, _t150, _a12);
				}
				goto L36;
			}





































                                                                                                                                                0x0040527b
                                                                                                                                                0x00405283
                                                                                                                                                0x00405286
                                                                                                                                                0x0040528e
                                                                                                                                                0x00405291
                                                                                                                                                0x00405420
                                                                                                                                                0x00405426
                                                                                                                                                0x00405443
                                                                                                                                                0x0040544a
                                                                                                                                                0x0040544a
                                                                                                                                                0x00405456
                                                                                                                                                0x0040545c
                                                                                                                                                0x0040547e
                                                                                                                                                0x0040547e
                                                                                                                                                0x00405484
                                                                                                                                                0x004054d9
                                                                                                                                                0x004054d9
                                                                                                                                                0x004054dc
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004054de
                                                                                                                                                0x004054e1
                                                                                                                                                0x004054e4
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004054ee
                                                                                                                                                0x004054f4
                                                                                                                                                0x004054f6
                                                                                                                                                0x004054f9
                                                                                                                                                0x004055f6
                                                                                                                                                0x00000000
                                                                                                                                                0x004055f6
                                                                                                                                                0x00405508
                                                                                                                                                0x00405514
                                                                                                                                                0x0040551d
                                                                                                                                                0x00405524
                                                                                                                                                0x00405528
                                                                                                                                                0x0040552b
                                                                                                                                                0x00405534
                                                                                                                                                0x0040553a
                                                                                                                                                0x0040553d
                                                                                                                                                0x0040553d
                                                                                                                                                0x0040554d
                                                                                                                                                0x00405553
                                                                                                                                                0x00405556
                                                                                                                                                0x00405561
                                                                                                                                                0x00405561
                                                                                                                                                0x00405562
                                                                                                                                                0x00405565
                                                                                                                                                0x0040556c
                                                                                                                                                0x00405573
                                                                                                                                                0x0040557b
                                                                                                                                                0x0040557b
                                                                                                                                                0x00405589
                                                                                                                                                0x0040558f
                                                                                                                                                0x00405592
                                                                                                                                                0x00405592
                                                                                                                                                0x00405599
                                                                                                                                                0x0040559f
                                                                                                                                                0x004055a8
                                                                                                                                                0x004055af
                                                                                                                                                0x004055b8
                                                                                                                                                0x004055ba
                                                                                                                                                0x004055bd
                                                                                                                                                0x004055cc
                                                                                                                                                0x004055ce
                                                                                                                                                0x004055d1
                                                                                                                                                0x004055d2
                                                                                                                                                0x004055d5
                                                                                                                                                0x004055d6
                                                                                                                                                0x004055d7
                                                                                                                                                0x004055d7
                                                                                                                                                0x004055df
                                                                                                                                                0x004055ea
                                                                                                                                                0x004055f0
                                                                                                                                                0x004055f0
                                                                                                                                                0x00000000
                                                                                                                                                0x00405556
                                                                                                                                                0x00405486
                                                                                                                                                0x0040548c
                                                                                                                                                0x004054ba
                                                                                                                                                0x004054bc
                                                                                                                                                0x004054c2
                                                                                                                                                0x004054c4
                                                                                                                                                0x004054cd
                                                                                                                                                0x004054cd
                                                                                                                                                0x004054d4
                                                                                                                                                0x00000000
                                                                                                                                                0x004054d4
                                                                                                                                                0x00405490
                                                                                                                                                0x0040549a
                                                                                                                                                0x00000000
                                                                                                                                                0x0040545e
                                                                                                                                                0x0040545e
                                                                                                                                                0x00405464
                                                                                                                                                0x0040549f
                                                                                                                                                0x00000000
                                                                                                                                                0x004054a6
                                                                                                                                                0x0040546d
                                                                                                                                                0x00405474
                                                                                                                                                0x00405479
                                                                                                                                                0x00000000
                                                                                                                                                0x00405479
                                                                                                                                                0x0040545c
                                                                                                                                                0x00405297
                                                                                                                                                0x0040529b
                                                                                                                                                0x004052a3
                                                                                                                                                0x004052a7
                                                                                                                                                0x004052aa
                                                                                                                                                0x004052ad
                                                                                                                                                0x004052b0
                                                                                                                                                0x004052b3
                                                                                                                                                0x004052b4
                                                                                                                                                0x004052b5
                                                                                                                                                0x004052ce
                                                                                                                                                0x004052d1
                                                                                                                                                0x004052db
                                                                                                                                                0x004052ea
                                                                                                                                                0x004052f2
                                                                                                                                                0x004052fa
                                                                                                                                                0x004052ff
                                                                                                                                                0x00405302
                                                                                                                                                0x0040530e
                                                                                                                                                0x00405317
                                                                                                                                                0x00405320
                                                                                                                                                0x00405342
                                                                                                                                                0x00405348
                                                                                                                                                0x00405359
                                                                                                                                                0x0040535e
                                                                                                                                                0x0040536c
                                                                                                                                                0x0040537a
                                                                                                                                                0x0040537a
                                                                                                                                                0x0040537f
                                                                                                                                                0x0040538d
                                                                                                                                                0x0040538d
                                                                                                                                                0x00405392
                                                                                                                                                0x00405395
                                                                                                                                                0x0040539a
                                                                                                                                                0x004053a6
                                                                                                                                                0x004053af
                                                                                                                                                0x004053bc
                                                                                                                                                0x004053cb
                                                                                                                                                0x004053be
                                                                                                                                                0x004053c3
                                                                                                                                                0x004053c3
                                                                                                                                                0x004053d7
                                                                                                                                                0x004053d7
                                                                                                                                                0x004053eb
                                                                                                                                                0x004053f4
                                                                                                                                                0x004053fd
                                                                                                                                                0x0040540d
                                                                                                                                                0x00405419
                                                                                                                                                0x00405419
                                                                                                                                                0x00000000

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • Wildix Integration Service v3.9.1 Setup , xrefs: 00405565
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                                                                                                                • String ID: Wildix Integration Service v3.9.1 Setup
                                                                                                                                                • API String ID: 4154960007-3622325919
                                                                                                                                                • Opcode ID: 4e946844504716807b89e77f71790089b63ff6043fadd68726e654c2654c25e3
                                                                                                                                                • Instruction ID: 66d789517199d7de7cfadb6731c275bc9a2b232ae8febcf914e4846c803f5e83
                                                                                                                                                • Opcode Fuzzy Hash: 4e946844504716807b89e77f71790089b63ff6043fadd68726e654c2654c25e3
                                                                                                                                                • Instruction Fuzzy Hash: A3A147B0900608BFDB119F61DE89AAF7F79FB08354F40403AFA41BA1A0C7755E519F68
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004057D8 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 159filestringCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 491 4057d8-4057fe call 405a96 494 405800-405812 DeleteFileA 491->494 495 405817-40581e 491->495 496 4059a1-4059a5 494->496 497 405820-405822 495->497 498 405831-405841 call 406010 495->498 499 405828-40582b 497->499 500 40594f-405954 497->500 506 405850-405851 call 4059ef 498->506 507 405843-40584e lstrcatA 498->507 499->498 499->500 500->496 502 405956-405959 500->502 504 405963-40596b call 406313 502->504 505 40595b-405961 502->505 504->496 515 40596d-405981 call 4059a8 call 405790 504->515 505->496 509 405856-405859 506->509 507->509 512 405864-40586a lstrcatA 509->512 513 40585b-405862 509->513 514 40586f-40588d lstrlenA FindFirstFileA 512->514 513->512 513->514 516 405893-4058aa call 4059d3 514->516 517 405945-405949 514->517 530 405983-405986 515->530 531 405999-40599c call 405137 515->531 524 4058b5-4058b8 516->524 525 4058ac-4058b0 516->525 517->500 519 40594b 517->519 519->500 528 4058ba-4058bf 524->528 529 4058cb-4058d9 call 406010 524->529 525->524 527 4058b2 525->527 527->524 533 4058c1-4058c3 528->533 534 405924-405936 FindNextFileA 528->534 542 4058f0-4058fb call 405790 529->542 543 4058db-4058e3 529->543 530->505 536 405988-405997 call 405137 call 405def 530->536 531->496 533->529 537 4058c5-4058c9 533->537 534->516 539 40593c-40593f FindClose 534->539 536->496 537->529 537->534 539->517 551 40591c-40591f call 405137 542->551 552 4058fd-405900 542->552 543->534 546 4058e5-4058ee call 4057d8 543->546 546->534 551->534 553 405902-405912 call 405137 call 405def 552->553 554 405914-40591a 552->554 553->534 554->534
                                                                                                                                                C-Code - Quality: 98%
                                                                                                                                                			E004057D8(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				void* _t72;
				CHAR* _t73;
				char* _t76;

				_t69 = _a8;
				_t73 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E00405A96(__eflags, _t73);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t73); // executed
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x42f4a8 =  *0x42f4a8 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406010(0x42b878, _t73);
					__eflags = _a4;
					if(_a4 == 0) {
						E004059EF(_t73);
					} else {
						lstrcatA(0x42b878, "\*.*");
					}
					__eflags =  *_t73;
					if( *_t73 != 0) {
						L10:
						lstrcatA(_t73, 0x40a014);
						L11:
						_t71 =  &(_t73[lstrlenA(_t73)]); // executed
						_t40 = FindFirstFileA(0x42b878,  &_v336); // executed
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t76 =  &(_v336.cFileName);
							_t53 = E004059D3( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t76 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t76 - 0x2e;
							if( *_t76 != 0x2e) {
								L19:
								E00406010(_t71, _t76);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E00405790(__eflags, _t73, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E00405137(0xfffffff2, _t73); // executed
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x42f4a8 =  *0x42f4a8 + 1;
										} else {
											E00405137(0xfffffff1, _t73);
											E00405DEF(_t72, _t73, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004057D8(__eflags, _t73, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t76 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t76 + 2));
							if( *((char*)(_t76 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336); // executed
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x42b878 - 0x5c;
					if( *0x42b878 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E00406313(_t73);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E004059A8(_t73);
							_t40 = E00405790(__eflags, _t73, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E00405137(0xffffffe5, _t73);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E00405137(0xfffffff1, _t73);
							return E00405DEF(_t72, _t73, 0);
						}
						L33:
						 *0x42f4a8 =  *0x42f4a8 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}



















                                                                                                                                                0x004057e2
                                                                                                                                                0x004057e7
                                                                                                                                                0x004057f0
                                                                                                                                                0x004057f3
                                                                                                                                                0x004057fb
                                                                                                                                                0x004057fe
                                                                                                                                                0x00405801
                                                                                                                                                0x00405809
                                                                                                                                                0x0040580b
                                                                                                                                                0x0040580c
                                                                                                                                                0x00000000
                                                                                                                                                0x0040580c
                                                                                                                                                0x00405817
                                                                                                                                                0x0040581a
                                                                                                                                                0x0040581a
                                                                                                                                                0x0040581a
                                                                                                                                                0x0040581e
                                                                                                                                                0x00405831
                                                                                                                                                0x00405838
                                                                                                                                                0x0040583d
                                                                                                                                                0x00405841
                                                                                                                                                0x00405851
                                                                                                                                                0x00405843
                                                                                                                                                0x00405849
                                                                                                                                                0x00405849
                                                                                                                                                0x00405856
                                                                                                                                                0x00405859
                                                                                                                                                0x00405864
                                                                                                                                                0x0040586a
                                                                                                                                                0x0040586f
                                                                                                                                                0x0040587f
                                                                                                                                                0x00405881
                                                                                                                                                0x00405887
                                                                                                                                                0x0040588a
                                                                                                                                                0x0040588d
                                                                                                                                                0x00405945
                                                                                                                                                0x00405945
                                                                                                                                                0x00405949
                                                                                                                                                0x0040594b
                                                                                                                                                0x0040594b
                                                                                                                                                0x0040594b
                                                                                                                                                0x0040594b
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405893
                                                                                                                                                0x00405893
                                                                                                                                                0x0040589c
                                                                                                                                                0x004058a2
                                                                                                                                                0x004058a7
                                                                                                                                                0x004058aa
                                                                                                                                                0x004058ac
                                                                                                                                                0x004058b0
                                                                                                                                                0x004058b2
                                                                                                                                                0x004058b2
                                                                                                                                                0x004058b0
                                                                                                                                                0x004058b5
                                                                                                                                                0x004058b8
                                                                                                                                                0x004058cb
                                                                                                                                                0x004058cd
                                                                                                                                                0x004058d2
                                                                                                                                                0x004058d9
                                                                                                                                                0x004058f4
                                                                                                                                                0x004058f9
                                                                                                                                                0x004058fb
                                                                                                                                                0x0040591f
                                                                                                                                                0x004058fd
                                                                                                                                                0x004058fd
                                                                                                                                                0x00405900
                                                                                                                                                0x00405914
                                                                                                                                                0x00405902
                                                                                                                                                0x00405905
                                                                                                                                                0x0040590d
                                                                                                                                                0x0040590d
                                                                                                                                                0x00405900
                                                                                                                                                0x004058db
                                                                                                                                                0x004058e1
                                                                                                                                                0x004058e3
                                                                                                                                                0x004058e9
                                                                                                                                                0x004058e9
                                                                                                                                                0x004058e3
                                                                                                                                                0x00000000
                                                                                                                                                0x004058d9
                                                                                                                                                0x004058ba
                                                                                                                                                0x004058bd
                                                                                                                                                0x004058bf
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004058c1
                                                                                                                                                0x004058c3
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004058c5
                                                                                                                                                0x004058c9
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405924
                                                                                                                                                0x0040592e
                                                                                                                                                0x00405934
                                                                                                                                                0x00405934
                                                                                                                                                0x0040593f
                                                                                                                                                0x00000000
                                                                                                                                                0x0040593f
                                                                                                                                                0x0040585b
                                                                                                                                                0x00405862
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405820
                                                                                                                                                0x00405820
                                                                                                                                                0x00405822
                                                                                                                                                0x0040594f
                                                                                                                                                0x00405951
                                                                                                                                                0x00405954
                                                                                                                                                0x004059a5
                                                                                                                                                0x004059a5
                                                                                                                                                0x004059a5
                                                                                                                                                0x00405956
                                                                                                                                                0x00405959
                                                                                                                                                0x00405964
                                                                                                                                                0x00405969
                                                                                                                                                0x0040596b
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040596e
                                                                                                                                                0x0040597a
                                                                                                                                                0x0040597f
                                                                                                                                                0x00405981
                                                                                                                                                0x00000000
                                                                                                                                                0x0040599c
                                                                                                                                                0x00405983
                                                                                                                                                0x00405986
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040598b
                                                                                                                                                0x00000000
                                                                                                                                                0x00405992
                                                                                                                                                0x0040595b
                                                                                                                                                0x0040595b
                                                                                                                                                0x00000000
                                                                                                                                                0x0040595b
                                                                                                                                                0x00405828
                                                                                                                                                0x0040582b
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040582b

                                                                                                                                                APIs
                                                                                                                                                • DeleteFileA.KERNELBASE(?,?,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405801
                                                                                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nspF522.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nspF522.tmp\*.*,?,?,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405849
                                                                                                                                                • lstrcatA.KERNEL32(?,0040A014,?,C:\Users\user\AppData\Local\Temp\nspF522.tmp\*.*,?,?,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040586A
                                                                                                                                                • lstrlenA.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nspF522.tmp\*.*,?,?,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405870
                                                                                                                                                • FindFirstFileA.KERNELBASE(C:\Users\user\AppData\Local\Temp\nspF522.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nspF522.tmp\*.*,?,?,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405881
                                                                                                                                                • FindNextFileA.KERNELBASE(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 0040592E
                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 0040593F
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                • String ID: "C:\Users\user\Desktop\SetupWIService.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nspF522.tmp\*.*$\*.*
                                                                                                                                                • API String ID: 2035342205-1783194722
                                                                                                                                                • Opcode ID: 1028c0a1378fe67f5cfd0213f93084011618ac7fb180f8f6d485c044da562b3f
                                                                                                                                                • Instruction ID: b1b2ef924c21ee39ce724be99c412cdb4e11523259fae964be374fa5306f8f12
                                                                                                                                                • Opcode Fuzzy Hash: 1028c0a1378fe67f5cfd0213f93084011618ac7fb180f8f6d485c044da562b3f
                                                                                                                                                • Instruction Fuzzy Hash: 9A51A171800A04EADB216B618C45BBF7AB8DF42728F14807BF845B51D1C73C4982DE6A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00402138 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 74%
                                                                                                                                                			E00402138(void* __eflags) {
				signed int _t55;
				void* _t59;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t87;
				intOrPtr* _t95;
				signed int _t105;
				signed int _t109;
				void* _t111;

				 *(_t111 - 0x10) = E00402B2C(0xfffffff0);
				 *(_t111 - 0xc) = E00402B2C(0xffffffdf);
				 *((intOrPtr*)(_t111 - 0x44)) = E00402B2C(2);
				 *((intOrPtr*)(_t111 - 0x40)) = E00402B2C(0xffffffcd);
				 *((intOrPtr*)(_t111 - 0x4c)) = E00402B2C(0x45);
				_t55 =  *(_t111 - 0x24);
				 *(_t111 - 0x88) = _t55 & 0x00000fff;
				_t105 = _t55 & 0x00008000;
				_t109 = _t55 >> 0x0000000c & 0x00000007;
				 *(_t111 - 0x3c) = _t55 >> 0x00000010 & 0x0000ffff;
				if(E00405A15( *(_t111 - 0xc)) == 0) {
					E00402B2C(0x21);
				}
				_t59 = _t111 + 8;
				__imp__CoCreateInstance(0x40851c, _t87, 1, 0x40850c, _t59); // executed
				if(_t59 < _t87) {
					L15:
					 *((intOrPtr*)(_t111 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t63 =  *((intOrPtr*)(_t111 + 8));
					_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x40852c, _t111 - 0x1c);
					 *((intOrPtr*)(_t111 - 8)) = _t64;
					if(_t64 >= _t87) {
						_t67 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t67 + 0x50))(_t67,  *(_t111 - 0xc));
						if(_t105 == _t87) {
							_t84 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t84 + 0x24))(_t84, "C:\\Program Files\\Wildix\\WIService");
						}
						if(_t109 != _t87) {
							_t82 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t82 + 0x3c))(_t82, _t109);
						}
						_t69 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t69 + 0x34))(_t69,  *(_t111 - 0x3c));
						_t95 =  *((intOrPtr*)(_t111 - 0x40));
						if( *_t95 != _t87) {
							_t80 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t80 + 0x44))(_t80, _t95,  *(_t111 - 0x88));
						}
						_t71 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t71 + 0x2c))(_t71,  *((intOrPtr*)(_t111 - 0x44)));
						_t73 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *((intOrPtr*)(_t111 - 0x4c)));
						if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
							 *((intOrPtr*)(_t111 - 8)) = 0x80004005;
							if(MultiByteToWideChar(_t87, _t87,  *(_t111 - 0x10), 0xffffffff,  *(_t111 - 0xc), 0x400) != 0) {
								_t78 =  *((intOrPtr*)(_t111 - 0x1c));
								 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t78 + 0x18))(_t78,  *(_t111 - 0xc), 1);
							}
						}
						_t75 =  *((intOrPtr*)(_t111 - 0x1c));
						 *((intOrPtr*)( *_t75 + 8))(_t75);
					}
					_t65 =  *((intOrPtr*)(_t111 + 8));
					 *((intOrPtr*)( *_t65 + 8))(_t65);
					if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
						_push(0xfffffff4);
					} else {
						goto L15;
					}
				}
				E00401423();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t111 - 4));
				return 0;
			}






















                                                                                                                                                0x00402141
                                                                                                                                                0x0040214b
                                                                                                                                                0x00402155
                                                                                                                                                0x0040215f
                                                                                                                                                0x0040216a
                                                                                                                                                0x0040216d
                                                                                                                                                0x00402187
                                                                                                                                                0x0040218d
                                                                                                                                                0x00402193
                                                                                                                                                0x00402196
                                                                                                                                                0x004021a0
                                                                                                                                                0x004021a4
                                                                                                                                                0x004021a4
                                                                                                                                                0x004021a9
                                                                                                                                                0x004021ba
                                                                                                                                                0x004021c2
                                                                                                                                                0x0040229b
                                                                                                                                                0x0040229b
                                                                                                                                                0x004022a2
                                                                                                                                                0x004021c8
                                                                                                                                                0x004021c8
                                                                                                                                                0x004021d7
                                                                                                                                                0x004021db
                                                                                                                                                0x004021de
                                                                                                                                                0x004021e4
                                                                                                                                                0x004021f2
                                                                                                                                                0x004021f5
                                                                                                                                                0x004021f7
                                                                                                                                                0x00402202
                                                                                                                                                0x00402202
                                                                                                                                                0x00402207
                                                                                                                                                0x00402209
                                                                                                                                                0x00402210
                                                                                                                                                0x00402210
                                                                                                                                                0x00402213
                                                                                                                                                0x0040221c
                                                                                                                                                0x0040221f
                                                                                                                                                0x00402224
                                                                                                                                                0x00402226
                                                                                                                                                0x00402233
                                                                                                                                                0x00402233
                                                                                                                                                0x00402236
                                                                                                                                                0x0040223f
                                                                                                                                                0x00402242
                                                                                                                                                0x0040224b
                                                                                                                                                0x00402251
                                                                                                                                                0x00402258
                                                                                                                                                0x00402271
                                                                                                                                                0x00402273
                                                                                                                                                0x00402281
                                                                                                                                                0x00402281
                                                                                                                                                0x00402271
                                                                                                                                                0x00402284
                                                                                                                                                0x0040228a
                                                                                                                                                0x0040228a
                                                                                                                                                0x0040228d
                                                                                                                                                0x00402293
                                                                                                                                                0x00402299
                                                                                                                                                0x004022ae
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00402299
                                                                                                                                                0x004022a4
                                                                                                                                                0x004029bb
                                                                                                                                                0x004029c7

                                                                                                                                                APIs
                                                                                                                                                • CoCreateInstance.OLE32(0040851C,?,00000001,0040850C,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021BA
                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,0040850C,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402269
                                                                                                                                                Strings
                                                                                                                                                • C:\Program Files\Wildix\WIService, xrefs: 004021FA
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                                                • String ID: C:\Program Files\Wildix\WIService
                                                                                                                                                • API String ID: 123533781-2436880260
                                                                                                                                                • Opcode ID: 5e26a4cef9836c5db1ff9a72d0abbf1eb8f5a6fdc757ce25d6c6e23b25beee3e
                                                                                                                                                • Instruction ID: 754b6e0833e3014b2c682637ef6945f2e05814b0a8fe180c789646af90cdafbf
                                                                                                                                                • Opcode Fuzzy Hash: 5e26a4cef9836c5db1ff9a72d0abbf1eb8f5a6fdc757ce25d6c6e23b25beee3e
                                                                                                                                                • Instruction Fuzzy Hash: DD510771A00209AFCB04DFE4C988A9D7BB5EF48314F2045BAF515EB2D1DB799941CF54
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00406313 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00406313(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x42c0c0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x42c0c0;
			}




                                                                                                                                                0x0040631e
                                                                                                                                                0x00406327
                                                                                                                                                0x00000000
                                                                                                                                                0x00406334
                                                                                                                                                0x0040632a
                                                                                                                                                0x00000000

                                                                                                                                                APIs
                                                                                                                                                • FindFirstFileA.KERNELBASE(74D0FA90,0042C0C0,C:\,00405AD9,C:\,C:\,00000000,C:\,C:\,74D0FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,74D0FA90,C:\Users\user\AppData\Local\Temp\), ref: 0040631E
                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 0040632A
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                • String ID: C:\
                                                                                                                                                • API String ID: 2295610775-3404278061
                                                                                                                                                • Opcode ID: 1839775ab65f4c7429e333cf5f3a5f1104f42c23ffe018d7624b5080913ebc3e
                                                                                                                                                • Instruction ID: f1da5dbc8fb4190b670de1866088b9aea297c62f24eccc1d76d376cb4bf46ee5
                                                                                                                                                • Opcode Fuzzy Hash: 1839775ab65f4c7429e333cf5f3a5f1104f42c23ffe018d7624b5080913ebc3e
                                                                                                                                                • Instruction Fuzzy Hash: A8D0123250A030ABC350177C7E0C88F7A989F163347218A36F4A6F21E0C7348C2286DC
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00402765 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 41%
                                                                                                                                                			E00402765(char __ebx, char* __edi, char* __esi) {
				void* _t6;
				void* _t19;

				_t6 = FindFirstFileA(E00402B2C(2), _t19 - 0x1c8); // executed
				if(_t6 != 0xffffffff) {
					E00405F6E(__edi, _t6);
					_push(_t19 - 0x19c);
					_push(__esi);
					E00406010();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}





                                                                                                                                                0x00402774
                                                                                                                                                0x0040277d
                                                                                                                                                0x00402791
                                                                                                                                                0x0040279c
                                                                                                                                                0x0040279d
                                                                                                                                                0x004028d6
                                                                                                                                                0x0040277f
                                                                                                                                                0x0040277f
                                                                                                                                                0x00402781
                                                                                                                                                0x00402783
                                                                                                                                                0x00402783
                                                                                                                                                0x004029bb
                                                                                                                                                0x004029c7

                                                                                                                                                APIs
                                                                                                                                                • FindFirstFileA.KERNELBASE(00000000,?,00000002), ref: 00402774
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileFindFirst
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1974802433-0
                                                                                                                                                • Opcode ID: d49b052ccc37abe76686d4a71a1dd7afab77a5349bca0cf12c91bef43c1fe758
                                                                                                                                                • Instruction ID: 5c82bf4159fd1739121f93a17669663fbe331ae18c29918af2b78fc5806f8225
                                                                                                                                                • Opcode Fuzzy Hash: d49b052ccc37abe76686d4a71a1dd7afab77a5349bca0cf12c91bef43c1fe758
                                                                                                                                                • Instruction Fuzzy Hash: 39F0EC725441009BD301EB749A49AFEB77CEF15324F60017BE141F21C1D6F84945D77A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00403BCA Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 183 403bca-403bdc 184 403be2-403be8 183->184 185 403d1d-403d2c 183->185 184->185 186 403bee-403bf7 184->186 187 403d7b-403d90 185->187 188 403d2e-403d69 GetDlgItem * 2 call 40409e KiUserCallbackDispatcher call 40140b 185->188 191 403bf9-403c06 SetWindowPos 186->191 192 403c0c-403c0f 186->192 189 403dd0-403dd5 call 4040ea 187->189 190 403d92-403d95 187->190 211 403d6e-403d76 188->211 202 403dda-403df5 189->202 194 403d97-403da2 call 401389 190->194 195 403dc8-403dca 190->195 191->192 197 403c11-403c23 ShowWindow 192->197 198 403c29-403c2f 192->198 194->195 216 403da4-403dc3 SendMessageA 194->216 195->189 201 40406b 195->201 197->198 203 403c31-403c46 DestroyWindow 198->203 204 403c4b-403c4e 198->204 209 40406d-404074 201->209 207 403df7-403df9 call 40140b 202->207 208 403dfe-403e04 202->208 210 404048-40404e 203->210 212 403c50-403c5c SetWindowLongA 204->212 213 403c61-403c67 204->213 207->208 219 404029-404042 DestroyWindow KiUserCallbackDispatcher 208->219 220 403e0a-403e15 208->220 210->201 218 404050-404056 210->218 211->187 212->209 214 403d0a-403d18 call 404105 213->214 215 403c6d-403c7e GetDlgItem 213->215 214->209 221 403c80-403c97 SendMessageA IsWindowEnabled 215->221 222 403c9d-403ca0 215->222 216->209 218->201 224 404058-404061 ShowWindow 218->224 219->210 220->219 225 403e1b-403e68 call 406032 call 40409e * 3 GetDlgItem 220->225 221->201 221->222 226 403ca2-403ca3 222->226 227 403ca5-403ca8 222->227 224->201 253 403e72-403eae ShowWindow KiUserCallbackDispatcher call 4040c0 EnableWindow 225->253 254 403e6a-403e6f 225->254 230 403cd3-403cd8 call 404077 226->230 231 403cb6-403cbb 227->231 232 403caa-403cb0 227->232 230->214 235 403cf1-403d04 SendMessageA 231->235 237 403cbd-403cc3 231->237 232->235 236 403cb2-403cb4 232->236 235->214 236->230 241 403cc5-403ccb call 40140b 237->241 242 403cda-403ce3 call 40140b 237->242 251 403cd1 241->251 242->214 250 403ce5-403cef 242->250 250->251 251->230 257 403eb0-403eb1 253->257 258 403eb3 253->258 254->253 259 403eb5-403ee3 GetSystemMenu EnableMenuItem SendMessageA 257->259 258->259 260 403ee5-403ef6 SendMessageA 259->260 261 403ef8 259->261 262 403efe-403f38 call 4040d3 call 403bab call 406010 lstrlenA call 406032 SetWindowTextA call 401389 260->262 261->262 262->202 273 403f3e-403f40 262->273 273->202 274 403f46-403f4a 273->274 275 403f69-403f7d DestroyWindow 274->275 276 403f4c-403f52 274->276 275->210 277 403f83-403fb0 CreateDialogParamA 275->277 276->201 278 403f58-403f5e 276->278 277->210 279 403fb6-40400d call 40409e GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 277->279 278->202 280 403f64 278->280 279->201 285 40400f-404022 ShowWindow call 4040ea 279->285 280->201 287 404027 285->287 287->210
                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                			E00403BCA(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t68;
				struct HWND__* _t74;
				signed int _t87;
				struct HWND__* _t92;
				signed int _t100;
				int _t104;
				signed int _t116;
				signed int _t117;
				int _t118;
				signed int _t123;
				struct HWND__* _t126;
				struct HWND__* _t127;
				int _t128;
				long _t131;
				int _t133;
				int _t134;
				void* _t135;
				void* _t142;
				void* _t143;

				_t116 = _a8;
				if(_t116 == 0x110 || _t116 == 0x408) {
					_t35 = _a12;
					_t126 = _a4;
					__eflags = _t116 - 0x110;
					 *0x42a858 = _t35;
					if(_t116 == 0x110) {
						 *0x42f408 = _t126;
						 *0x42a86c = GetDlgItem(_t126, 1);
						_t92 = GetDlgItem(_t126, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x429838 = _t92;
						E0040409E(_t126);
						SetClassLongA(_t126, 0xfffffff2,  *0x42ebe8); // executed
						 *0x42ebcc = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42a858 = 1;
					}
					_t123 =  *0x40a1dc; // 0x3
					_t134 = 0;
					_t131 = (_t123 << 6) +  *0x42f440;
					__eflags = _t123;
					if(_t123 < 0) {
						L34:
						E004040EA(0x40b);
						while(1) {
							_t37 =  *0x42a858; // 0x1
							 *0x40a1dc =  *0x40a1dc + _t37;
							_t131 = _t131 + (_t37 << 6);
							_t39 =  *0x40a1dc; // 0x3
							__eflags = _t39 -  *0x42f444;
							if(_t39 ==  *0x42f444) {
								E0040140B(1);
							}
							__eflags =  *0x42ebcc - _t134; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x40a1dc -  *0x42f444; // 0x3
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t131 + 0x14);
							E00406032(_t117, _t126, _t131, 0x437800,  *((intOrPtr*)(_t131 + 0x24)));
							_push( *((intOrPtr*)(_t131 + 0x20)));
							_push(0xfffffc19);
							E0040409E(_t126);
							_push( *((intOrPtr*)(_t131 + 0x1c)));
							_push(0xfffffc1b);
							E0040409E(_t126);
							_push( *((intOrPtr*)(_t131 + 0x28)));
							_push(0xfffffc1a);
							E0040409E(_t126);
							_t49 = GetDlgItem(_t126, 3);
							__eflags =  *0x42f4ac - _t134;
							_v32 = _t49;
							if( *0x42f4ac != _t134) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t49, _t117 & 0x00000008); // executed
							EnableWindow( *(_t135 + 0x30), _t117 & 0x00000100); // executed
							E004040C0(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x429838, _t118);
							__eflags = _t118 - _t134;
							if(_t118 == _t134) {
								_push(1);
							} else {
								_push(_t134);
							}
							EnableMenuItem(GetSystemMenu(_t126, _t134), 0xf060, ??);
							SendMessageA( *(_t135 + 0x38), 0xf4, _t134, 1);
							__eflags =  *0x42f4ac - _t134;
							if( *0x42f4ac == _t134) {
								_push( *0x42a86c);
							} else {
								SendMessageA(_t126, 0x401, 2, _t134);
								_push( *0x429838);
							}
							E004040D3();
							E00406010(0x42a870, E00403BAB());
							E00406032(0x42a870, _t126, _t131,  &(0x42a870[lstrlenA(0x42a870)]),  *((intOrPtr*)(_t131 + 0x18)));
							SetWindowTextA(_t126, 0x42a870); // executed
							_push(_t134);
							_t68 = E00401389( *((intOrPtr*)(_t131 + 8)));
							__eflags = _t68;
							if(_t68 != 0) {
								continue;
							} else {
								__eflags =  *_t131 - _t134;
								if( *_t131 == _t134) {
									continue;
								}
								__eflags =  *(_t131 + 4) - 5;
								if( *(_t131 + 4) != 5) {
									DestroyWindow( *0x42ebd8); // executed
									 *0x42a048 = _t131;
									__eflags =  *_t131 - _t134;
									if( *_t131 <= _t134) {
										goto L58;
									}
									_t74 = CreateDialogParamA( *0x42f400,  *_t131 +  *0x42ebe0 & 0x0000ffff, _t126,  *(0x40a1e0 +  *(_t131 + 4) * 4), _t131); // executed
									__eflags = _t74 - _t134;
									 *0x42ebd8 = _t74;
									if(_t74 == _t134) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t131 + 0x2c)));
									_push(6);
									E0040409E(_t74);
									GetWindowRect(GetDlgItem(_t126, 0x3fa), _t135 + 0x10);
									ScreenToClient(_t126, _t135 + 0x10);
									SetWindowPos( *0x42ebd8, _t134,  *(_t135 + 0x20),  *(_t135 + 0x20), _t134, _t134, 0x15);
									_push(_t134);
									E00401389( *((intOrPtr*)(_t131 + 0xc)));
									__eflags =  *0x42ebcc - _t134; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x42ebd8, 8); // executed
									E004040EA(0x405);
									goto L58;
								}
								__eflags =  *0x42f4ac - _t134;
								if( *0x42f4ac != _t134) {
									goto L61;
								}
								__eflags =  *0x42f4a0 - _t134;
								if( *0x42f4a0 != _t134) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x42ebd8); // executed
						 *0x42f408 = _t134;
						EndDialog(_t126,  *0x429c40);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t131 - _t134;
							if( *_t131 == _t134) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t87 = E00401389( *((intOrPtr*)(_t131 + 0x10)));
						__eflags = _t87;
						if(_t87 == 0) {
							goto L33;
						}
						SendMessageA( *0x42ebd8, 0x40f, 0, 1);
						__eflags =  *0x42ebcc - _t134; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t126 = _a4;
					_t134 = 0;
					if(_t116 == 0x47) {
						SetWindowPos( *0x42a850, _t126, 0, 0, 0, 0, 0x13);
					}
					if(_t116 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x42a850,  ~(_a12 - 1) & _t116);
					}
					if(_t116 != 0x40d) {
						__eflags = _t116 - 0x11;
						if(_t116 != 0x11) {
							__eflags = _t116 - 0x111;
							if(_t116 != 0x111) {
								L26:
								return E00404105(_t116, _a12, _a16);
							}
							_t133 = _a12 & 0x0000ffff;
							_t127 = GetDlgItem(_t126, _t133);
							__eflags = _t127 - _t134;
							if(_t127 == _t134) {
								L13:
								__eflags = _t133 - 1;
								if(_t133 != 1) {
									__eflags = _t133 - 3;
									if(_t133 != 3) {
										_t128 = 2;
										__eflags = _t133 - _t128;
										if(_t133 != _t128) {
											L25:
											SendMessageA( *0x42ebd8, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42f4ac - _t134;
										if( *0x42f4ac == _t134) {
											_t100 = E0040140B(3);
											__eflags = _t100;
											if(_t100 != 0) {
												goto L26;
											}
											 *0x429c40 = 1;
											L21:
											_push(0x78);
											L22:
											E00404077();
											goto L26;
										}
										E0040140B(_t128);
										 *0x429c40 = _t128;
										goto L21;
									}
									__eflags =  *0x40a1dc - _t134; // 0x3
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t133);
								goto L22;
							}
							SendMessageA(_t127, 0xf3, _t134, _t134);
							_t104 = IsWindowEnabled(_t127);
							__eflags = _t104;
							if(_t104 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t126, _t134, _t134);
						return 1;
					} else {
						DestroyWindow( *0x42ebd8); // executed
						 *0x42ebd8 = _a12;
						L58:
						_t142 =  *0x42b870 - _t134; // 0x1
						if(_t142 == 0) {
							_t143 =  *0x42ebd8 - _t134; // 0x60462
							if(_t143 != 0) {
								ShowWindow(_t126, 0xa); // executed
								 *0x42b870 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}
































                                                                                                                                                0x00403bd3
                                                                                                                                                0x00403bdc
                                                                                                                                                0x00403d1d
                                                                                                                                                0x00403d21
                                                                                                                                                0x00403d25
                                                                                                                                                0x00403d27
                                                                                                                                                0x00403d2c
                                                                                                                                                0x00403d37
                                                                                                                                                0x00403d42
                                                                                                                                                0x00403d47
                                                                                                                                                0x00403d49
                                                                                                                                                0x00403d4b
                                                                                                                                                0x00403d4e
                                                                                                                                                0x00403d53
                                                                                                                                                0x00403d61
                                                                                                                                                0x00403d6e
                                                                                                                                                0x00403d75
                                                                                                                                                0x00403d75
                                                                                                                                                0x00403d76
                                                                                                                                                0x00403d76
                                                                                                                                                0x00403d7b
                                                                                                                                                0x00403d81
                                                                                                                                                0x00403d88
                                                                                                                                                0x00403d8e
                                                                                                                                                0x00403d90
                                                                                                                                                0x00403dd0
                                                                                                                                                0x00403dd5
                                                                                                                                                0x00403dda
                                                                                                                                                0x00403dda
                                                                                                                                                0x00403ddf
                                                                                                                                                0x00403de8
                                                                                                                                                0x00403dea
                                                                                                                                                0x00403def
                                                                                                                                                0x00403df5
                                                                                                                                                0x00403df9
                                                                                                                                                0x00403df9
                                                                                                                                                0x00403dfe
                                                                                                                                                0x00403e04
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403e0f
                                                                                                                                                0x00403e15
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403e1e
                                                                                                                                                0x00403e26
                                                                                                                                                0x00403e2b
                                                                                                                                                0x00403e2e
                                                                                                                                                0x00403e34
                                                                                                                                                0x00403e39
                                                                                                                                                0x00403e3c
                                                                                                                                                0x00403e42
                                                                                                                                                0x00403e47
                                                                                                                                                0x00403e4a
                                                                                                                                                0x00403e50
                                                                                                                                                0x00403e58
                                                                                                                                                0x00403e5e
                                                                                                                                                0x00403e64
                                                                                                                                                0x00403e68
                                                                                                                                                0x00403e6f
                                                                                                                                                0x00403e6f
                                                                                                                                                0x00403e6f
                                                                                                                                                0x00403e79
                                                                                                                                                0x00403e8b
                                                                                                                                                0x00403e97
                                                                                                                                                0x00403e9c
                                                                                                                                                0x00403ea6
                                                                                                                                                0x00403eac
                                                                                                                                                0x00403eae
                                                                                                                                                0x00403eb3
                                                                                                                                                0x00403eb0
                                                                                                                                                0x00403eb0
                                                                                                                                                0x00403eb0
                                                                                                                                                0x00403ec3
                                                                                                                                                0x00403edb
                                                                                                                                                0x00403edd
                                                                                                                                                0x00403ee3
                                                                                                                                                0x00403ef8
                                                                                                                                                0x00403ee5
                                                                                                                                                0x00403eee
                                                                                                                                                0x00403ef0
                                                                                                                                                0x00403ef0
                                                                                                                                                0x00403efe
                                                                                                                                                0x00403f0f
                                                                                                                                                0x00403f20
                                                                                                                                                0x00403f27
                                                                                                                                                0x00403f2d
                                                                                                                                                0x00403f31
                                                                                                                                                0x00403f36
                                                                                                                                                0x00403f38
                                                                                                                                                0x00000000
                                                                                                                                                0x00403f3e
                                                                                                                                                0x00403f3e
                                                                                                                                                0x00403f40
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403f46
                                                                                                                                                0x00403f4a
                                                                                                                                                0x00403f6f
                                                                                                                                                0x00403f75
                                                                                                                                                0x00403f7b
                                                                                                                                                0x00403f7d
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403fa3
                                                                                                                                                0x00403fa9
                                                                                                                                                0x00403fab
                                                                                                                                                0x00403fb0
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403fb6
                                                                                                                                                0x00403fb9
                                                                                                                                                0x00403fbc
                                                                                                                                                0x00403fd3
                                                                                                                                                0x00403fdf
                                                                                                                                                0x00403ff8
                                                                                                                                                0x00403ffe
                                                                                                                                                0x00404002
                                                                                                                                                0x00404007
                                                                                                                                                0x0040400d
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00404017
                                                                                                                                                0x00404022
                                                                                                                                                0x00000000
                                                                                                                                                0x00404022
                                                                                                                                                0x00403f4c
                                                                                                                                                0x00403f52
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403f58
                                                                                                                                                0x00403f5e
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403f64
                                                                                                                                                0x00403f38
                                                                                                                                                0x0040402f
                                                                                                                                                0x0040403b
                                                                                                                                                0x00404042
                                                                                                                                                0x00000000
                                                                                                                                                0x00403d92
                                                                                                                                                0x00403d92
                                                                                                                                                0x00403d95
                                                                                                                                                0x00403dc8
                                                                                                                                                0x00403dc8
                                                                                                                                                0x00403dca
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403dca
                                                                                                                                                0x00403d97
                                                                                                                                                0x00403d9b
                                                                                                                                                0x00403da0
                                                                                                                                                0x00403da2
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403db2
                                                                                                                                                0x00403dba
                                                                                                                                                0x00000000
                                                                                                                                                0x00403dc0
                                                                                                                                                0x00403bee
                                                                                                                                                0x00403bee
                                                                                                                                                0x00403bf2
                                                                                                                                                0x00403bf7
                                                                                                                                                0x00403c06
                                                                                                                                                0x00403c06
                                                                                                                                                0x00403c0f
                                                                                                                                                0x00403c18
                                                                                                                                                0x00403c23
                                                                                                                                                0x00403c23
                                                                                                                                                0x00403c2f
                                                                                                                                                0x00403c4b
                                                                                                                                                0x00403c4e
                                                                                                                                                0x00403c61
                                                                                                                                                0x00403c67
                                                                                                                                                0x00403d0a
                                                                                                                                                0x00000000
                                                                                                                                                0x00403d13
                                                                                                                                                0x00403c6d
                                                                                                                                                0x00403c7a
                                                                                                                                                0x00403c7c
                                                                                                                                                0x00403c7e
                                                                                                                                                0x00403c9d
                                                                                                                                                0x00403c9d
                                                                                                                                                0x00403ca0
                                                                                                                                                0x00403ca5
                                                                                                                                                0x00403ca8
                                                                                                                                                0x00403cb8
                                                                                                                                                0x00403cb9
                                                                                                                                                0x00403cbb
                                                                                                                                                0x00403cf1
                                                                                                                                                0x00403d04
                                                                                                                                                0x00000000
                                                                                                                                                0x00403d04
                                                                                                                                                0x00403cbd
                                                                                                                                                0x00403cc3
                                                                                                                                                0x00403cdc
                                                                                                                                                0x00403ce1
                                                                                                                                                0x00403ce3
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403ce5
                                                                                                                                                0x00403cd1
                                                                                                                                                0x00403cd1
                                                                                                                                                0x00403cd3
                                                                                                                                                0x00403cd3
                                                                                                                                                0x00000000
                                                                                                                                                0x00403cd3
                                                                                                                                                0x00403cc6
                                                                                                                                                0x00403ccb
                                                                                                                                                0x00000000
                                                                                                                                                0x00403ccb
                                                                                                                                                0x00403caa
                                                                                                                                                0x00403cb0
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403cb2
                                                                                                                                                0x00000000
                                                                                                                                                0x00403cb2
                                                                                                                                                0x00403ca2
                                                                                                                                                0x00000000
                                                                                                                                                0x00403ca2
                                                                                                                                                0x00403c88
                                                                                                                                                0x00403c8f
                                                                                                                                                0x00403c95
                                                                                                                                                0x00403c97
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403c97
                                                                                                                                                0x00403c53
                                                                                                                                                0x00000000
                                                                                                                                                0x00403c31
                                                                                                                                                0x00403c37
                                                                                                                                                0x00403c41
                                                                                                                                                0x00404048
                                                                                                                                                0x00404048
                                                                                                                                                0x0040404e
                                                                                                                                                0x00404050
                                                                                                                                                0x00404056
                                                                                                                                                0x0040405b
                                                                                                                                                0x00404061
                                                                                                                                                0x00404061
                                                                                                                                                0x00404056
                                                                                                                                                0x0040406b
                                                                                                                                                0x00000000
                                                                                                                                                0x0040406b
                                                                                                                                                0x00403c2f

                                                                                                                                                APIs
                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403C06
                                                                                                                                                • ShowWindow.USER32(?), ref: 00403C23
                                                                                                                                                • DestroyWindow.USER32 ref: 00403C37
                                                                                                                                                • SetWindowLongA.USER32 ref: 00403C53
                                                                                                                                                • GetDlgItem.USER32 ref: 00403C74
                                                                                                                                                • SendMessageA.USER32 ref: 00403C88
                                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 00403C8F
                                                                                                                                                • GetDlgItem.USER32 ref: 00403D3D
                                                                                                                                                • GetDlgItem.USER32 ref: 00403D47
                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403D61
                                                                                                                                                • SendMessageA.USER32 ref: 00403DB2
                                                                                                                                                • GetDlgItem.USER32 ref: 00403E58
                                                                                                                                                • ShowWindow.USER32(00000000,?), ref: 00403E79
                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403E8B
                                                                                                                                                • EnableWindow.USER32(?,?), ref: 00403EA6
                                                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403EBC
                                                                                                                                                • EnableMenuItem.USER32 ref: 00403EC3
                                                                                                                                                • SendMessageA.USER32 ref: 00403EDB
                                                                                                                                                • SendMessageA.USER32 ref: 00403EEE
                                                                                                                                                • lstrlenA.KERNEL32(Wildix Integration Service v3.9.1 Setup ,?,Wildix Integration Service v3.9.1 Setup ,00000000), ref: 00403F18
                                                                                                                                                • SetWindowTextA.USER32(?,Wildix Integration Service v3.9.1 Setup ), ref: 00403F27
                                                                                                                                                • ShowWindow.USER32(?,0000000A), ref: 0040405B
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Window$Item$MessageSend$Show$CallbackDispatcherEnableMenuUser$DestroyEnabledLongSystemTextlstrlen
                                                                                                                                                • String ID: Wildix Integration Service v3.9.1 Setup
                                                                                                                                                • API String ID: 3906175533-3622325919
                                                                                                                                                • Opcode ID: b15f355d17dc14ce4c7f2bc3d808206df18ec66d4c44c4a384c9a02bab5dc5a4
                                                                                                                                                • Instruction ID: 8391a727dd330e9af47019fb45b898bbd0b6ec160f5193fdc8e4d7e88c7c5567
                                                                                                                                                • Opcode Fuzzy Hash: b15f355d17dc14ce4c7f2bc3d808206df18ec66d4c44c4a384c9a02bab5dc5a4
                                                                                                                                                • Instruction Fuzzy Hash: 39C1B171600704AFDB20AF62EE45E2B3AA9FB95706F40043EF642B51E1CB799852DB1D
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0040382D Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 288 40382d-403845 call 4063a8 291 403847-403857 call 405f6e 288->291 292 403859-40388a call 405ef7 288->292 301 4038ad-4038d6 call 403af2 call 405a96 291->301 297 4038a2-4038a8 lstrcatA 292->297 298 40388c-40389d call 405ef7 292->298 297->301 298->297 306 4038dc-4038e1 301->306 307 40395d-403965 call 405a96 301->307 306->307 308 4038e3-4038fb call 405ef7 306->308 313 403973-403998 LoadImageA 307->313 314 403967-40396e call 406032 307->314 312 403900-403907 308->312 312->307 315 403909-40390b 312->315 317 403a19-403a21 call 40140b 313->317 318 40399a-4039ca RegisterClassA 313->318 314->313 319 40391c-403928 lstrlenA 315->319 320 40390d-40391a call 4059d3 315->320 331 403a23-403a26 317->331 332 403a2b-403a36 call 403af2 317->332 321 4039d0-403a14 SystemParametersInfoA CreateWindowExA 318->321 322 403ae8 318->322 326 403950-403958 call 4059a8 call 406010 319->326 327 40392a-403938 lstrcmpiA 319->327 320->319 321->317 325 403aea-403af1 322->325 326->307 327->326 330 40393a-403944 GetFileAttributesA 327->330 334 403946-403948 330->334 335 40394a-40394b call 4059ef 330->335 331->325 341 403a3c-403a56 ShowWindow call 40633a 332->341 342 403abf-403ac0 call 405209 332->342 334->326 334->335 335->326 347 403a62-403a74 GetClassInfoA 341->347 348 403a58-403a5d call 40633a 341->348 346 403ac5-403ac7 342->346 349 403ae1-403ae3 call 40140b 346->349 350 403ac9-403acf 346->350 354 403a76-403a86 GetClassInfoA RegisterClassA 347->354 355 403a8c-403aaf DialogBoxParamA call 40140b 347->355 348->347 349->322 350->331 351 403ad5-403adc call 40140b 350->351 351->331 354->355 359 403ab4-403abd call 40377d 355->359 359->325
                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                			E0040382D(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				int _t34;
				int _t35;
				intOrPtr _t36;
				int _t39;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t81;

				_t76 =  *0x42f414;
				_t17 = E004063A8(2);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x42a870;
					"1033" = 0x30;
					 *0x436001 = 0x78;
					 *0x436002 = 0;
					E00405EF7(_t71, __eflags, 0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x42a870, 0);
					__eflags =  *0x42a870; // 0x57
					if(__eflags == 0) {
						E00405EF7(_t71, __eflags, 0x80000003, ".DEFAULT\\Control Panel\\International",  &M00408362, 0x42a870, 0);
					}
					lstrcatA("1033", _t74);
				} else {
					E00405F6E("1033",  *_t17() & 0x0000ffff);
				}
				E00403AF2(_t71, _t84);
				_t80 = "C:\\Program Files\\Wildix\\WIService";
				 *0x42f4a0 =  *0x42f41c & 0x00000020;
				 *0x42f4bc = 0x10000;
				if(E00405A96(_t84, "C:\\Program Files\\Wildix\\WIService") != 0) {
					L16:
					if(E00405A96(_t92, _t80) == 0) {
						E00406032(0, _t74, _t76, _t80,  *((intOrPtr*)(_t76 + 0x118))); // executed
					}
					_t25 = LoadImageA( *0x42f400, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x42ebe8 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403AF2(_t71, __eflags);
							__eflags =  *0x42f4c0;
							if( *0x42f4c0 != 0) {
								_t28 = E00405209(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42ebcc; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42a850, 5); // executed
							_t34 = E0040633A("RichEd20"); // executed
							__eflags = _t34;
							if(_t34 == 0) {
								E0040633A("RichEd32");
							}
							_t81 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t81, 0x42eba0);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x42eba0);
								 *0x42ebc4 = _t81;
								RegisterClassA(0x42eba0);
							}
							_t36 =  *0x42ebe0; // 0x0
							_t39 = DialogBoxParamA( *0x42f400, _t36 + 0x00000069 & 0x0000ffff, 0, E00403BCA, 0); // executed
							E0040377D(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x42f400;
						 *0x42eba4 = E00401000;
						 *0x42ebb0 =  *0x42f400;
						 *0x42ebb4 = _t25;
						 *0x42ebc4 = 0x40a1f4;
						if(RegisterClassA(0x42eba0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x42a850 = CreateWindowExA(0x80, 0x40a1f4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42f400, 0);
						goto L21;
					}
				} else {
					_t71 =  *(_t76 + 0x48);
					_t86 = _t71;
					if(_t71 == 0) {
						goto L16;
					}
					_t74 = 0x42e3a0;
					E00405EF7(_t71, _t86,  *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) +  *0x42f458, 0x42e3a0, 0);
					_t57 =  *0x42e3a0; // 0x52
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x42e3a1;
						 *((char*)(E004059D3(0x42e3a1, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E00406010(_t80, E004059A8(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E004059EF(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                                                                                                0x00403833
                                                                                                                                                0x0040383c
                                                                                                                                                0x00403843
                                                                                                                                                0x00403845
                                                                                                                                                0x00403859
                                                                                                                                                0x0040386b
                                                                                                                                                0x00403872
                                                                                                                                                0x00403879
                                                                                                                                                0x0040387f
                                                                                                                                                0x00403884
                                                                                                                                                0x0040388a
                                                                                                                                                0x0040389d
                                                                                                                                                0x0040389d
                                                                                                                                                0x004038a8
                                                                                                                                                0x00403847
                                                                                                                                                0x00403852
                                                                                                                                                0x00403852
                                                                                                                                                0x004038ad
                                                                                                                                                0x004038b7
                                                                                                                                                0x004038c0
                                                                                                                                                0x004038c5
                                                                                                                                                0x004038d6
                                                                                                                                                0x0040395d
                                                                                                                                                0x00403965
                                                                                                                                                0x0040396e
                                                                                                                                                0x0040396e
                                                                                                                                                0x00403984
                                                                                                                                                0x0040398a
                                                                                                                                                0x00403998
                                                                                                                                                0x00403a19
                                                                                                                                                0x00403a21
                                                                                                                                                0x00403a2b
                                                                                                                                                0x00403a30
                                                                                                                                                0x00403a36
                                                                                                                                                0x00403ac0
                                                                                                                                                0x00403ac5
                                                                                                                                                0x00403ac7
                                                                                                                                                0x00403ae3
                                                                                                                                                0x00000000
                                                                                                                                                0x00403ae3
                                                                                                                                                0x00403ac9
                                                                                                                                                0x00403acf
                                                                                                                                                0x00403ad7
                                                                                                                                                0x00403ad7
                                                                                                                                                0x00000000
                                                                                                                                                0x00403acf
                                                                                                                                                0x00403a44
                                                                                                                                                0x00403a4f
                                                                                                                                                0x00403a54
                                                                                                                                                0x00403a56
                                                                                                                                                0x00403a5d
                                                                                                                                                0x00403a5d
                                                                                                                                                0x00403a68
                                                                                                                                                0x00403a70
                                                                                                                                                0x00403a72
                                                                                                                                                0x00403a74
                                                                                                                                                0x00403a7d
                                                                                                                                                0x00403a80
                                                                                                                                                0x00403a86
                                                                                                                                                0x00403a86
                                                                                                                                                0x00403a8c
                                                                                                                                                0x00403aa5
                                                                                                                                                0x00403ab6
                                                                                                                                                0x00000000
                                                                                                                                                0x00403abb
                                                                                                                                                0x00403a23
                                                                                                                                                0x00403a25
                                                                                                                                                0x00000000
                                                                                                                                                0x0040399a
                                                                                                                                                0x0040399a
                                                                                                                                                0x004039a6
                                                                                                                                                0x004039b0
                                                                                                                                                0x004039b6
                                                                                                                                                0x004039bb
                                                                                                                                                0x004039ca
                                                                                                                                                0x00403ae8
                                                                                                                                                0x00403ae8
                                                                                                                                                0x00000000
                                                                                                                                                0x00403ae8
                                                                                                                                                0x004039d9
                                                                                                                                                0x00403a14
                                                                                                                                                0x00000000
                                                                                                                                                0x00403a14
                                                                                                                                                0x004038dc
                                                                                                                                                0x004038dc
                                                                                                                                                0x004038df
                                                                                                                                                0x004038e1
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004038eb
                                                                                                                                                0x004038fb
                                                                                                                                                0x00403900
                                                                                                                                                0x00403907
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040390b
                                                                                                                                                0x0040390d
                                                                                                                                                0x0040391a
                                                                                                                                                0x0040391a
                                                                                                                                                0x00403922
                                                                                                                                                0x00403928
                                                                                                                                                0x00403950
                                                                                                                                                0x00403958
                                                                                                                                                0x00000000
                                                                                                                                                0x0040393a
                                                                                                                                                0x0040393b
                                                                                                                                                0x00403944
                                                                                                                                                0x0040394a
                                                                                                                                                0x0040394b
                                                                                                                                                0x00000000
                                                                                                                                                0x0040394b
                                                                                                                                                0x00403946
                                                                                                                                                0x00403948
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403948
                                                                                                                                                0x00403928

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 004063A8: GetModuleHandleA.KERNEL32(?,?,?,004032DE,0000000A), ref: 004063BA
                                                                                                                                                  • Part of subcall function 004063A8: GetProcAddress.KERNEL32(00000000,?), ref: 004063D5
                                                                                                                                                • lstrcatA.KERNEL32(1033,Wildix Integration Service v3.9.1 Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix Integration Service v3.9.1 Setup ,00000000,00000002,74D0FA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SetupWIService.exe" ,00000000), ref: 004038A8
                                                                                                                                                • lstrlenA.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Wildix\WIService,1033,Wildix Integration Service v3.9.1 Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix Integration Service v3.9.1 Setup ,00000000,00000002,74D0FA90), ref: 0040391D
                                                                                                                                                • lstrcmpiA.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Wildix\WIService,1033,Wildix Integration Service v3.9.1 Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wildix Integration Service v3.9.1 Setup ,00000000), ref: 00403930
                                                                                                                                                • GetFileAttributesA.KERNEL32(Remove folder: ), ref: 0040393B
                                                                                                                                                • LoadImageA.USER32 ref: 00403984
                                                                                                                                                  • Part of subcall function 00405F6E: wsprintfA.USER32 ref: 00405F7B
                                                                                                                                                • RegisterClassA.USER32 ref: 004039C1
                                                                                                                                                • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 004039D9
                                                                                                                                                • CreateWindowExA.USER32 ref: 00403A0E
                                                                                                                                                • ShowWindow.USER32(00000005,00000000), ref: 00403A44
                                                                                                                                                • GetClassInfoA.USER32 ref: 00403A70
                                                                                                                                                • GetClassInfoA.USER32 ref: 00403A7D
                                                                                                                                                • RegisterClassA.USER32 ref: 00403A86
                                                                                                                                                • DialogBoxParamA.USER32 ref: 00403AA5
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                • String ID: "C:\Users\user\Desktop\SetupWIService.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Program Files\Wildix\WIService$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20A$Wildix Integration Service v3.9.1 Setup $_Nb
                                                                                                                                                • API String ID: 1975747703-502971512
                                                                                                                                                • Opcode ID: a50630a359805aff0abdc39066e680e2e88b9e06dff5b5a4c9735aa8f616403e
                                                                                                                                                • Instruction ID: 5bdd09b32da2b5bd11ad56600dd1adb443959310d265eb20ccced3f07ac4f103
                                                                                                                                                • Opcode Fuzzy Hash: a50630a359805aff0abdc39066e680e2e88b9e06dff5b5a4c9735aa8f616403e
                                                                                                                                                • Instruction Fuzzy Hash: B461C770340201AED620BB669D45F2B3E6CEB54749F80447FF981B22E2CB7D9D469B2D
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00402DC4 Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 181memoryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 362 402dc4-402e12 GetTickCount GetModuleFileNameA call 405ba9 365 402e14-402e19 362->365 366 402e1e-402e4c call 406010 call 4059ef call 406010 GetFileSize 362->366 367 402ff4-402ff8 365->367 374 402e52 366->374 375 402f37-402f45 call 402d60 366->375 376 402e57-402e6e 374->376 382 402f47-402f4a 375->382 383 402f9a-402f9f 375->383 378 402e70 376->378 379 402e72-402e7b call 40320d 376->379 378->379 388 402fa1-402fa9 call 402d60 379->388 389 402e81-402e88 379->389 384 402f4c-402f64 call 403223 call 40320d 382->384 385 402f6e-402f98 GlobalAlloc call 403223 call 402ffb 382->385 383->367 384->383 408 402f66-402f6c 384->408 385->383 413 402fab-402fbc 385->413 388->383 392 402f04-402f08 389->392 393 402e8a-402e9e call 405b64 389->393 397 402f12-402f18 392->397 398 402f0a-402f11 call 402d60 392->398 393->397 411 402ea0-402ea7 393->411 404 402f27-402f2f 397->404 405 402f1a-402f24 call 40645f 397->405 398->397 404->376 412 402f35 404->412 405->404 408->383 408->385 411->397 417 402ea9-402eb0 411->417 412->375 414 402fc4-402fc9 413->414 415 402fbe 413->415 418 402fca-402fd0 414->418 415->414 417->397 419 402eb2-402eb9 417->419 418->418 420 402fd2-402fed SetFilePointer call 405b64 418->420 419->397 421 402ebb-402ec2 419->421 424 402ff2 420->424 421->397 423 402ec4-402ee4 421->423 423->383 425 402eea-402eee 423->425 424->367 426 402ef0-402ef4 425->426 427 402ef6-402efe 425->427 426->412 426->427 427->397 428 402f00-402f02 427->428 428->397
                                                                                                                                                C-Code - Quality: 80%
                                                                                                                                                			E00402DC4(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\hardz\\Desktop\\SetupWIService.exe";
				 *0x42f410 = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\hardz\\Desktop\\SetupWIService.exe", 0x400);
				_t89 = E00405BA9(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\hardz\\Desktop";
				E00406010("C:\\Users\\hardz\\Desktop", _t91);
				E00406010(0x437000, E004059EF(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x42942c = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402D60(1);
					__eflags =  *0x42f418 - _t82;
					if( *0x42f418 == _t82) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						E00403223( *0x42f418 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402FFB(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x42f414 = _t94;
							 *0x42f41c =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x42f420 =  *0x42f420 + 1;
								__eflags =  *0x42f420;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405B64(0x42f440, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E00403223( *0x41d420);
					_t65 = E0040320D( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x42f418) & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E0040320D(0x415420, _t90);
						__eflags = _t71;
						if(_t71 == 0) {
							E00402D60(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42f418;
						if( *0x42f418 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402D60(0);
							}
							goto L20;
						}
						E00405B64( &_v44, 0x415420, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x41d420; // 0xb46984
						 *0x42f4c0 =  *0x42f4c0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x42f418 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t24 = _t80 - 4; // 0x40a194
							_t93 = _t24;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x42942c; // 0xb492b8
						if(__eflags < 0) {
							_v12 = E0040645F(_v12, 0x415420, _t90);
						}
						 *0x41d420 =  *0x41d420 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 != 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}































                                                                                                                                                0x00402dcc
                                                                                                                                                0x00402dcf
                                                                                                                                                0x00402dd2
                                                                                                                                                0x00402dd5
                                                                                                                                                0x00402ddb
                                                                                                                                                0x00402dec
                                                                                                                                                0x00402df1
                                                                                                                                                0x00402e04
                                                                                                                                                0x00402e09
                                                                                                                                                0x00402e0c
                                                                                                                                                0x00402e12
                                                                                                                                                0x00000000
                                                                                                                                                0x00402e14
                                                                                                                                                0x00402e1f
                                                                                                                                                0x00402e25
                                                                                                                                                0x00402e36
                                                                                                                                                0x00402e3d
                                                                                                                                                0x00402e43
                                                                                                                                                0x00402e45
                                                                                                                                                0x00402e4a
                                                                                                                                                0x00402e4c
                                                                                                                                                0x00402f37
                                                                                                                                                0x00402f39
                                                                                                                                                0x00402f3e
                                                                                                                                                0x00402f45
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00402f47
                                                                                                                                                0x00402f4a
                                                                                                                                                0x00402f6e
                                                                                                                                                0x00402f73
                                                                                                                                                0x00402f79
                                                                                                                                                0x00402f84
                                                                                                                                                0x00402f89
                                                                                                                                                0x00402f8c
                                                                                                                                                0x00402f8d
                                                                                                                                                0x00402f8e
                                                                                                                                                0x00402f90
                                                                                                                                                0x00402f95
                                                                                                                                                0x00402f98
                                                                                                                                                0x00402fab
                                                                                                                                                0x00402faf
                                                                                                                                                0x00402fb7
                                                                                                                                                0x00402fbc
                                                                                                                                                0x00402fbe
                                                                                                                                                0x00402fbe
                                                                                                                                                0x00402fbe
                                                                                                                                                0x00402fc6
                                                                                                                                                0x00402fc6
                                                                                                                                                0x00402fc9
                                                                                                                                                0x00402fca
                                                                                                                                                0x00402fca
                                                                                                                                                0x00402fcd
                                                                                                                                                0x00402fcf
                                                                                                                                                0x00402fcf
                                                                                                                                                0x00402fcf
                                                                                                                                                0x00402fd9
                                                                                                                                                0x00402fdf
                                                                                                                                                0x00402fed
                                                                                                                                                0x00402ff2
                                                                                                                                                0x00000000
                                                                                                                                                0x00402ff2
                                                                                                                                                0x00000000
                                                                                                                                                0x00402f98
                                                                                                                                                0x00402f52
                                                                                                                                                0x00402f5d
                                                                                                                                                0x00402f62
                                                                                                                                                0x00402f64
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00402f69
                                                                                                                                                0x00402f6c
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00402e52
                                                                                                                                                0x00402e57
                                                                                                                                                0x00402e5c
                                                                                                                                                0x00402e60
                                                                                                                                                0x00402e67
                                                                                                                                                0x00402e6c
                                                                                                                                                0x00402e6e
                                                                                                                                                0x00402e70
                                                                                                                                                0x00402e70
                                                                                                                                                0x00402e74
                                                                                                                                                0x00402e79
                                                                                                                                                0x00402e7b
                                                                                                                                                0x00402fa3
                                                                                                                                                0x00402f9a
                                                                                                                                                0x00000000
                                                                                                                                                0x00402f9a
                                                                                                                                                0x00402e81
                                                                                                                                                0x00402e88
                                                                                                                                                0x00402f04
                                                                                                                                                0x00402f08
                                                                                                                                                0x00402f0c
                                                                                                                                                0x00402f11
                                                                                                                                                0x00000000
                                                                                                                                                0x00402f08
                                                                                                                                                0x00402e91
                                                                                                                                                0x00402e96
                                                                                                                                                0x00402e99
                                                                                                                                                0x00402e9e
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00402ea0
                                                                                                                                                0x00402ea7
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00402ea9
                                                                                                                                                0x00402eb0
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00402eb2
                                                                                                                                                0x00402eb9
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00402ebb
                                                                                                                                                0x00402ec2
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00402ec4
                                                                                                                                                0x00402eca
                                                                                                                                                0x00402ed3
                                                                                                                                                0x00402ed9
                                                                                                                                                0x00402edc
                                                                                                                                                0x00402ede
                                                                                                                                                0x00402ee4
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00402eea
                                                                                                                                                0x00402eee
                                                                                                                                                0x00402ef6
                                                                                                                                                0x00402ef6
                                                                                                                                                0x00402ef9
                                                                                                                                                0x00402ef9
                                                                                                                                                0x00402efc
                                                                                                                                                0x00402efe
                                                                                                                                                0x00402f00
                                                                                                                                                0x00402f00
                                                                                                                                                0x00000000
                                                                                                                                                0x00402efe
                                                                                                                                                0x00402ef0
                                                                                                                                                0x00402ef4
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00402f12
                                                                                                                                                0x00402f12
                                                                                                                                                0x00402f18
                                                                                                                                                0x00402f24
                                                                                                                                                0x00402f24
                                                                                                                                                0x00402f27
                                                                                                                                                0x00402f2d
                                                                                                                                                0x00402f2d
                                                                                                                                                0x00402f2d
                                                                                                                                                0x00402f35
                                                                                                                                                0x00402f35
                                                                                                                                                0x00000000
                                                                                                                                                0x00402f35

                                                                                                                                                APIs
                                                                                                                                                • GetTickCount.KERNEL32 ref: 00402DD5
                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\SetupWIService.exe,00000400), ref: 00402DF1
                                                                                                                                                  • Part of subcall function 00405BA9: GetFileAttributesA.KERNELBASE(00000003,00402E04,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405BAD
                                                                                                                                                  • Part of subcall function 00405BA9: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BCF
                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00437000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SetupWIService.exe,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00402E3D
                                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,00000020), ref: 00402F73
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                • String ID: TA$"C:\Users\user\Desktop\SetupWIService.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SetupWIService.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                                                • API String ID: 2803837635-1541171800
                                                                                                                                                • Opcode ID: b8bf6995fdbf6cf9fbdffbfeb4437aa50baa07d177a1321405f5fa24d1fefee4
                                                                                                                                                • Instruction ID: 027006cf2d98db9fa9c400e5027e86f3261d974ae097fd254c994c4dc937b6e6
                                                                                                                                                • Opcode Fuzzy Hash: b8bf6995fdbf6cf9fbdffbfeb4437aa50baa07d177a1321405f5fa24d1fefee4
                                                                                                                                                • Instruction Fuzzy Hash: FF51E471900215ABCB20AF64DE89B9F7BB8EB14359F50403BF500B32D1C6BC9E459AAD
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00406032 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 199stringCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 429 406032-40603d 430 406050-406066 429->430 431 40603f-40604e 429->431 432 406257-40625b 430->432 433 40606c-406077 430->433 431->430 435 406261-40626b 432->435 436 406089-406093 432->436 433->432 434 40607d-406084 433->434 434->432 438 406276-406277 435->438 439 40626d-406271 call 406010 435->439 436->435 437 406099-4060a0 436->437 440 4060a6-4060da 437->440 441 40624a 437->441 439->438 443 4060e0-4060ea 440->443 444 4061f7-4061fa 440->444 445 406254-406256 441->445 446 40624c-406252 441->446 447 406104 443->447 448 4060ec-4060f0 443->448 449 40622a-40622d 444->449 450 4061fc-4061ff 444->450 445->432 446->432 456 40610b-406112 447->456 448->447 453 4060f2-4060f6 448->453 451 40623b-406248 lstrlenA 449->451 452 40622f-406236 call 406032 449->452 454 406201-40620d call 405f6e 450->454 455 40620f-40621b call 406010 450->455 451->432 452->451 453->447 461 4060f8-4060fc 453->461 465 406220-406226 454->465 455->465 457 406114-406116 456->457 458 406117-406119 456->458 457->458 463 406152-406155 458->463 464 40611b-406136 call 405ef7 458->464 461->447 466 4060fe-406102 461->466 470 406165-406168 463->470 471 406157-406163 GetSystemDirectoryA 463->471 472 40613b-40613e 464->472 465->451 469 406228 465->469 466->456 473 4061ef-4061f5 call 40627a 469->473 475 4061d5-4061d7 470->475 476 40616a-406178 GetWindowsDirectoryA 470->476 474 4061d9-4061dc 471->474 477 406144-40614d call 406032 472->477 478 4061de-4061e2 472->478 473->451 474->473 474->478 475->474 479 40617a-406184 475->479 476->475 477->474 478->473 482 4061e4-4061ea lstrcatA 478->482 484 406186-406189 479->484 485 40619e-4061b4 SHGetSpecialFolderLocation 479->485 482->473 484->485 489 40618b-406192 484->489 486 4061d2 485->486 487 4061b6-4061d0 SHGetPathFromIDListA CoTaskMemFree 485->487 486->475 487->474 487->486 490 40619a-40619c 489->490 490->474 490->485
                                                                                                                                                C-Code - Quality: 72%
                                                                                                                                                			E00406032(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				struct _ITEMIDLIST* _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t38;
				CHAR* _t39;
				signed int _t41;
				char _t52;
				char _t53;
				char _t55;
				char _t57;
				void* _t65;
				char* _t66;
				signed int _t80;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				CHAR* _t90;
				void* _t92;
				signed int _t97;
				signed int _t99;
				void* _t100;

				_t92 = __esi;
				_t89 = __edi;
				_t65 = __ebx;
				_t38 = _a8;
				if(_t38 < 0) {
					_t86 =  *0x42ebdc; // 0x737e50
					_t38 =  *(_t86 - 4 + _t38 * 4);
				}
				_push(_t65);
				_push(_t92);
				_push(_t89);
				_t66 = _t38 +  *0x42f458;
				_t39 = 0x42e3a0;
				_t90 = 0x42e3a0;
				if(_a4 >= 0x42e3a0 && _a4 - 0x42e3a0 < 0x800) {
					_t90 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t88 =  *_t66;
					if(_t88 == 0) {
						break;
					}
					__eflags = _t90 - _t39 - 0x400;
					if(_t90 - _t39 >= 0x400) {
						break;
					}
					_t66 = _t66 + 1;
					__eflags = _t88 - 4;
					_a8 = _t66;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t90 = _t88;
							_t90 =  &(_t90[1]);
							__eflags = _t90;
						} else {
							 *_t90 =  *_t66;
							_t90 =  &(_t90[1]);
							_t66 = _t66 + 1;
						}
						continue;
					}
					_t41 =  *((char*)(_t66 + 1));
					_t80 =  *_t66;
					_t97 = (_t41 & 0x0000007f) << 0x00000007 | _t80 & 0x0000007f;
					_v24 = _t80;
					_v28 = _t80 | 0x00000080;
					_v16 = _t41;
					_v20 = _t41 | 0x00000080;
					_t66 = _a8 + 2;
					__eflags = _t88 - 2;
					if(_t88 != 2) {
						__eflags = _t88 - 3;
						if(_t88 != 3) {
							__eflags = _t88 - 1;
							if(_t88 == 1) {
								__eflags = (_t41 | 0xffffffff) - _t97;
								E00406032(_t66, _t90, _t97, _t90, (_t41 | 0xffffffff) - _t97);
							}
							L42:
							_t90 =  &(_t90[lstrlenA(_t90)]);
							_t39 = 0x42e3a0;
							continue;
						}
						__eflags = _t97 - 0x1d;
						if(_t97 != 0x1d) {
							__eflags = "0x00004688" + (_t97 << 0xa);
							E00406010(_t90, "0x00004688" + (_t97 << 0xa));
						} else {
							E00405F6E(_t90,  *0x42f408);
						}
						__eflags = _t97 + 0xffffffeb - 7;
						if(_t97 + 0xffffffeb < 7) {
							L33:
							E0040627A(_t90);
						}
						goto L42;
					}
					_t52 =  *0x42f40c;
					__eflags = _t52;
					_t99 = 2;
					if(_t52 >= 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x42f4a4;
						if( *0x42f4a4 != 0) {
							_t99 = 4;
						}
						__eflags = _t80;
						if(__eflags >= 0) {
							__eflags = _t80 - 0x25;
							if(_t80 != 0x25) {
								__eflags = _t80 - 0x24;
								if(_t80 == 0x24) {
									GetWindowsDirectoryA(_t90, 0x400);
									_t99 = 0;
								}
								while(1) {
									__eflags = _t99;
									if(_t99 == 0) {
										goto L30;
									}
									_t53 =  *0x42f404;
									_t99 = _t99 - 1;
									__eflags = _t53;
									if(_t53 == 0) {
										L26:
										_t55 = SHGetSpecialFolderLocation( *0x42f408,  *(_t100 + _t99 * 4 - 0x18),  &_v8);
										__eflags = _t55;
										if(_t55 != 0) {
											L28:
											 *_t90 =  *_t90 & 0x00000000;
											__eflags =  *_t90;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v8, _t90);
										_v12 = _t55;
										__imp__CoTaskMemFree(_v8);
										__eflags = _v12;
										if(_v12 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t57 =  *_t53( *0x42f408,  *(_t100 + _t99 * 4 - 0x18), 0, 0, _t90); // executed
									__eflags = _t57;
									if(_t57 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t90, 0x400);
							goto L30;
						} else {
							E00405EF7((_t80 & 0x0000003f) +  *0x42f458, __eflags, 0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t80 & 0x0000003f) +  *0x42f458, _t90, _t80 & 0x00000040); // executed
							__eflags =  *_t90;
							if( *_t90 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t90, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E00406032(_t66, _t90, _t99, _t90, _v16);
							L30:
							__eflags =  *_t90;
							if( *_t90 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags = _t52 - 0x5a04;
					if(_t52 == 0x5a04) {
						goto L13;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L13;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L13;
					} else {
						_a8 = _a8 & 0x00000000;
						goto L14;
					}
				}
				 *_t90 =  *_t90 & 0x00000000;
				if(_a4 == 0) {
					return _t39;
				}
				return E00406010(_a4, _t39);
			}



























                                                                                                                                                0x00406032
                                                                                                                                                0x00406032
                                                                                                                                                0x00406032
                                                                                                                                                0x00406038
                                                                                                                                                0x0040603d
                                                                                                                                                0x0040603f
                                                                                                                                                0x0040604e
                                                                                                                                                0x0040604e
                                                                                                                                                0x00406056
                                                                                                                                                0x00406057
                                                                                                                                                0x00406058
                                                                                                                                                0x00406059
                                                                                                                                                0x0040605c
                                                                                                                                                0x00406064
                                                                                                                                                0x00406066
                                                                                                                                                0x0040607d
                                                                                                                                                0x00406080
                                                                                                                                                0x00406080
                                                                                                                                                0x00406257
                                                                                                                                                0x00406257
                                                                                                                                                0x0040625b
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040608d
                                                                                                                                                0x00406093
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406099
                                                                                                                                                0x0040609a
                                                                                                                                                0x0040609d
                                                                                                                                                0x004060a0
                                                                                                                                                0x0040624a
                                                                                                                                                0x00406254
                                                                                                                                                0x00406256
                                                                                                                                                0x00406256
                                                                                                                                                0x0040624c
                                                                                                                                                0x0040624e
                                                                                                                                                0x00406250
                                                                                                                                                0x00406251
                                                                                                                                                0x00406251
                                                                                                                                                0x00000000
                                                                                                                                                0x0040624a
                                                                                                                                                0x004060a6
                                                                                                                                                0x004060aa
                                                                                                                                                0x004060ba
                                                                                                                                                0x004060c1
                                                                                                                                                0x004060c4
                                                                                                                                                0x004060cc
                                                                                                                                                0x004060cf
                                                                                                                                                0x004060d6
                                                                                                                                                0x004060d7
                                                                                                                                                0x004060da
                                                                                                                                                0x004061f7
                                                                                                                                                0x004061fa
                                                                                                                                                0x0040622a
                                                                                                                                                0x0040622d
                                                                                                                                                0x00406232
                                                                                                                                                0x00406236
                                                                                                                                                0x00406236
                                                                                                                                                0x0040623b
                                                                                                                                                0x00406241
                                                                                                                                                0x00406243
                                                                                                                                                0x00000000
                                                                                                                                                0x00406243
                                                                                                                                                0x004061fc
                                                                                                                                                0x004061ff
                                                                                                                                                0x00406214
                                                                                                                                                0x0040621b
                                                                                                                                                0x00406201
                                                                                                                                                0x00406208
                                                                                                                                                0x00406208
                                                                                                                                                0x00406223
                                                                                                                                                0x00406226
                                                                                                                                                0x004061ef
                                                                                                                                                0x004061f0
                                                                                                                                                0x004061f0
                                                                                                                                                0x00000000
                                                                                                                                                0x00406226
                                                                                                                                                0x004060e0
                                                                                                                                                0x004060e7
                                                                                                                                                0x004060e9
                                                                                                                                                0x004060ea
                                                                                                                                                0x00406104
                                                                                                                                                0x00406104
                                                                                                                                                0x0040610b
                                                                                                                                                0x0040610b
                                                                                                                                                0x00406112
                                                                                                                                                0x00406116
                                                                                                                                                0x00406116
                                                                                                                                                0x00406117
                                                                                                                                                0x00406119
                                                                                                                                                0x00406152
                                                                                                                                                0x00406155
                                                                                                                                                0x00406165
                                                                                                                                                0x00406168
                                                                                                                                                0x00406170
                                                                                                                                                0x00406176
                                                                                                                                                0x00406176
                                                                                                                                                0x004061d5
                                                                                                                                                0x004061d5
                                                                                                                                                0x004061d7
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040617a
                                                                                                                                                0x00406181
                                                                                                                                                0x00406182
                                                                                                                                                0x00406184
                                                                                                                                                0x0040619e
                                                                                                                                                0x004061ac
                                                                                                                                                0x004061b2
                                                                                                                                                0x004061b4
                                                                                                                                                0x004061d2
                                                                                                                                                0x004061d2
                                                                                                                                                0x004061d2
                                                                                                                                                0x00000000
                                                                                                                                                0x004061d2
                                                                                                                                                0x004061ba
                                                                                                                                                0x004061c3
                                                                                                                                                0x004061c6
                                                                                                                                                0x004061cc
                                                                                                                                                0x004061d0
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004061d0
                                                                                                                                                0x00406186
                                                                                                                                                0x00406189
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406198
                                                                                                                                                0x0040619a
                                                                                                                                                0x0040619c
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040619c
                                                                                                                                                0x00000000
                                                                                                                                                0x004061d5
                                                                                                                                                0x0040615d
                                                                                                                                                0x00000000
                                                                                                                                                0x0040611b
                                                                                                                                                0x00406136
                                                                                                                                                0x0040613b
                                                                                                                                                0x0040613e
                                                                                                                                                0x004061de
                                                                                                                                                0x004061de
                                                                                                                                                0x004061e2
                                                                                                                                                0x004061ea
                                                                                                                                                0x004061ea
                                                                                                                                                0x00000000
                                                                                                                                                0x004061e2
                                                                                                                                                0x00406148
                                                                                                                                                0x004061d9
                                                                                                                                                0x004061d9
                                                                                                                                                0x004061dc
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004061dc
                                                                                                                                                0x00406119
                                                                                                                                                0x004060ec
                                                                                                                                                0x004060f0
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004060f2
                                                                                                                                                0x004060f6
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004060f8
                                                                                                                                                0x004060fc
                                                                                                                                                0x00000000
                                                                                                                                                0x004060fe
                                                                                                                                                0x004060fe
                                                                                                                                                0x00000000
                                                                                                                                                0x004060fe
                                                                                                                                                0x004060fc
                                                                                                                                                0x00406261
                                                                                                                                                0x0040626b
                                                                                                                                                0x00406277
                                                                                                                                                0x00406277
                                                                                                                                                0x00000000

                                                                                                                                                APIs
                                                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 0040615D
                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(Remove folder: ,00000400,?,Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,00000000,0040516F,Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,00000000), ref: 00406170
                                                                                                                                                • SHGetSpecialFolderLocation.SHELL32(0040516F,74D0EA30,?,Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,00000000,0040516F,Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,00000000), ref: 004061AC
                                                                                                                                                • SHGetPathFromIDListA.SHELL32(74D0EA30,Remove folder: ), ref: 004061BA
                                                                                                                                                • CoTaskMemFree.OLE32(74D0EA30), ref: 004061C6
                                                                                                                                                • lstrcatA.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 004061EA
                                                                                                                                                • lstrlenA.KERNEL32(Remove folder: ,?,Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,00000000,0040516F,Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,00000000,00000000,00423A28,74D0EA30), ref: 0040623C
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                                                • String ID: 0x00004688$P~s$Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                • API String ID: 717251189-3163666325
                                                                                                                                                • Opcode ID: cc92b4257a11ce59af416498d21209c3e9f13a96c9b97ba416f09cbc129ed5d8
                                                                                                                                                • Instruction ID: 0eb145c1bee873094c14c85ea59bbbcbcc52f889deb60e0de917f7e6e63be494
                                                                                                                                                • Opcode Fuzzy Hash: cc92b4257a11ce59af416498d21209c3e9f13a96c9b97ba416f09cbc129ed5d8
                                                                                                                                                • Instruction Fuzzy Hash: F1610171900114AEDF24AF64CC84BBE3BA5AB15314F52417FE913BA2D2C77C49A2CB5E
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00401759 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 147stringtimeCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 560 401759-40177c call 402b2c call 405a15 565 401786-401798 call 406010 call 4059a8 lstrcatA 560->565 566 40177e-401784 call 406010 560->566 572 40179d-4017a3 call 40627a 565->572 566->572 576 4017a8-4017ac 572->576 577 4017ae-4017b8 call 406313 576->577 578 4017df-4017e2 576->578 586 4017ca-4017dc 577->586 587 4017ba-4017c8 CompareFileTime 577->587 580 4017e4-4017e5 call 405b84 578->580 581 4017ea-401806 call 405ba9 578->581 580->581 588 401808-40180b 581->588 589 40187e-4018a7 call 405137 call 402ffb 581->589 586->578 587->586 590 401860-40186a call 405137 588->590 591 40180d-40184f call 406010 * 2 call 406032 call 406010 call 40572c 588->591 603 4018a9-4018ad 589->603 604 4018af-4018bb SetFileTime 589->604 601 401873-401879 590->601 591->576 624 401855-401856 591->624 605 4029c1 601->605 603->604 607 4018c1-4018cc FindCloseChangeNotification 603->607 604->607 609 4029c3-4029c7 605->609 610 4018d2-4018d5 607->610 611 4029b8-4029bb 607->611 612 4018d7-4018e8 call 406032 lstrcatA 610->612 613 4018ea-4018ed call 406032 610->613 611->605 619 4018f2-402353 call 40572c 612->619 613->619 619->609 619->611 624->601 625 401858-401859 624->625 625->590
                                                                                                                                                C-Code - Quality: 60%
                                                                                                                                                			E00401759(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402B2C(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x34) & 0x00000007;
				_t33 = E00405A15(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E004059A8(E00406010(0x40a418, "C:\\Program Files\\Wildix\\WIService")), ??);
				} else {
					_push(0x40a418);
					E00406010();
				}
				E0040627A(0x40a418);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00406313(0x40a418);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x28);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405B84(0x40a418);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405BA9(0x40a418, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0xc) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00405137(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x42f4a8;
						goto L32;
					} else {
						E00406010(0x40ac18, "0x00004688");
						E00406010("0x00004688", 0x40a418);
						E00406032(_t75, 0x40ac18, 0x40a418, "C:\Users\hardz\AppData\Local\Temp\nspF522.tmp\System.dll",  *((intOrPtr*)(_t85 - 0x20)));
						E00406010("0x00004688", 0x40ac18);
						_t62 = E0040572C("C:\Users\hardz\AppData\Local\Temp\nspF522.tmp\System.dll",  *(_t85 - 0x34) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x42f4a8 =  &( *0x42f4a8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x40a418);
								_push(0xfffffffa);
								E00405137();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00405137(0xffffffea,  *(_t85 - 8)); // executed
				 *0x42f4d4 =  *0x42f4d4 + 1;
				_push(_t75);
				_push(_t75);
				_push( *(_t85 - 0xc));
				_push( *((intOrPtr*)(_t85 - 0x2c)));
				_t43 = E00402FFB(); // executed
				 *0x42f4d4 =  *0x42f4d4 - 1;
				__eflags =  *(_t85 - 0x28) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x28) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0xc), _t85 - 0x28, _t75, _t85 - 0x28); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x24)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x24)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0xc)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00406032(_t75, _t80, 0x40a418, 0x40a418, 0xffffffee);
					} else {
						E00406032(_t75, _t80, 0x40a418, 0x40a418, 0xffffffe9);
						lstrcatA(0x40a418,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x40a418);
					E0040572C();
					goto L29;
				}
				goto L33;
			}
















                                                                                                                                                0x00401759
                                                                                                                                                0x00401760
                                                                                                                                                0x00401769
                                                                                                                                                0x0040176c
                                                                                                                                                0x0040176f
                                                                                                                                                0x00401774
                                                                                                                                                0x0040177c
                                                                                                                                                0x00401798
                                                                                                                                                0x0040177e
                                                                                                                                                0x0040177e
                                                                                                                                                0x0040177f
                                                                                                                                                0x0040177f
                                                                                                                                                0x0040179e
                                                                                                                                                0x004017a8
                                                                                                                                                0x004017a8
                                                                                                                                                0x004017ac
                                                                                                                                                0x004017af
                                                                                                                                                0x004017b4
                                                                                                                                                0x004017b6
                                                                                                                                                0x004017b8
                                                                                                                                                0x004017bd
                                                                                                                                                0x004017bd
                                                                                                                                                0x004017c8
                                                                                                                                                0x004017c8
                                                                                                                                                0x004017d9
                                                                                                                                                0x004017db
                                                                                                                                                0x004017db
                                                                                                                                                0x004017dc
                                                                                                                                                0x004017dc
                                                                                                                                                0x004017df
                                                                                                                                                0x004017e2
                                                                                                                                                0x004017e5
                                                                                                                                                0x004017e5
                                                                                                                                                0x004017ec
                                                                                                                                                0x004017fb
                                                                                                                                                0x00401800
                                                                                                                                                0x00401803
                                                                                                                                                0x00401806
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00401808
                                                                                                                                                0x0040180b
                                                                                                                                                0x00401865
                                                                                                                                                0x0040186a
                                                                                                                                                0x004015b0
                                                                                                                                                0x00402783
                                                                                                                                                0x00402783
                                                                                                                                                0x004029b8
                                                                                                                                                0x004029bb
                                                                                                                                                0x004029bb
                                                                                                                                                0x00000000
                                                                                                                                                0x0040180d
                                                                                                                                                0x00401813
                                                                                                                                                0x0040181e
                                                                                                                                                0x0040182b
                                                                                                                                                0x00401836
                                                                                                                                                0x0040184c
                                                                                                                                                0x0040184c
                                                                                                                                                0x0040184f
                                                                                                                                                0x00000000
                                                                                                                                                0x00401855
                                                                                                                                                0x00401855
                                                                                                                                                0x00401856
                                                                                                                                                0x00401873
                                                                                                                                                0x004029c1
                                                                                                                                                0x004029c1
                                                                                                                                                0x004029c1
                                                                                                                                                0x00401858
                                                                                                                                                0x00401858
                                                                                                                                                0x00401859
                                                                                                                                                0x00401492
                                                                                                                                                0x0040234e
                                                                                                                                                0x0040234e
                                                                                                                                                0x0040234e
                                                                                                                                                0x00401856
                                                                                                                                                0x0040184f
                                                                                                                                                0x004029c3
                                                                                                                                                0x004029c7
                                                                                                                                                0x004029c7
                                                                                                                                                0x00401883
                                                                                                                                                0x00401888
                                                                                                                                                0x0040188e
                                                                                                                                                0x0040188f
                                                                                                                                                0x00401890
                                                                                                                                                0x00401893
                                                                                                                                                0x00401896
                                                                                                                                                0x0040189b
                                                                                                                                                0x004018a1
                                                                                                                                                0x004018a5
                                                                                                                                                0x004018a7
                                                                                                                                                0x004018af
                                                                                                                                                0x004018bb
                                                                                                                                                0x004018a9
                                                                                                                                                0x004018a9
                                                                                                                                                0x004018ad
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004018ad
                                                                                                                                                0x004018c4
                                                                                                                                                0x004018ca
                                                                                                                                                0x004018cc
                                                                                                                                                0x00000000
                                                                                                                                                0x004018d2
                                                                                                                                                0x004018d2
                                                                                                                                                0x004018d5
                                                                                                                                                0x004018ed
                                                                                                                                                0x004018d7
                                                                                                                                                0x004018da
                                                                                                                                                0x004018e3
                                                                                                                                                0x004018e3
                                                                                                                                                0x004018f2
                                                                                                                                                0x004018f7
                                                                                                                                                0x00402349
                                                                                                                                                0x00000000
                                                                                                                                                0x00402349
                                                                                                                                                0x00000000

                                                                                                                                                APIs
                                                                                                                                                • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Program Files\Wildix\WIService,00000000,00000000,00000031), ref: 00401798
                                                                                                                                                • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Program Files\Wildix\WIService,00000000,00000000,00000031), ref: 004017C2
                                                                                                                                                  • Part of subcall function 00406010: lstrcpynA.KERNEL32(?,?,00000400,0040333D,Wildix Integration Service v3.9.1 Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040601D
                                                                                                                                                  • Part of subcall function 00405137: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,00000000,00423A28,74D0EA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                                                                                                                  • Part of subcall function 00405137: lstrlenA.KERNEL32(00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,00000000,00423A28,74D0EA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                                                                                                                  • Part of subcall function 00405137: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,00403156,00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,00000000,00423A28,74D0EA30), ref: 00405193
                                                                                                                                                  • Part of subcall function 00405137: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\), ref: 004051A5
                                                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32 ref: 004051CB
                                                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32 ref: 004051E5
                                                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32 ref: 004051F3
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                • String ID: 0x00004688$C:\Program Files\Wildix\WIService$C:\Users\user\AppData\Local\Temp\nspF522.tmp$C:\Users\user\AppData\Local\Temp\nspF522.tmp\System.dll$Call
                                                                                                                                                • API String ID: 1941528284-3591042265
                                                                                                                                                • Opcode ID: 9c45ebad200ac85c702c507ed1829873ce3a744f05d0db61e56209a71937778b
                                                                                                                                                • Instruction ID: fcac4804817dd72ce497849c2c59a0292666c96c0e268c836f952ab8254f0f2b
                                                                                                                                                • Opcode Fuzzy Hash: 9c45ebad200ac85c702c507ed1829873ce3a744f05d0db61e56209a71937778b
                                                                                                                                                • Instruction Fuzzy Hash: 5941E571900114BACF10BBB5CD45E9F3A79EF45369F20823BF412F20E2DA7C8A519A6D
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00405137 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 627 405137-40514c 628 405202-405206 627->628 629 405152-405164 627->629 630 405166-40516a call 406032 629->630 631 40516f-40517b lstrlenA 629->631 630->631 633 405198-40519c 631->633 634 40517d-40518d lstrlenA 631->634 636 4051ab-4051af 633->636 637 40519e-4051a5 SetWindowTextA 633->637 634->628 635 40518f-405193 lstrcatA 634->635 635->633 638 4051b1-4051f3 SendMessageA * 3 636->638 639 4051f5-4051f7 636->639 637->636 638->639 639->628 640 4051f9-4051fc 639->640 640->628
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00405137(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x42ebe4; // 0x10452
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x42f4d4;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00406032(0, _t39, 0x42a050, 0x42a050, _a4);
					}
					_t26 = lstrlenA(0x42a050);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x42ebc8, 0x42a050); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x42a050;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52); // executed
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x42a050)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x42a050, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                                                                                0x0040513d
                                                                                                                                                0x00405149
                                                                                                                                                0x0040514c
                                                                                                                                                0x00405152
                                                                                                                                                0x0040515e
                                                                                                                                                0x00405161
                                                                                                                                                0x00405164
                                                                                                                                                0x0040516a
                                                                                                                                                0x0040516a
                                                                                                                                                0x00405170
                                                                                                                                                0x00405178
                                                                                                                                                0x0040517b
                                                                                                                                                0x00405198
                                                                                                                                                0x0040519c
                                                                                                                                                0x004051a5
                                                                                                                                                0x004051a5
                                                                                                                                                0x004051af
                                                                                                                                                0x004051b8
                                                                                                                                                0x004051c4
                                                                                                                                                0x004051cb
                                                                                                                                                0x004051cf
                                                                                                                                                0x004051d2
                                                                                                                                                0x004051e5
                                                                                                                                                0x004051f3
                                                                                                                                                0x004051f3
                                                                                                                                                0x004051f7
                                                                                                                                                0x004051f9
                                                                                                                                                0x004051fc
                                                                                                                                                0x00000000
                                                                                                                                                0x004051fc
                                                                                                                                                0x0040517d
                                                                                                                                                0x00405185
                                                                                                                                                0x0040518d
                                                                                                                                                0x00405193
                                                                                                                                                0x00000000
                                                                                                                                                0x00405193
                                                                                                                                                0x0040518d
                                                                                                                                                0x0040517b
                                                                                                                                                0x00405206

                                                                                                                                                APIs
                                                                                                                                                • lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,00000000,00423A28,74D0EA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                                                                                                                • lstrlenA.KERNEL32(00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,00000000,00423A28,74D0EA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                                                                                                                • lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,00403156,00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,00000000,00423A28,74D0EA30), ref: 00405193
                                                                                                                                                • SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\), ref: 004051A5
                                                                                                                                                • SendMessageA.USER32 ref: 004051CB
                                                                                                                                                • SendMessageA.USER32 ref: 004051E5
                                                                                                                                                • SendMessageA.USER32 ref: 004051F3
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\
                                                                                                                                                • API String ID: 2531174081-3153682642
                                                                                                                                                • Opcode ID: 70eafaf07dbaaaf216f359b5708fcaefab7a68737b82738e00fa0d1a33c4644f
                                                                                                                                                • Instruction ID: 7d4789c60296e211bada9a9e2a19d16c38d622f2d1b0cadef69f4b7d7b7d07eb
                                                                                                                                                • Opcode Fuzzy Hash: 70eafaf07dbaaaf216f359b5708fcaefab7a68737b82738e00fa0d1a33c4644f
                                                                                                                                                • Instruction Fuzzy Hash: CE21A971900118BFDB119FA5CD85ADEBFA9EF08354F04807AF844A6291C7398E408FA8
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00402FFB Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 166COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 641 402ffb-40300f 642 403011 641->642 643 403018-403021 641->643 642->643 644 403023 643->644 645 40302a-40302f 643->645 644->645 646 403031-40303a call 403223 645->646 647 40303f-40304c call 40320d 645->647 646->647 651 403052-403056 647->651 652 4031fb 647->652 653 4031a6-4031a8 651->653 654 40305c-4030a5 GetTickCount 651->654 655 4031fd-4031fe 652->655 659 4031e8-4031eb 653->659 660 4031aa-4031ad 653->660 656 403203 654->656 657 4030ab-4030b3 654->657 658 403206-40320a 655->658 656->658 661 4030b5 657->661 662 4030b8-4030c6 call 40320d 657->662 663 4031f0-4031f9 call 40320d 659->663 664 4031ed 659->664 660->656 665 4031af 660->665 661->662 662->652 674 4030cc-4030d5 662->674 663->652 675 403200 663->675 664->663 666 4031b2-4031b8 665->666 669 4031ba 666->669 670 4031bc-4031ca call 40320d 666->670 669->670 670->652 678 4031cc-4031d8 call 405c50 670->678 677 4030db-4030fb call 4064cd 674->677 675->656 683 403101-403114 GetTickCount 677->683 684 40319e-4031a0 677->684 685 4031a2-4031a4 678->685 686 4031da-4031e4 678->686 687 403116-40311e 683->687 688 403159-40315b 683->688 684->655 685->655 686->666 691 4031e6 686->691 692 403120-403124 687->692 693 403126-403151 MulDiv wsprintfA call 405137 687->693 689 403192-403196 688->689 690 40315d-403161 688->690 689->657 696 40319c 689->696 694 403163-40316a call 405c50 690->694 695 403178-403183 690->695 691->656 692->688 692->693 700 403156 693->700 701 40316f-403171 694->701 699 403186-40318a 695->699 696->656 699->677 702 403190 699->702 700->688 701->685 703 403173-403176 701->703 702->656 703->699
                                                                                                                                                C-Code - Quality: 95%
                                                                                                                                                			E00402FFB(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				char _v88;
				void* _t65;
				long _t70;
				intOrPtr _t75;
				long _t76;
				intOrPtr _t77;
				void* _t78;
				int _t88;
				intOrPtr _t92;
				intOrPtr _t95;
				long _t96;
				signed int _t97;
				int _t98;
				int _t99;
				intOrPtr _t100;
				void* _t101;
				void* _t102;

				_t97 = _a16;
				_t92 = _a12;
				_v12 = _t97;
				if(_t92 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t92;
				if(_t92 == 0) {
					_v16 = 0x421428;
				}
				_t62 = _a4;
				if(_a4 >= 0) {
					E00403223( *0x42f478 + _t62);
				}
				if(E0040320D( &_a16, 4) == 0) {
					L41:
					_push(0xfffffffd);
					goto L42;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t92 != 0) {
							if(_a16 < _t97) {
								_t97 = _a16;
							}
							if(E0040320D(_t92, _t97) != 0) {
								_v8 = _t97;
								L44:
								return _v8;
							} else {
								goto L41;
							}
						}
						if(_a16 <= _t92) {
							goto L44;
						}
						_t88 = _v12;
						while(1) {
							_t98 = _a16;
							if(_a16 >= _t88) {
								_t98 = _t88;
							}
							if(E0040320D(0x41d428, _t98) == 0) {
								goto L41;
							}
							if(E00405C50(_a8, 0x41d428, _t98) == 0) {
								L28:
								_push(0xfffffffe);
								L42:
								_pop(_t65);
								return _t65;
							}
							_v8 = _v8 + _t98;
							_a16 = _a16 - _t98;
							if(_a16 > 0) {
								continue;
							}
							goto L44;
						}
						goto L41;
					}
					_t70 = GetTickCount();
					 *0x40bd8c =  *0x40bd8c & 0x00000000;
					 *0x40bd88 =  *0x40bd88 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t70;
					 *0x40b870 = 8;
					 *0x415418 = 0x40d410;
					 *0x415414 = 0x40d410;
					 *0x415410 = 0x415410;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L44;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E0040320D(0x41d428, _t99) == 0) {
							goto L41;
						}
						_a16 = _a16 - _t99;
						 *0x40b860 = 0x41d428;
						 *0x40b864 = _t99;
						while(1) {
							_t95 = _v16;
							 *0x40b868 = _t95;
							 *0x40b86c = _v12;
							_t75 = E004064CD("@\xef\xbf							_v24 = _t75;
							if(_t75 < 0) {
								break;
							}
							_t100 =  *0x40b868; // 0x423a28
							_t101 = _t100 - _t95;
							_t76 = GetTickCount();
							_t96 = _t76;
							if(( *0x42f4d4 & 0x00000001) != 0 && (_t76 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v88, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E00405137(0,  &_v88); // executed
								_v20 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L44;
							} else {
								if(_a12 != 0) {
									_t77 =  *0x40b868; // 0x423a28
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_v16 = _t77;
									L23:
									if(_v24 != 1) {
										continue;
									}
									goto L44;
								}
								_t78 = E00405C50(_a8, _v16, _t101); // executed
								if(_t78 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t101;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L42;
					}
					goto L41;
				}
			}

























                                                                                                                                                0x00403003
                                                                                                                                                0x00403007
                                                                                                                                                0x0040300a
                                                                                                                                                0x0040300f
                                                                                                                                                0x00403011
                                                                                                                                                0x00403011
                                                                                                                                                0x00403018
                                                                                                                                                0x0040301c
                                                                                                                                                0x00403021
                                                                                                                                                0x00403023
                                                                                                                                                0x00403023
                                                                                                                                                0x0040302a
                                                                                                                                                0x0040302f
                                                                                                                                                0x0040303a
                                                                                                                                                0x0040303a
                                                                                                                                                0x0040304c
                                                                                                                                                0x004031fb
                                                                                                                                                0x004031fb
                                                                                                                                                0x00000000
                                                                                                                                                0x00403052
                                                                                                                                                0x00403056
                                                                                                                                                0x004031a8
                                                                                                                                                0x004031eb
                                                                                                                                                0x004031ed
                                                                                                                                                0x004031ed
                                                                                                                                                0x004031f9
                                                                                                                                                0x00403200
                                                                                                                                                0x00403203
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004031f9
                                                                                                                                                0x004031ad
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004031af
                                                                                                                                                0x004031b2
                                                                                                                                                0x004031b5
                                                                                                                                                0x004031b8
                                                                                                                                                0x004031ba
                                                                                                                                                0x004031ba
                                                                                                                                                0x004031ca
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004031d8
                                                                                                                                                0x004031a2
                                                                                                                                                0x004031a2
                                                                                                                                                0x004031fd
                                                                                                                                                0x004031fd
                                                                                                                                                0x00000000
                                                                                                                                                0x004031fd
                                                                                                                                                0x004031da
                                                                                                                                                0x004031dd
                                                                                                                                                0x004031e4
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004031e6
                                                                                                                                                0x00000000
                                                                                                                                                0x004031b2
                                                                                                                                                0x00403062
                                                                                                                                                0x00403064
                                                                                                                                                0x0040306b
                                                                                                                                                0x00403072
                                                                                                                                                0x00403072
                                                                                                                                                0x00403079
                                                                                                                                                0x00403081
                                                                                                                                                0x0040308b
                                                                                                                                                0x00403090
                                                                                                                                                0x00403098
                                                                                                                                                0x004030a2
                                                                                                                                                0x004030a5
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004030ab
                                                                                                                                                0x004030ab
                                                                                                                                                0x004030ab
                                                                                                                                                0x004030b3
                                                                                                                                                0x004030b5
                                                                                                                                                0x004030b5
                                                                                                                                                0x004030c6
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004030cc
                                                                                                                                                0x004030cf
                                                                                                                                                0x004030d5
                                                                                                                                                0x004030db
                                                                                                                                                0x004030db
                                                                                                                                                0x004030e6
                                                                                                                                                0x004030ec
                                                                                                                                                0x004030f1
                                                                                                                                                0x004030f8
                                                                                                                                                0x004030fb
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403101
                                                                                                                                                0x00403107
                                                                                                                                                0x00403109
                                                                                                                                                0x00403112
                                                                                                                                                0x00403114
                                                                                                                                                0x00403142
                                                                                                                                                0x00403148
                                                                                                                                                0x00403151
                                                                                                                                                0x00403156
                                                                                                                                                0x00403156
                                                                                                                                                0x0040315b
                                                                                                                                                0x00403196
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040315d
                                                                                                                                                0x00403161
                                                                                                                                                0x00403178
                                                                                                                                                0x0040317d
                                                                                                                                                0x00403180
                                                                                                                                                0x00403183
                                                                                                                                                0x00403186
                                                                                                                                                0x0040318a
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403190
                                                                                                                                                0x0040316a
                                                                                                                                                0x00403171
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00403173
                                                                                                                                                0x00000000
                                                                                                                                                0x00403173
                                                                                                                                                0x0040315b
                                                                                                                                                0x0040319e
                                                                                                                                                0x00000000
                                                                                                                                                0x0040319e
                                                                                                                                                0x00000000
                                                                                                                                                0x004030ab

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CountTick$wsprintf
                                                                                                                                                • String ID: (:B$... %d%%$@A
                                                                                                                                                • API String ID: 551687249-3855023115
                                                                                                                                                • Opcode ID: fadbfff98126c3f33fc218ff52c7570f2bc54738a50a490896210387b9f65f46
                                                                                                                                                • Instruction ID: 2f86f0e091d903dd4c8dc1f0d7d1d97a23866136c8ad304ef4da6da149bc5d25
                                                                                                                                                • Opcode Fuzzy Hash: fadbfff98126c3f33fc218ff52c7570f2bc54738a50a490896210387b9f65f46
                                                                                                                                                • Instruction Fuzzy Hash: D2518D71801219EBDB10DF65DA44A9E7FB8EF08316F10817BE810B72E1C7789B44CBA9
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0040206A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73libraryloaderCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 704 40206a-402076 705 402131-402133 704->705 706 40207c-402092 call 402b2c * 2 704->706 707 4022a4-4022a9 call 401423 705->707 715 4020a1-4020af LoadLibraryExA 706->715 716 402094-40209f GetModuleHandleA 706->716 713 4029b8-4029c7 707->713 718 4020b1-4020be GetProcAddress 715->718 719 40212a-40212c 715->719 716->715 716->718 721 4020c0-4020c6 718->721 722 4020fd-402102 call 405137 718->722 719->707 723 4020c8-4020d4 call 401423 721->723 724 4020df-4020f3 721->724 727 402107-40210a 722->727 723->727 735 4020d6-4020dd 723->735 730 4020f8-4020fb 724->730 727->713 728 402110-402118 call 4037cd 727->728 728->713 734 40211e-402125 FreeLibrary 728->734 730->727 734->713 735->727
                                                                                                                                                C-Code - Quality: 60%
                                                                                                                                                			E0040206A(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x42f4d8");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42f4a8 =  *0x42f4a8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402B2C(0xfffffff0);
				 *(_t34 + 8) = E00402B2C(1);
				if( *((intOrPtr*)(_t34 - 0x24)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00405137(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x2c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, "0x00004688", " w", 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x2c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x28)) == _t27 && E004037CD(_t30) != 0) {
						FreeLibrary(_t30); // executed
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                                                                0x0040206a
                                                                                                                                                0x0040206a
                                                                                                                                                0x0040206f
                                                                                                                                                0x00402076
                                                                                                                                                0x00402131
                                                                                                                                                0x004022a4
                                                                                                                                                0x004022a4
                                                                                                                                                0x004029b8
                                                                                                                                                0x004029bb
                                                                                                                                                0x004029c7
                                                                                                                                                0x004029c7
                                                                                                                                                0x00402085
                                                                                                                                                0x0040208f
                                                                                                                                                0x00402092
                                                                                                                                                0x004020a1
                                                                                                                                                0x004020a5
                                                                                                                                                0x004020ab
                                                                                                                                                0x004020af
                                                                                                                                                0x0040212a
                                                                                                                                                0x00000000
                                                                                                                                                0x0040212a
                                                                                                                                                0x004020b1
                                                                                                                                                0x004020ba
                                                                                                                                                0x004020be
                                                                                                                                                0x00402102
                                                                                                                                                0x004020c0
                                                                                                                                                0x004020c3
                                                                                                                                                0x004020c6
                                                                                                                                                0x004020f6
                                                                                                                                                0x004020c8
                                                                                                                                                0x004020cb
                                                                                                                                                0x004020d4
                                                                                                                                                0x004020d6
                                                                                                                                                0x004020d6
                                                                                                                                                0x004020d4
                                                                                                                                                0x004020c6
                                                                                                                                                0x0040210a
                                                                                                                                                0x0040211f
                                                                                                                                                0x0040211f
                                                                                                                                                0x00000000
                                                                                                                                                0x0040210a
                                                                                                                                                0x00402095
                                                                                                                                                0x0040209b
                                                                                                                                                0x0040209f
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000

                                                                                                                                                APIs
                                                                                                                                                • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00402095
                                                                                                                                                  • Part of subcall function 00405137: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,00000000,00423A28,74D0EA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                                                                                                                  • Part of subcall function 00405137: lstrlenA.KERNEL32(00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,00000000,00423A28,74D0EA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                                                                                                                  • Part of subcall function 00405137: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,00403156,00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,00000000,00423A28,74D0EA30), ref: 00405193
                                                                                                                                                  • Part of subcall function 00405137: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\), ref: 004051A5
                                                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32 ref: 004051CB
                                                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32 ref: 004051E5
                                                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32 ref: 004051F3
                                                                                                                                                • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 004020A5
                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 004020B5
                                                                                                                                                • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040211F
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                                                • String ID: w$0x00004688
                                                                                                                                                • API String ID: 2987980305-2337844055
                                                                                                                                                • Opcode ID: 532ce0de4b0eb58012e9db3c58e41f5788510b7f5f76953fa1d2d9dfe9513583
                                                                                                                                                • Instruction ID: 166643d80e3f452ca3a3677f95ea327ecca8534a485506fba34b2def260d9046
                                                                                                                                                • Opcode Fuzzy Hash: 532ce0de4b0eb58012e9db3c58e41f5788510b7f5f76953fa1d2d9dfe9513583
                                                                                                                                                • Instruction Fuzzy Hash: EA21C671900214ABCF217FA4CF89AAE7A74AF15318F20413BF601B62D0D6FD49829A5E
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004055FD Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 736 4055fd-405648 CreateDirectoryA 737 40564a-40564c 736->737 738 40564e-40565b GetLastError 736->738 739 405675-405677 737->739 738->739 740 40565d-405671 SetFileSecurityA 738->740 740->737 741 405673 GetLastError 740->741 741->739
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E004055FD(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x40837c;
				_v36.Group = 0x40837c;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x40836c;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                                                                                0x00405608
                                                                                                                                                0x0040560c
                                                                                                                                                0x0040560f
                                                                                                                                                0x00405615
                                                                                                                                                0x00405619
                                                                                                                                                0x0040561d
                                                                                                                                                0x00405625
                                                                                                                                                0x0040562c
                                                                                                                                                0x00405632
                                                                                                                                                0x00405639
                                                                                                                                                0x00405640
                                                                                                                                                0x00405648
                                                                                                                                                0x0040564a
                                                                                                                                                0x00000000
                                                                                                                                                0x0040564a
                                                                                                                                                0x00405654
                                                                                                                                                0x0040565b
                                                                                                                                                0x00405671
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405673
                                                                                                                                                0x00405677

                                                                                                                                                APIs
                                                                                                                                                • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405640
                                                                                                                                                • GetLastError.KERNEL32 ref: 00405654
                                                                                                                                                • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405669
                                                                                                                                                • GetLastError.KERNEL32 ref: 00405673
                                                                                                                                                Strings
                                                                                                                                                • C:\Users\user\Desktop, xrefs: 004055FD
                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405623
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                                                                                                                                • API String ID: 3449924974-3254906087
                                                                                                                                                • Opcode ID: 3f07113bbed92aa299f899006a5ac68722d9e9d13463f273e10feef126da3ab7
                                                                                                                                                • Instruction ID: eb9787142c6b7489d22a19a099e3bfbf20428df61be735a73e08cf58b85abbae
                                                                                                                                                • Opcode Fuzzy Hash: 3f07113bbed92aa299f899006a5ac68722d9e9d13463f273e10feef126da3ab7
                                                                                                                                                • Instruction Fuzzy Hash: 89010871C00219EAEF009FA1C904BEFBBB8EB14354F00847AD545B6290DB7996088FA9
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0040633A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 742 40633a-40635a GetSystemDirectoryA 743 40635c 742->743 744 40635e-406360 742->744 743->744 745 406370-406372 744->745 746 406362-40636a 744->746 747 406373-4063a5 wsprintfA LoadLibraryExA 745->747 746->745 748 40636c-40636e 746->748 748->747
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E0040633A(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x40a014; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                                                                                                                0x00406351
                                                                                                                                                0x0040635a
                                                                                                                                                0x0040635c
                                                                                                                                                0x0040635c
                                                                                                                                                0x00406360
                                                                                                                                                0x00406372
                                                                                                                                                0x0040636c
                                                                                                                                                0x0040636c
                                                                                                                                                0x0040636c
                                                                                                                                                0x00406376
                                                                                                                                                0x0040638a
                                                                                                                                                0x0040639e
                                                                                                                                                0x004063a5

                                                                                                                                                APIs
                                                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 00406351
                                                                                                                                                • wsprintfA.USER32 ref: 0040638A
                                                                                                                                                • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040639E
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                • String ID: %s%s.dll$UXTHEME$\
                                                                                                                                                • API String ID: 2200240437-4240819195
                                                                                                                                                • Opcode ID: 99878a05f639d6717cee7e73d8174e66263622090e4b33b6bcde024c159c7dc8
                                                                                                                                                • Instruction ID: 4d0fdf3fe302aa3e605d302367287b0bc06203fc89102858e08200231af957cf
                                                                                                                                                • Opcode Fuzzy Hash: 99878a05f639d6717cee7e73d8174e66263622090e4b33b6bcde024c159c7dc8
                                                                                                                                                • Instruction Fuzzy Hash: 9EF0F670510609ABEB24AB74DD0DFEB366CAB08305F14057AAA86E11D1EA78D9358BDC
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00405BD8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 749 405bd8-405be2 750 405be3-405c0e GetTickCount GetTempFileNameA 749->750 751 405c10-405c12 750->751 752 405c1d-405c1f 750->752 751->750 754 405c14 751->754 753 405c17-405c1a 752->753 754->753
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00405BD8(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x40a3b4; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}









                                                                                                                                                0x00405bdc
                                                                                                                                                0x00405be2
                                                                                                                                                0x00405be3
                                                                                                                                                0x00405be3
                                                                                                                                                0x00405be8
                                                                                                                                                0x00405be9
                                                                                                                                                0x00405bec
                                                                                                                                                0x00405bf6
                                                                                                                                                0x00405c03
                                                                                                                                                0x00405c06
                                                                                                                                                0x00405c0e
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405c12
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405c14
                                                                                                                                                0x00000000
                                                                                                                                                0x00405c14
                                                                                                                                                0x00000000

                                                                                                                                                APIs
                                                                                                                                                • GetTickCount.KERNEL32 ref: 00405BEC
                                                                                                                                                • GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000006,00000008,0000000A), ref: 00405C06
                                                                                                                                                Strings
                                                                                                                                                • "C:\Users\user\Desktop\SetupWIService.exe" , xrefs: 00405BD8
                                                                                                                                                • nsa, xrefs: 00405BE3
                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BDB
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CountFileNameTempTick
                                                                                                                                                • String ID: "C:\Users\user\Desktop\SetupWIService.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                • API String ID: 1716503409-2225172688
                                                                                                                                                • Opcode ID: 81a8a72dc23b4af90602e2553ee1124644ae594fa0167b908fb3a738e8e2aa10
                                                                                                                                                • Instruction ID: 7981c9ddf24778652055132877b92488972f9a5eb9cf132aa873dca7e4a118a1
                                                                                                                                                • Opcode Fuzzy Hash: 81a8a72dc23b4af90602e2553ee1124644ae594fa0167b908fb3a738e8e2aa10
                                                                                                                                                • Instruction Fuzzy Hash: 0FF082363183046BEB109F56DD04B9B7BA9DFD2750F14803BFA489B290D6B4A9548B58
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00401D41 Relevance: 7.6, APIs: 5, Instructions: 70windowCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 755 401d41-401d45 756 401d54-401d58 GetDlgItem 755->756 757 401d47-401d52 call 402b0a 755->757 759 401d5e-401d87 756->759 757->759 761 401d91 759->761 762 401d89-401d8f call 402b2c 759->762 764 401d95-401de5 GetClientRect LoadImageA SendMessageA 761->764 762->764 766 4029b8-4029c7 764->766 767 401deb-401ded 764->767 767->766 768 401df3-401dfa DeleteObject 767->768 768->766
                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                			E00401D41(int __edx) {
				struct HWND__* _t24;
				CHAR* _t30;
				long _t39;
				void* _t40;
				void* _t44;
				signed int _t46;
				int _t50;
				signed int _t53;
				void* _t57;

				_t48 = __edx;
				if(( *(_t57 - 0x2b) & 0x00000001) == 0) {
					_t24 = GetDlgItem( *(_t57 - 8), __edx);
				} else {
					_t24 = E00402B0A(1);
					 *(_t57 - 0x10) = _t48;
				}
				_t46 =  *(_t57 - 0x2c);
				 *(_t57 + 8) = _t24;
				 *(_t57 - 8) = _t46 >> 0x1f;
				_t50 = _t46 & 0x00000003;
				_t53 = _t46 & 0x00000004;
				 *(_t57 - 0x1c) = _t46 >> 0x0000001e & 0x00000001;
				if((_t46 & 0x00010000) == 0) {
					_t30 =  *(_t57 - 0x34) & 0x0000ffff;
				} else {
					_t30 = E00402B2C(_t44);
				}
				 *(_t57 - 0xc) = _t30;
				GetClientRect( *(_t57 + 8), _t57 - 0x58);
				asm("sbb esi, esi");
				_t39 = LoadImageA( ~_t53 &  *0x42f400,  *(_t57 - 0xc), _t50,  *(_t57 - 0x50) *  *(_t57 - 8),  *(_t57 - 0x4c) *  *(_t57 - 0x1c),  *(_t57 - 0x2c) & 0x0000fef0); // executed
				_t40 = SendMessageA( *(_t57 + 8), 0x172, _t50, _t39); // executed
				if(_t40 != _t44 && _t50 == _t44) {
					DeleteObject(_t40);
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t57 - 4));
				return 0;
			}












                                                                                                                                                0x00401d41
                                                                                                                                                0x00401d45
                                                                                                                                                0x00401d58
                                                                                                                                                0x00401d47
                                                                                                                                                0x00401d49
                                                                                                                                                0x00401d4f
                                                                                                                                                0x00401d4f
                                                                                                                                                0x00401d5e
                                                                                                                                                0x00401d61
                                                                                                                                                0x00401d6b
                                                                                                                                                0x00401d72
                                                                                                                                                0x00401d78
                                                                                                                                                0x00401d84
                                                                                                                                                0x00401d87
                                                                                                                                                0x00401d91
                                                                                                                                                0x00401d89
                                                                                                                                                0x00401d8a
                                                                                                                                                0x00401d8a
                                                                                                                                                0x00401d95
                                                                                                                                                0x00401d9f
                                                                                                                                                0x00401dc4
                                                                                                                                                0x00401dcd
                                                                                                                                                0x00401ddd
                                                                                                                                                0x00401de5
                                                                                                                                                0x00401df4
                                                                                                                                                0x00401df4
                                                                                                                                                0x004029bb
                                                                                                                                                0x004029c7

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1849352358-0
                                                                                                                                                • Opcode ID: 00f1612270fd0f543acd8efcffc28e16e01318b1b3b826732ee9862bf9fbfd2f
                                                                                                                                                • Instruction ID: 7a7dd6c208c7a4d57f36c402fdb0fe657614a2e015b6db45afd3f1aca9992802
                                                                                                                                                • Opcode Fuzzy Hash: 00f1612270fd0f543acd8efcffc28e16e01318b1b3b826732ee9862bf9fbfd2f
                                                                                                                                                • Instruction Fuzzy Hash: 30215172E00109AFDB05DF98DE44AEEBBB9FB58310F10403AF945F62A1CB789941CB58
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00401C0A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 59%
                                                                                                                                                			E00401C0A(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				CHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402B0A(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 8) = _t29;
				_t30 = E00402B0A(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x20) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402B2C(0x33);
				}
				__eflags =  *(_t64 - 0x20) & 0x00000002;
				if(( *(_t64 - 0x20) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402B2C(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x38)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402B2C();
					_t32 = E00402B2C();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExA( *(_t64 - 8),  *(_t64 + 8), _t35,  ~( *_t32) & _t32); // executed
					goto L10;
				} else {
					_t61 = E00402B0A();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402B0A(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x20) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8)); // executed
						L10:
						 *(_t64 - 0xc) = _t36;
					} else {
						_t42 = SendMessageTimeoutA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8), _t46, _t56, _t64 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x34)) >= _t46) {
					_push( *(_t64 - 0xc));
					E00405F6E();
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                                                                                                0x00401c0a
                                                                                                                                                0x00401c0c
                                                                                                                                                0x00401c13
                                                                                                                                                0x00401c16
                                                                                                                                                0x00401c19
                                                                                                                                                0x00401c23
                                                                                                                                                0x00401c27
                                                                                                                                                0x00401c2a
                                                                                                                                                0x00401c33
                                                                                                                                                0x00401c33
                                                                                                                                                0x00401c36
                                                                                                                                                0x00401c3a
                                                                                                                                                0x00401c43
                                                                                                                                                0x00401c43
                                                                                                                                                0x00401c46
                                                                                                                                                0x00401c4a
                                                                                                                                                0x00401c4c
                                                                                                                                                0x00401ca1
                                                                                                                                                0x00401ca3
                                                                                                                                                0x00401cac
                                                                                                                                                0x00401cb4
                                                                                                                                                0x00401cb7
                                                                                                                                                0x00401cb7
                                                                                                                                                0x00401cc0
                                                                                                                                                0x00000000
                                                                                                                                                0x00401c4e
                                                                                                                                                0x00401c55
                                                                                                                                                0x00401c57
                                                                                                                                                0x00401c5a
                                                                                                                                                0x00401c60
                                                                                                                                                0x00401c67
                                                                                                                                                0x00401c6a
                                                                                                                                                0x00401c92
                                                                                                                                                0x00401cc6
                                                                                                                                                0x00401cc6
                                                                                                                                                0x00401c6c
                                                                                                                                                0x00401c7a
                                                                                                                                                0x00401c82
                                                                                                                                                0x00401c85
                                                                                                                                                0x00401c85
                                                                                                                                                0x00401c6a
                                                                                                                                                0x00401cc9
                                                                                                                                                0x00401ccc
                                                                                                                                                0x00401cd2
                                                                                                                                                0x00402960
                                                                                                                                                0x00402960
                                                                                                                                                0x004029bb
                                                                                                                                                0x004029c7

                                                                                                                                                APIs
                                                                                                                                                • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C7A
                                                                                                                                                • SendMessageA.USER32 ref: 00401C92
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend$Timeout
                                                                                                                                                • String ID: !
                                                                                                                                                • API String ID: 1777923405-2657877971
                                                                                                                                                • Opcode ID: d1a5455d7aacc09bf912e97d7887ce2258fe7abf1a6a230a252a42dd7e2e40c1
                                                                                                                                                • Instruction ID: f2250e9d7a54984aac42e0f48c7b57cae310fb8b86675e6ff90c870375dfe4cb
                                                                                                                                                • Opcode Fuzzy Hash: d1a5455d7aacc09bf912e97d7887ce2258fe7abf1a6a230a252a42dd7e2e40c1
                                                                                                                                                • Instruction Fuzzy Hash: 4D216BB1944208BEEF06AFA4D98AAAD7FB5EB44304F10447EF501B61D1C7B88640DB18
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0040243D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 83%
                                                                                                                                                			E0040243D(void* __eax, int __ebx, intOrPtr __edx, void* __eflags) {
				void* _t18;
				void* _t19;
				int _t22;
				long _t23;
				int _t28;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t35;
				void* _t37;
				void* _t40;

				_t40 = __eflags;
				_t31 = __edx;
				_t28 = __ebx;
				_t35 =  *((intOrPtr*)(_t37 - 0x24));
				_t32 = __eax;
				 *(_t37 - 0x10) =  *(_t37 - 0x20);
				 *(_t37 - 0x4c) = E00402B2C(2);
				_t18 = E00402B2C(0x11);
				 *(_t37 - 4) = 1;
				_t19 = E00402BBC(_t40, _t32, _t18, 2); // executed
				 *(_t37 + 8) = _t19;
				if(_t19 != __ebx) {
					_t22 = 0;
					if(_t35 == 1) {
						E00402B2C(0x23);
						_t22 = lstrlenA(0x40ac18) + 1;
					}
					if(_t35 == 4) {
						 *0x40ac18 = E00402B0A(3);
						 *((intOrPtr*)(_t37 - 0x44)) = _t31;
						_t22 = _t35;
					}
					if(_t35 == 3) {
						_t22 = E00402FFB( *((intOrPtr*)(_t37 - 0x28)), _t28, 0x40ac18, 0xc00);
					}
					_t23 = RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x4c), _t28,  *(_t37 - 0x10), 0x40ac18, _t22); // executed
					if(_t23 == 0) {
						 *(_t37 - 4) = _t28;
					}
					_push( *(_t37 + 8));
					RegCloseKey(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *(_t37 - 4);
				return 0;
			}













                                                                                                                                                0x0040243d
                                                                                                                                                0x0040243d
                                                                                                                                                0x0040243d
                                                                                                                                                0x0040243d
                                                                                                                                                0x00402440
                                                                                                                                                0x00402447
                                                                                                                                                0x00402451
                                                                                                                                                0x00402454
                                                                                                                                                0x0040245d
                                                                                                                                                0x00402464
                                                                                                                                                0x0040246b
                                                                                                                                                0x0040246e
                                                                                                                                                0x00402474
                                                                                                                                                0x0040247e
                                                                                                                                                0x00402482
                                                                                                                                                0x0040248d
                                                                                                                                                0x0040248d
                                                                                                                                                0x00402491
                                                                                                                                                0x0040249b
                                                                                                                                                0x004024a1
                                                                                                                                                0x004024a4
                                                                                                                                                0x004024a4
                                                                                                                                                0x004024a8
                                                                                                                                                0x004024b4
                                                                                                                                                0x004024b4
                                                                                                                                                0x004024c5
                                                                                                                                                0x004024cd
                                                                                                                                                0x004024cf
                                                                                                                                                0x004024cf
                                                                                                                                                0x004024d2
                                                                                                                                                0x004025a9
                                                                                                                                                0x004025a9
                                                                                                                                                0x004029bb
                                                                                                                                                0x004029c7

                                                                                                                                                APIs
                                                                                                                                                • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nspF522.tmp,00000023,00000011,00000002), ref: 00402488
                                                                                                                                                • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nspF522.tmp,00000000,00000011,00000002), ref: 004024C5
                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nspF522.tmp,00000000,00000011,00000002), ref: 004025A9
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CloseValuelstrlen
                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nspF522.tmp
                                                                                                                                                • API String ID: 2655323295-3035463534
                                                                                                                                                • Opcode ID: 610ddf13854f5e3fce0277d0983d4509bfedf3dc802218e771cfd393e35f59e9
                                                                                                                                                • Instruction ID: 559559637a649bcd28a1cc64439ef7fed2494afba8ff337a7fe29a68e97d1b61
                                                                                                                                                • Opcode Fuzzy Hash: 610ddf13854f5e3fce0277d0983d4509bfedf3dc802218e771cfd393e35f59e9
                                                                                                                                                • Instruction Fuzzy Hash: 26115E71E00218AFEB01AFA58E49EAE7AB4EB48314F21443BF504B71C1D6F95D419B68
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00405A96 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 53%
                                                                                                                                                			E00405A96(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00406010(0x42bc78, _a4);
				_t21 = E00405A41(0x42bc78);
				if(_t21 != 0) {
					E0040627A(_t21);
					if(( *0x42f41c & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x42bc78;
						while(1) {
							_t11 = lstrlenA(0x42bc78);
							_push(0x42bc78);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00406313();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E004059EF(0x42bc78);
								continue;
							} else {
								goto L1;
							}
						}
						E004059A8();
						_t16 = GetFileAttributesA(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                                                                                                                0x00405aa2
                                                                                                                                                0x00405aad
                                                                                                                                                0x00405ab1
                                                                                                                                                0x00405ab8
                                                                                                                                                0x00405ac4
                                                                                                                                                0x00405ad0
                                                                                                                                                0x00405ad0
                                                                                                                                                0x00405ae8
                                                                                                                                                0x00405ae9
                                                                                                                                                0x00405af0
                                                                                                                                                0x00405af1
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405ad4
                                                                                                                                                0x00405adb
                                                                                                                                                0x00405ae3
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405adb
                                                                                                                                                0x00405af3
                                                                                                                                                0x00405af9
                                                                                                                                                0x00000000
                                                                                                                                                0x00405b07
                                                                                                                                                0x00405ac6
                                                                                                                                                0x00405aca
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405aca
                                                                                                                                                0x00405ab3
                                                                                                                                                0x00000000

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00406010: lstrcpynA.KERNEL32(?,?,00000400,0040333D,Wildix Integration Service v3.9.1 Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040601D
                                                                                                                                                  • Part of subcall function 00405A41: CharNextA.USER32(?,?,C:\,?,00405AAD,C:\,C:\,74D0FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A4F
                                                                                                                                                  • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A54
                                                                                                                                                  • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A68
                                                                                                                                                • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,74D0FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405AE9
                                                                                                                                                • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,74D0FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,74D0FA90,C:\Users\user\AppData\Local\Temp\), ref: 00405AF9
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                • String ID: C:\$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                • API String ID: 3248276644-3942820052
                                                                                                                                                • Opcode ID: a0e90dbc06f1550ade5f4dfcb0fddeac6c7db65a8ba4490088ce0944d0043635
                                                                                                                                                • Instruction ID: 19c9bca0149f7da3aa3ccb8fe98c792d35a3de88cc2685bd8f8020a319c38c36
                                                                                                                                                • Opcode Fuzzy Hash: a0e90dbc06f1550ade5f4dfcb0fddeac6c7db65a8ba4490088ce0944d0043635
                                                                                                                                                • Instruction Fuzzy Hash: 94F0F425305D6116DA22323A5D85AAF2A44CED632471A073BF852B12C3DB3C89439DFE
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00401B63 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 72memoryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 59%
                                                                                                                                                			E00401B63(void* __ebx, void* __edx) {
				intOrPtr _t7;
				void* _t8;
				void _t11;
				void* _t13;
				void* _t21;
				void* _t24;
				void* _t30;
				void* _t33;
				void* _t34;
				void* _t37;

				_t27 = __ebx;
				_t7 =  *((intOrPtr*)(_t37 - 0x2c));
				_t30 =  *0x40b858; // 0x770a20
				if(_t7 == __ebx) {
					if(__edx == __ebx) {
						_t8 = GlobalAlloc(0x40, 0x404); // executed
						_t34 = _t8;
						_t4 = _t34 + 4; // 0x4
						E00406032(__ebx, _t30, _t34, _t4,  *((intOrPtr*)(_t37 - 0x34)));
						_t11 =  *0x40b858; // 0x770a20
						 *_t34 = _t11;
						 *0x40b858 = _t34;
					} else {
						if(_t30 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t2 = _t30 + 4; // 0x770a24
							E00406010(_t33, _t2);
							_push(_t30);
							 *0x40b858 =  *_t30;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t7 = _t7 - 1;
						if(_t30 == _t27) {
							break;
						}
						_t30 =  *_t30;
						if(_t7 != _t27) {
							continue;
						} else {
							if(_t30 == _t27) {
								break;
							} else {
								_t32 = _t30 + 4;
								E00406010(0x40a418, _t30 + 4);
								_t21 =  *0x40b858; // 0x770a20
								E00406010(_t32, _t21 + 4);
								_t24 =  *0x40b858; // 0x770a20
								_push(0x40a418);
								_push(_t24 + 4);
								E00406010();
								L15:
								 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t37 - 4));
								_t13 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E00406032(_t27, _t30, _t33, _t27, 0xffffffe8));
					E0040572C();
					_t13 = 0x7fffffff;
				}
				L17:
				return _t13;
			}













                                                                                                                                                0x00401b63
                                                                                                                                                0x00401b63
                                                                                                                                                0x00401b66
                                                                                                                                                0x00401b6e
                                                                                                                                                0x00401bb6
                                                                                                                                                0x00401be4
                                                                                                                                                0x00401bed
                                                                                                                                                0x00401bef
                                                                                                                                                0x00401bf3
                                                                                                                                                0x00401bf8
                                                                                                                                                0x00401bfd
                                                                                                                                                0x00401bff
                                                                                                                                                0x00401bb8
                                                                                                                                                0x00401bba
                                                                                                                                                0x00402783
                                                                                                                                                0x00401bc0
                                                                                                                                                0x00401bc0
                                                                                                                                                0x00401bc5
                                                                                                                                                0x00401bcc
                                                                                                                                                0x00401bcd
                                                                                                                                                0x00401bd2
                                                                                                                                                0x00401bd2
                                                                                                                                                0x00401bba
                                                                                                                                                0x00000000
                                                                                                                                                0x00401b70
                                                                                                                                                0x00401b70
                                                                                                                                                0x00401b70
                                                                                                                                                0x00401b73
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00401b79
                                                                                                                                                0x00401b7d
                                                                                                                                                0x00000000
                                                                                                                                                0x00401b7f
                                                                                                                                                0x00401b81
                                                                                                                                                0x00000000
                                                                                                                                                0x00401b87
                                                                                                                                                0x00401b87
                                                                                                                                                0x00401b91
                                                                                                                                                0x00401b96
                                                                                                                                                0x00401ba0
                                                                                                                                                0x00401ba5
                                                                                                                                                0x00401baa
                                                                                                                                                0x00401bae
                                                                                                                                                0x004028d6
                                                                                                                                                0x004029b8
                                                                                                                                                0x004029bb
                                                                                                                                                0x004029c1
                                                                                                                                                0x004029c1
                                                                                                                                                0x00401b81
                                                                                                                                                0x00000000
                                                                                                                                                0x00401b7d
                                                                                                                                                0x0040233b
                                                                                                                                                0x00402348
                                                                                                                                                0x00402349
                                                                                                                                                0x0040234e
                                                                                                                                                0x0040234e
                                                                                                                                                0x004029c3
                                                                                                                                                0x004029c7

                                                                                                                                                APIs
                                                                                                                                                • GlobalFree.KERNEL32 ref: 00401BD2
                                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401BE4
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Global$AllocFree
                                                                                                                                                • String ID: w$Call
                                                                                                                                                • API String ID: 3394109436-1471810000
                                                                                                                                                • Opcode ID: 7a1e87fb425853b68904b49cab2b03d5892deda974b16b1040f74ececbc6cd5f
                                                                                                                                                • Instruction ID: d4b557a109d17d81ab43e8b3f8c0bc9708487bd5a7f62e569783b32eaae16c6e
                                                                                                                                                • Opcode Fuzzy Hash: 7a1e87fb425853b68904b49cab2b03d5892deda974b16b1040f74ececbc6cd5f
                                                                                                                                                • Instruction Fuzzy Hash: 8D2193B2640140ABC710FFA8DA88A5E73ADEB44314B21843BF142F72D1D77899919B9D
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00402C2E Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                			E00402C2E(void* __eflags, void* _a4, char* _a8, signed int _a12) {
				void* _v8;
				char _v272;
				void* _t19;
				signed int _t25;
				intOrPtr* _t27;
				signed int _t32;
				signed int _t33;
				signed int _t34;

				_t33 = _a12;
				_t34 = _t33 & 0x00000300;
				_t32 = _t33 & 0x00000001;
				_t19 = E00405E96(__eflags, _a4, _a8, _t34 | 0x00000008,  &_v8); // executed
				if(_t19 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _t32;
						if(__eflags != 0) {
							RegCloseKey(_v8);
							return 0x3eb;
						}
						_t25 = E00402C2E(__eflags, _v8,  &_v272, _a12);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E004063A8(3);
					if(_t27 == 0) {
						return RegDeleteKeyA(_a4, _a8);
					}
					return  *_t27(_a4, _a8, _t34, 0);
				}
				return _t19;
			}











                                                                                                                                                0x00402c39
                                                                                                                                                0x00402c42
                                                                                                                                                0x00402c4b
                                                                                                                                                0x00402c57
                                                                                                                                                0x00402c5e
                                                                                                                                                0x00402c82
                                                                                                                                                0x00402c68
                                                                                                                                                0x00402c6a
                                                                                                                                                0x00402cbd
                                                                                                                                                0x00000000
                                                                                                                                                0x00402cc3
                                                                                                                                                0x00402c79
                                                                                                                                                0x00402c7e
                                                                                                                                                0x00402c80
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00402c80
                                                                                                                                                0x00402c9c
                                                                                                                                                0x00402ca4
                                                                                                                                                0x00402cab
                                                                                                                                                0x00000000
                                                                                                                                                0x00402cd0
                                                                                                                                                0x00000000
                                                                                                                                                0x00402cb6
                                                                                                                                                0x00402cda

                                                                                                                                                APIs
                                                                                                                                                • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402C93
                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402C9C
                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402CBD
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Close$Enum
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 464197530-0
                                                                                                                                                • Opcode ID: effb832a44eae474ef75c518ed00afd6638a3a1b55d5a88c518eff5d822b0912
                                                                                                                                                • Instruction ID: 2c23bb11d6ae01cf130d195ddd5538b48d854d6e1d77fd04796d14e07e1bb179
                                                                                                                                                • Opcode Fuzzy Hash: effb832a44eae474ef75c518ed00afd6638a3a1b55d5a88c518eff5d822b0912
                                                                                                                                                • Instruction Fuzzy Hash: 70116A32504109FBEF129F90DF09B9E7B6DEB54340F204036BD45B61E0E7B59E15ABA8
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004015BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                			E004015BB(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402B2C(0xfffffff0);
				_t13 = E00405A41(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E004059D3(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E0040567A(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x2c)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x2c)) == _t26 || E00405697(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E004055FD(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x30)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406010("C:\\Program Files\\Wildix\\WIService", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                                                                                                                0x004015bb
                                                                                                                                                0x004015c2
                                                                                                                                                0x004015c5
                                                                                                                                                0x004015ca
                                                                                                                                                0x004015ce
                                                                                                                                                0x004015d0
                                                                                                                                                0x004015d8
                                                                                                                                                0x004015da
                                                                                                                                                0x004015dc
                                                                                                                                                0x004015e0
                                                                                                                                                0x004015e3
                                                                                                                                                0x004015fb
                                                                                                                                                0x004015fc
                                                                                                                                                0x004015e5
                                                                                                                                                0x004015e5
                                                                                                                                                0x004015e8
                                                                                                                                                0x00000000
                                                                                                                                                0x004015f3
                                                                                                                                                0x004015f4
                                                                                                                                                0x004015f4
                                                                                                                                                0x004015e8
                                                                                                                                                0x00401603
                                                                                                                                                0x0040160a
                                                                                                                                                0x00401617
                                                                                                                                                0x00401617
                                                                                                                                                0x0040160c
                                                                                                                                                0x0040160d
                                                                                                                                                0x00401615
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00401615
                                                                                                                                                0x0040160a
                                                                                                                                                0x0040161a
                                                                                                                                                0x0040161d
                                                                                                                                                0x0040161f
                                                                                                                                                0x00401620
                                                                                                                                                0x004015d0
                                                                                                                                                0x00401627
                                                                                                                                                0x00401652
                                                                                                                                                0x004022a4
                                                                                                                                                0x00401629
                                                                                                                                                0x0040162b
                                                                                                                                                0x00401636
                                                                                                                                                0x0040163c
                                                                                                                                                0x00401644
                                                                                                                                                0x0040164a
                                                                                                                                                0x0040164a
                                                                                                                                                0x00401644
                                                                                                                                                0x004029bb
                                                                                                                                                0x004029c7

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00405A41: CharNextA.USER32(?,?,C:\,?,00405AAD,C:\,C:\,74D0FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A4F
                                                                                                                                                  • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A54
                                                                                                                                                  • Part of subcall function 00405A41: CharNextA.USER32(00000000), ref: 00405A68
                                                                                                                                                • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                                                                                                                  • Part of subcall function 004055FD: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405640
                                                                                                                                                • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Program Files\Wildix\WIService,00000000,00000000,000000F0), ref: 0040163C
                                                                                                                                                Strings
                                                                                                                                                • C:\Program Files\Wildix\WIService, xrefs: 00401631
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                • String ID: C:\Program Files\Wildix\WIService
                                                                                                                                                • API String ID: 1892508949-2436880260
                                                                                                                                                • Opcode ID: 08a3087bb2a30077ba34e7e92968e352eff6a2b7baf1aa2c3a4ea80dfe544a50
                                                                                                                                                • Instruction ID: 1afb8a6b6fc663fc0b529d5452f3d1f5a7876e1f873962654dbae4e79628cbca
                                                                                                                                                • Opcode Fuzzy Hash: 08a3087bb2a30077ba34e7e92968e352eff6a2b7baf1aa2c3a4ea80dfe544a50
                                                                                                                                                • Instruction Fuzzy Hash: 08112731508141EBCB217FB54D41A7F36B4AE96324F68093FE4D1B22E2D63D4842AA2F
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00401EC3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 69%
                                                                                                                                                			E00401EC3(void* __ecx, void* __eflags) {
				intOrPtr _t20;
				void* _t39;
				void* _t42;
				void* _t47;

				_t42 = __ecx;
				_t45 = E00402B2C(_t39);
				_t20 = E00402B2C(0x31);
				_t43 = E00402B2C(0x22);
				E00402B2C(0x15);
				E00401423(0xffffffec);
				 *(_t47 - 0x80) =  *(_t47 - 0x24);
				 *((intOrPtr*)(_t47 - 0x7c)) =  *((intOrPtr*)(_t47 - 8));
				 *((intOrPtr*)(_t47 - 0x68)) =  *((intOrPtr*)(_t47 - 0x28));
				asm("sbb eax, eax");
				 *((intOrPtr*)(_t47 - 0x74)) = _t20;
				 *(_t47 - 0x78) =  ~( *_t19) & _t45;
				asm("sbb eax, eax");
				 *(_t47 - 0x6c) = "C:\\Program Files\\Wildix\\WIService";
				 *(_t47 - 0x70) =  ~( *_t21) & _t43;
				if(E004056F2(_t47 - 0x84) == 0) {
					 *((intOrPtr*)(_t47 - 4)) = 1;
				} else {
					if(( *(_t47 - 0x80) & 0x00000040) != 0) {
						E0040641D(_t42,  *((intOrPtr*)(_t47 - 0x4c)));
						_push( *((intOrPtr*)(_t47 - 0x4c)));
						FindCloseChangeNotification(); // executed
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t47 - 4));
				return 0;
			}







                                                                                                                                                0x00401ec3
                                                                                                                                                0x00401ecb
                                                                                                                                                0x00401ecd
                                                                                                                                                0x00401edd
                                                                                                                                                0x00401edf
                                                                                                                                                0x00401ee6
                                                                                                                                                0x00401eee
                                                                                                                                                0x00401ef4
                                                                                                                                                0x00401efa
                                                                                                                                                0x00401f01
                                                                                                                                                0x00401f03
                                                                                                                                                0x00401f08
                                                                                                                                                0x00401f0f
                                                                                                                                                0x00401f11
                                                                                                                                                0x00401f1a
                                                                                                                                                0x00401f2b
                                                                                                                                                0x00402783
                                                                                                                                                0x00401f31
                                                                                                                                                0x00401f35
                                                                                                                                                0x00401f3e
                                                                                                                                                0x00401f43
                                                                                                                                                0x00401f8d
                                                                                                                                                0x00401f8d
                                                                                                                                                0x00401f35
                                                                                                                                                0x004029bb
                                                                                                                                                0x004029c7

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 004056F2: ShellExecuteExA.SHELL32(?,004044E5,?), ref: 00405701
                                                                                                                                                  • Part of subcall function 0040641D: WaitForSingleObject.KERNEL32(?,00000064), ref: 0040642E
                                                                                                                                                  • Part of subcall function 0040641D: GetExitCodeProcess.KERNELBASE ref: 00406450
                                                                                                                                                • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?), ref: 00401F8D
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ChangeCloseCodeExecuteExitFindNotificationObjectProcessShellSingleWait
                                                                                                                                                • String ID: @$C:\Program Files\Wildix\WIService
                                                                                                                                                • API String ID: 4215836453-3745962701
                                                                                                                                                • Opcode ID: cf3c511861800785f352644d97d65b582d51a86a7b2ce5ffa791d17948a500f0
                                                                                                                                                • Instruction ID: 577b900a760e5ca89da3760b6b8950c99b83f280e087cd582299b2594771d0cd
                                                                                                                                                • Opcode Fuzzy Hash: cf3c511861800785f352644d97d65b582d51a86a7b2ce5ffa791d17948a500f0
                                                                                                                                                • Instruction Fuzzy Hash: 66113D71E042049ACB11EFB98A45A8DBFF4AF08314F64057BE450F72C2D7B88805DF18
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00405EF7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 90%
                                                                                                                                                			E00405EF7(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x400;
				_t21 = E00405E96(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExA(_a20, _a12, 0,  &_a8, _t30,  &_v8); // executed
					_t21 = RegCloseKey(_a20); // executed
					_t30[0x3ff] = _t30[0x3ff] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                                                                                                0x00405f05
                                                                                                                                                0x00405f07
                                                                                                                                                0x00405f1f
                                                                                                                                                0x00405f24
                                                                                                                                                0x00405f29
                                                                                                                                                0x00405f66
                                                                                                                                                0x00405f66
                                                                                                                                                0x00405f2b
                                                                                                                                                0x00405f3d
                                                                                                                                                0x00405f48
                                                                                                                                                0x00405f4e
                                                                                                                                                0x00405f58
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405f58
                                                                                                                                                0x00405f6b

                                                                                                                                                APIs
                                                                                                                                                • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,00000400,Remove folder: ,?,?,?,?,00000002,Remove folder: ,?,0040613B,80000002), ref: 00405F3D
                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,0040613B,80000002,Software\Microsoft\Windows\CurrentVersion,Remove folder: ,Remove folder: ,Remove folder: ,?,Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\), ref: 00405F48
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CloseQueryValue
                                                                                                                                                • String ID: Remove folder:
                                                                                                                                                • API String ID: 3356406503-1958208860
                                                                                                                                                • Opcode ID: 074503bd4819f587f33d8f4257f8029770edcc3592d90d126d241b317bef6944
                                                                                                                                                • Instruction ID: 2ff6a7a209fcbf00177f68e0cac6a7fed3d2e9df1b1dc864ec66af95abe17f1f
                                                                                                                                                • Opcode Fuzzy Hash: 074503bd4819f587f33d8f4257f8029770edcc3592d90d126d241b317bef6944
                                                                                                                                                • Instruction Fuzzy Hash: 63017C7250060AABDF228F61CD09FDB3FA8EF59364F04403AF955E2190D2B8DA54CFA4
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004056AF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E004056AF(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x42c078->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x42c078,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                                                                0x004056b8
                                                                                                                                                0x004056d8
                                                                                                                                                0x004056e0
                                                                                                                                                0x004056e5
                                                                                                                                                0x00000000
                                                                                                                                                0x004056eb
                                                                                                                                                0x004056ef

                                                                                                                                                APIs
                                                                                                                                                • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C078,Error launching installer), ref: 004056D8
                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 004056E5
                                                                                                                                                Strings
                                                                                                                                                • Error launching installer, xrefs: 004056C2
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CloseCreateHandleProcess
                                                                                                                                                • String ID: Error launching installer
                                                                                                                                                • API String ID: 3712363035-66219284
                                                                                                                                                • Opcode ID: a2b9ecb8406674d5a7d1aded78611502900df459338db245270d40db8d5eaf79
                                                                                                                                                • Instruction ID: d682804100e664e073205113f6b11307167482a28e2818ee20dd6d85df95f7a7
                                                                                                                                                • Opcode Fuzzy Hash: a2b9ecb8406674d5a7d1aded78611502900df459338db245270d40db8d5eaf79
                                                                                                                                                • Instruction Fuzzy Hash: CFE046F0640209BFEB109FA0EE49F7F7AADEB00704F404521BD00F2190EA7498088A7C
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00403798 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00403798() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x429834; // 0x0
				_t3 = E0040377D(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8)); // executed
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x429834 =  *0x429834 & 0x00000000;
				return _t3;
			}







                                                                                                                                                0x00403799
                                                                                                                                                0x004037a1
                                                                                                                                                0x004037a8
                                                                                                                                                0x004037ab
                                                                                                                                                0x004037ab
                                                                                                                                                0x004037ad
                                                                                                                                                0x004037b2
                                                                                                                                                0x004037b9
                                                                                                                                                0x004037bf
                                                                                                                                                0x004037c3
                                                                                                                                                0x004037c4
                                                                                                                                                0x004037cc

                                                                                                                                                APIs
                                                                                                                                                • FreeLibrary.KERNELBASE(?,74D0FA90,00000000,C:\Users\user\AppData\Local\Temp\,00403770,0040358A,?,?,00000006,00000008,0000000A), ref: 004037B2
                                                                                                                                                • GlobalFree.KERNEL32 ref: 004037B9
                                                                                                                                                Strings
                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00403798
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Free$GlobalLibrary
                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                • API String ID: 1100898210-3916508600
                                                                                                                                                • Opcode ID: 248c780681ff10c09d9810c58c710ba8abcca500869ff380da07a7f320702544
                                                                                                                                                • Instruction ID: 06ba742c3ad1fb67bc09d12af4c86e1058789e05b1a36190638fabe2eea0851a
                                                                                                                                                • Opcode Fuzzy Hash: 248c780681ff10c09d9810c58c710ba8abcca500869ff380da07a7f320702544
                                                                                                                                                • Instruction Fuzzy Hash: EAE0C27352212097C7312F15EE04B1AB7A86F86F22F09403AE8407B2A087741C438BCC
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0040254C Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                			E0040254C(int* __ebx, intOrPtr __edx, char* __esi) {
				void* _t9;
				int _t10;
				long _t13;
				int* _t16;
				intOrPtr _t21;
				void* _t22;
				char* _t24;
				void* _t26;
				void* _t29;

				_t24 = __esi;
				_t21 = __edx;
				_t16 = __ebx;
				_t9 = E00402B6C(_t29, 0x20019); // executed
				_t22 = _t9;
				_t10 = E00402B0A(3);
				 *((intOrPtr*)(_t26 - 0x10)) = _t21;
				 *__esi = __ebx;
				if(_t22 == __ebx) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				} else {
					 *(_t26 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t26 - 0x24)) == __ebx) {
						_t13 = RegEnumValueA(_t22, _t10, __esi, _t26 + 8, __ebx, __ebx, __ebx, __ebx); // executed
						__eflags = _t13;
						if(_t13 != 0) {
							 *((intOrPtr*)(_t26 - 4)) = 1;
						}
					} else {
						RegEnumKeyA(_t22, _t10, __esi, 0x3ff);
					}
					_t24[0x3ff] = _t16;
					_push(_t22); // executed
					RegCloseKey(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}












                                                                                                                                                0x0040254c
                                                                                                                                                0x0040254c
                                                                                                                                                0x0040254c
                                                                                                                                                0x00402551
                                                                                                                                                0x00402558
                                                                                                                                                0x0040255a
                                                                                                                                                0x00402562
                                                                                                                                                0x00402565
                                                                                                                                                0x00402567
                                                                                                                                                0x00402783
                                                                                                                                                0x0040256d
                                                                                                                                                0x00402575
                                                                                                                                                0x00402578
                                                                                                                                                0x00402591
                                                                                                                                                0x00402597
                                                                                                                                                0x00402599
                                                                                                                                                0x0040259b
                                                                                                                                                0x0040259b
                                                                                                                                                0x0040257a
                                                                                                                                                0x0040257e
                                                                                                                                                0x0040257e
                                                                                                                                                0x004025a2
                                                                                                                                                0x004025a8
                                                                                                                                                0x004025a9
                                                                                                                                                0x004025a9
                                                                                                                                                0x004029bb
                                                                                                                                                0x004029c7

                                                                                                                                                APIs
                                                                                                                                                • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 0040257E
                                                                                                                                                • RegEnumValueA.KERNELBASE(00000000,00000000,?,?), ref: 00402591
                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nspF522.tmp,00000000,00000011,00000002), ref: 004025A9
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Enum$CloseValue
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 397863658-0
                                                                                                                                                • Opcode ID: 37e738cec324d61a2f70768af6b191aeff6b55d76fe7f4a5df61323c4f48b18c
                                                                                                                                                • Instruction ID: 759f5540e81814690deb71b34766d19dbbd7be08400e999f0e3afb18397e9514
                                                                                                                                                • Opcode Fuzzy Hash: 37e738cec324d61a2f70768af6b191aeff6b55d76fe7f4a5df61323c4f48b18c
                                                                                                                                                • Instruction Fuzzy Hash: 7501BCB1A01205FFE7119F699E89ABF7ABCEB40344F10003EF442B62C0D6F84E049669
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00405790 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 41%
                                                                                                                                                			E00405790(void* __eflags, CHAR* _a4, signed int _a8) {
				int _t9;
				long _t13;
				CHAR* _t14;

				_t14 = _a4;
				_t13 = E00405B84(_t14);
				if(_t13 == 0xffffffff) {
					L8:
					return 0;
				}
				_push(_t14);
				if((_a8 & 0x00000001) == 0) {
					_t9 = DeleteFileA(); // executed
				} else {
					_t9 = RemoveDirectoryA(); // executed
				}
				if(_t9 == 0) {
					if((_a8 & 0x00000004) == 0) {
						SetFileAttributesA(_t14, _t13);
					}
					goto L8;
				} else {
					return 1;
				}
			}






                                                                                                                                                0x00405791
                                                                                                                                                0x0040579c
                                                                                                                                                0x004057a1
                                                                                                                                                0x004057d1
                                                                                                                                                0x00000000
                                                                                                                                                0x004057d1
                                                                                                                                                0x004057a8
                                                                                                                                                0x004057a9
                                                                                                                                                0x004057b3
                                                                                                                                                0x004057ab
                                                                                                                                                0x004057ab
                                                                                                                                                0x004057ab
                                                                                                                                                0x004057bb
                                                                                                                                                0x004057c7
                                                                                                                                                0x004057cb
                                                                                                                                                0x004057cb
                                                                                                                                                0x00000000
                                                                                                                                                0x004057bd
                                                                                                                                                0x00000000
                                                                                                                                                0x004057bf

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00405B84: GetFileAttributesA.KERNELBASE(?,?,0040579C,?,?,00000000,0040597F,?,?,?,?), ref: 00405B89
                                                                                                                                                  • Part of subcall function 00405B84: SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405B9D
                                                                                                                                                • RemoveDirectoryA.KERNELBASE(?,?,?,00000000,0040597F), ref: 004057AB
                                                                                                                                                • DeleteFileA.KERNELBASE(?,?,?,00000000,0040597F), ref: 004057B3
                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 004057CB
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1655745494-0
                                                                                                                                                • Opcode ID: 1b58439dbc4d5c75e8d4a1b60800a1a05f091bf10d9841f58e7402e1275724a5
                                                                                                                                                • Instruction ID: 506f0000beea922c53fa0ef56bc3bb9d2703a559d1119bf8978eeb103538cabb
                                                                                                                                                • Opcode Fuzzy Hash: 1b58439dbc4d5c75e8d4a1b60800a1a05f091bf10d9841f58e7402e1275724a5
                                                                                                                                                • Instruction Fuzzy Hash: 6CE0E531115AA197D61057308E0CB5B3AA8DF86328F19093BF992B31D0C7784446DA7E
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0040641D Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E0040641D(void* __ecx, void* _a4) {
				long _v8;
				long _t6;

				_t6 = WaitForSingleObject(_a4, 0x64);
				while(_t6 == 0x102) {
					E004063E4(0xf);
					_t6 = WaitForSingleObject(_a4, 0x64);
				}
				GetExitCodeProcess(_a4,  &_v8); // executed
				return _v8;
			}





                                                                                                                                                0x0040642e
                                                                                                                                                0x00406445
                                                                                                                                                0x00406439
                                                                                                                                                0x00406443
                                                                                                                                                0x00406443
                                                                                                                                                0x00406450
                                                                                                                                                0x0040645c

                                                                                                                                                APIs
                                                                                                                                                • WaitForSingleObject.KERNEL32(?,00000064), ref: 0040642E
                                                                                                                                                • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00406443
                                                                                                                                                • GetExitCodeProcess.KERNELBASE ref: 00406450
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ObjectSingleWait$CodeExitProcess
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2567322000-0
                                                                                                                                                • Opcode ID: ba1f5f7b1c079a3fea216180ff6ccd943cd28908d0f0f38788cddc90b9a261d1
                                                                                                                                                • Instruction ID: 6f56b437189419413ec573bccc3706163814273e018c7f0254a54b1a0f200d97
                                                                                                                                                • Opcode Fuzzy Hash: ba1f5f7b1c079a3fea216180ff6ccd943cd28908d0f0f38788cddc90b9a261d1
                                                                                                                                                • Instruction Fuzzy Hash: 20E09271600118BBDB009B44CD06E9E7B6EDB44704F118037BA01B6191D7B59E21AAA8
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00404077 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00404077(int _a4) {
				long _t3;

				if(_a4 == 0x78) {
					 *0x42ebcc =  *0x42ebcc + 1;
				}
				_t3 = SendMessageA( *0x42f408, 0x408, _a4, 0); // executed
				return _t3;
			}




                                                                                                                                                0x0040407c
                                                                                                                                                0x0040407e
                                                                                                                                                0x0040407e
                                                                                                                                                0x00404095
                                                                                                                                                0x0040409b

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend
                                                                                                                                                • String ID: x
                                                                                                                                                • API String ID: 3850602802-2363233923
                                                                                                                                                • Opcode ID: d0add7324732fce91589cd8bfabcb93b1107eecee7d8e80373a82594021fe62f
                                                                                                                                                • Instruction ID: 6e6e0ac04f30e7c890d5ef3c8d8e3b01949096d6229b6743b87dfda34c58e9b9
                                                                                                                                                • Opcode Fuzzy Hash: d0add7324732fce91589cd8bfabcb93b1107eecee7d8e80373a82594021fe62f
                                                                                                                                                • Instruction Fuzzy Hash: BBC012B1244202AADB209B01DF04F167A30BBA0702F60803DF791210B186701422DF1C
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004024DA Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                			E004024DA(int* __ebx, char* __esi) {
				void* _t17;
				char* _t18;
				long _t21;
				void* _t33;
				void* _t37;
				void* _t40;

				_t35 = __esi;
				_t27 = __ebx;
				_t17 = E00402B6C(_t40, 0x20019); // executed
				_t33 = _t17;
				_t18 = E00402B2C(0x33);
				 *__esi = __ebx;
				if(_t33 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x10) = 0x400;
					_t21 = RegQueryValueExA(_t33, _t18, __ebx, _t37 + 8, __esi, _t37 - 0x10); // executed
					if(_t21 != 0) {
						L7:
						 *_t35 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x24) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x24) == __ebx;
							E00405F6E(__esi,  *__esi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x24);
								_t35[0x3ff] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t33); // executed
					RegCloseKey(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *(_t37 - 4);
				return 0;
			}









                                                                                                                                                0x004024da
                                                                                                                                                0x004024da
                                                                                                                                                0x004024df
                                                                                                                                                0x004024e6
                                                                                                                                                0x004024e8
                                                                                                                                                0x004024ef
                                                                                                                                                0x004024f1
                                                                                                                                                0x00402783
                                                                                                                                                0x004024f7
                                                                                                                                                0x004024fa
                                                                                                                                                0x0040250a
                                                                                                                                                0x00402515
                                                                                                                                                0x00402545
                                                                                                                                                0x00402545
                                                                                                                                                0x00402547
                                                                                                                                                0x00402517
                                                                                                                                                0x0040251b
                                                                                                                                                0x00402534
                                                                                                                                                0x0040253b
                                                                                                                                                0x0040253e
                                                                                                                                                0x0040251d
                                                                                                                                                0x00402520
                                                                                                                                                0x0040252b
                                                                                                                                                0x004025a2
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00402520
                                                                                                                                                0x0040251b
                                                                                                                                                0x004025a8
                                                                                                                                                0x004025a9
                                                                                                                                                0x004025a9
                                                                                                                                                0x004029bb
                                                                                                                                                0x004029c7

                                                                                                                                                APIs
                                                                                                                                                • RegQueryValueExA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040250A
                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nspF522.tmp,00000000,00000011,00000002), ref: 004025A9
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CloseQueryValue
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3356406503-0
                                                                                                                                                • Opcode ID: a37d31d288198b64adb47b8aa86d19c7af9168ca8919097579984168ba4b2254
                                                                                                                                                • Instruction ID: 8c7c89e59df7b4709da067e0fd7ec9be99446db0afc11a297a964fac99c2b4a6
                                                                                                                                                • Opcode Fuzzy Hash: a37d31d288198b64adb47b8aa86d19c7af9168ca8919097579984168ba4b2254
                                                                                                                                                • Instruction Fuzzy Hash: E5116A71901205EEDB11CF64CA599AEBAB4AB19348F60447FE042B62C0D6B88A45DB6D
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 59%
                                                                                                                                                			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42f450;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42ebec =  *0x42ebec + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42ebec, 0x7530,  *0x42ebd4), 0); // executed
					}
				}
				return 0;
			}











                                                                                                                                                0x0040138a
                                                                                                                                                0x004013fa
                                                                                                                                                0x0040139b
                                                                                                                                                0x004013a0
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004013a2
                                                                                                                                                0x004013a3
                                                                                                                                                0x004013ad
                                                                                                                                                0x00000000
                                                                                                                                                0x00401404
                                                                                                                                                0x004013b0
                                                                                                                                                0x004013b7
                                                                                                                                                0x004013bd
                                                                                                                                                0x004013be
                                                                                                                                                0x004013c0
                                                                                                                                                0x004013c2
                                                                                                                                                0x004013b9
                                                                                                                                                0x004013b9
                                                                                                                                                0x004013ba
                                                                                                                                                0x004013ba
                                                                                                                                                0x004013c9
                                                                                                                                                0x004013cb
                                                                                                                                                0x004013f4
                                                                                                                                                0x004013f4
                                                                                                                                                0x004013c9
                                                                                                                                                0x00000000

                                                                                                                                                APIs
                                                                                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                • SendMessageA.USER32 ref: 004013F4
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                • Opcode ID: 3ffebd5fca59fb87aab51f7597ede924ce92eaed1a0ec0a619fe9c5b1ad01a7d
                                                                                                                                                • Instruction ID: 5ed4d9c38c73c282456bb639181f16eab54b9a7fb1a82fe129ff52a3f74c88ba
                                                                                                                                                • Opcode Fuzzy Hash: 3ffebd5fca59fb87aab51f7597ede924ce92eaed1a0ec0a619fe9c5b1ad01a7d
                                                                                                                                                • Instruction Fuzzy Hash: B101F4317242109BE7199B399D04B6A3698E710719F54823FF852F61F1D678EC028B4C
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004023E8 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E004023E8(void* __ebx, void* __edx) {
				long _t6;
				void* _t9;
				long _t11;
				void* _t13;
				long _t18;
				void* _t20;
				void* _t22;
				void* _t23;

				_t13 = __ebx;
				_t26 =  *(_t23 - 0x24) - __ebx;
				_t20 = __edx;
				if( *(_t23 - 0x24) != __ebx) {
					_t6 = E00402BEA(_t20, E00402B2C(0x22),  *(_t23 - 0x24) >> 1); // executed
					_t18 = _t6;
					goto L4;
				} else {
					_t9 = E00402B6C(_t26, 2); // executed
					_t22 = _t9;
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t11 = RegDeleteValueA(_t22, E00402B2C(0x33)); // executed
						_t18 = _t11; // executed
						RegCloseKey(_t22); // executed
						L4:
						if(_t18 != _t13) {
							goto L6;
						}
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}











                                                                                                                                                0x004023e8
                                                                                                                                                0x004023e8
                                                                                                                                                0x004023eb
                                                                                                                                                0x004023ed
                                                                                                                                                0x00402429
                                                                                                                                                0x0040242e
                                                                                                                                                0x00000000
                                                                                                                                                0x004023ef
                                                                                                                                                0x004023f1
                                                                                                                                                0x004023f6
                                                                                                                                                0x004023fa
                                                                                                                                                0x00402783
                                                                                                                                                0x00402783
                                                                                                                                                0x00402400
                                                                                                                                                0x00402409
                                                                                                                                                0x00402410
                                                                                                                                                0x00402412
                                                                                                                                                0x00402430
                                                                                                                                                0x00402432
                                                                                                                                                0x00000000
                                                                                                                                                0x00402438
                                                                                                                                                0x00402432
                                                                                                                                                0x004023fa
                                                                                                                                                0x004029bb
                                                                                                                                                0x004029c7

                                                                                                                                                APIs
                                                                                                                                                • RegDeleteValueA.KERNELBASE(00000000,00000000,00000033), ref: 00402409
                                                                                                                                                • RegCloseKey.KERNELBASE(00000000), ref: 00402412
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CloseDeleteValue
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2831762973-0
                                                                                                                                                • Opcode ID: e7d8a32b6411c19df594e44ef8f442ab4c5114c567b1e7e96baca4bbbe39ce49
                                                                                                                                                • Instruction ID: 992cd2d97de9e3103286cc81bf95427654d5587fd7cb6228862516595ad29640
                                                                                                                                                • Opcode Fuzzy Hash: e7d8a32b6411c19df594e44ef8f442ab4c5114c567b1e7e96baca4bbbe39ce49
                                                                                                                                                • Instruction Fuzzy Hash: 17F0BB32A00120ABD701AFB89B4DBAE72B9DB54314F15017FF502B72C1D5F85E01876D
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00405209 Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 50%
                                                                                                                                                			E00405209(signed int __eax) {
				intOrPtr _v0;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t12;

				_t11 =  *0x42f448;
				_t10 =  *0x42f44c;
				__imp__OleInitialize(0);
				 *0x42f4d8 =  *0x42f4d8 | __eax;
				E004040EA(0);
				if(_t10 != 0) {
					_t12 = _t11 + 0xc;
					while(1) {
						_t10 = _t10 - 1;
						if(( *(_t12 - 4) & 0x00000001) != 0 && E00401389( *_t12, _v0) != 0) {
							break;
						}
						_t12 = _t12 + 0x418;
						if(_t10 != 0) {
							continue;
						} else {
						}
						goto L7;
					}
					 *0x42f4ac =  *0x42f4ac + 1;
				}
				L7:
				E004040EA(0x404); // executed
				__imp__OleUninitialize(); // executed
				return  *0x42f4ac;
			}







                                                                                                                                                0x0040520a
                                                                                                                                                0x00405211
                                                                                                                                                0x00405219
                                                                                                                                                0x0040521f
                                                                                                                                                0x00405227
                                                                                                                                                0x0040522e
                                                                                                                                                0x00405230
                                                                                                                                                0x00405233
                                                                                                                                                0x00405233
                                                                                                                                                0x00405238
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405249
                                                                                                                                                0x00405251
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405253
                                                                                                                                                0x00000000
                                                                                                                                                0x00405251
                                                                                                                                                0x00405255
                                                                                                                                                0x00405255
                                                                                                                                                0x0040525b
                                                                                                                                                0x00405260
                                                                                                                                                0x00405265
                                                                                                                                                0x00405272

                                                                                                                                                APIs
                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 00405219
                                                                                                                                                  • Part of subcall function 004040EA: SendMessageA.USER32 ref: 004040FC
                                                                                                                                                • OleUninitialize.OLE32(00000404,00000000), ref: 00405265
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InitializeMessageSendUninitialize
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2896919175-0
                                                                                                                                                • Opcode ID: ff5a6a7b65a814117e5c60406d4b68c11f41b4a06df9feb66e55404f69fd7fd5
                                                                                                                                                • Instruction ID: 9a3391529ab878983223843ca161e5b6bea3d4eac8d78fefe4e57b08d02bc963
                                                                                                                                                • Opcode Fuzzy Hash: ff5a6a7b65a814117e5c60406d4b68c11f41b4a06df9feb66e55404f69fd7fd5
                                                                                                                                                • Instruction Fuzzy Hash: 7CF02E76600A009BE7607B419D00B2773B0EFE4304F89407EEF84B32E0C6B4480A8E2D
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00401E8F Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 00401EAD
                                                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 00401EB8
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Window$EnableShow
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1136574915-0
                                                                                                                                                • Opcode ID: 60579c61b8fc3e92e0b20083f3f7482ea71f5cfdf734f7dc30cff7867d3a32c3
                                                                                                                                                • Instruction ID: 7fbf7b0d0ba3701f7dde453fb78fdd8a50fc9e37effb985a404cedd6fc5a31c1
                                                                                                                                                • Opcode Fuzzy Hash: 60579c61b8fc3e92e0b20083f3f7482ea71f5cfdf734f7dc30cff7867d3a32c3
                                                                                                                                                • Instruction Fuzzy Hash: 72E09272A04210DFD705DFA8AA849AE73B4FB40325F10093BE102F11C1C7B44840866C
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004063A8 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E004063A8(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a240);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a240));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a244));
				}
				_t5 = E0040633A(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                                                                                0x004063b0
                                                                                                                                                0x004063b3
                                                                                                                                                0x004063ba
                                                                                                                                                0x004063c2
                                                                                                                                                0x004063ce
                                                                                                                                                0x00000000
                                                                                                                                                0x004063d5
                                                                                                                                                0x004063c5
                                                                                                                                                0x004063cc
                                                                                                                                                0x00000000
                                                                                                                                                0x004063dd
                                                                                                                                                0x00000000

                                                                                                                                                APIs
                                                                                                                                                • GetModuleHandleA.KERNEL32(?,?,?,004032DE,0000000A), ref: 004063BA
                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 004063D5
                                                                                                                                                  • Part of subcall function 0040633A: GetSystemDirectoryA.KERNEL32 ref: 00406351
                                                                                                                                                  • Part of subcall function 0040633A: wsprintfA.USER32 ref: 0040638A
                                                                                                                                                  • Part of subcall function 0040633A: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040639E
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2547128583-0
                                                                                                                                                • Opcode ID: 30985bc18176bda4dfc46ca2d396654736e9499ca8d22b71f2c1527f66d3312f
                                                                                                                                                • Instruction ID: 650a49b09a3c495eabc0f371936d9c907298e200c4f2363c251d84495e191d7a
                                                                                                                                                • Opcode Fuzzy Hash: 30985bc18176bda4dfc46ca2d396654736e9499ca8d22b71f2c1527f66d3312f
                                                                                                                                                • Instruction Fuzzy Hash: B4E08C32604220ABD2106A74AE0493B72A89E94710302083EF947F2240DB389C3697AD
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00402993 Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00402993(signed int __eax) {
				RECT* _t10;
				signed int _t12;
				void* _t16;

				_t12 =  *0x42b870; // 0x1
				SendMessageA( *(_t16 - 8), 0xb, _t12 & __eax, _t10); // executed
				if( *((intOrPtr*)(_t16 - 0x34)) != _t10) {
					InvalidateRect( *(_t16 - 8), _t10, _t10);
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t16 - 4));
				return 0;
			}






                                                                                                                                                0x00402993
                                                                                                                                                0x004029a2
                                                                                                                                                0x004029ab
                                                                                                                                                0x004029b2
                                                                                                                                                0x004029b2
                                                                                                                                                0x004029bb
                                                                                                                                                0x004029c7

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InvalidateMessageRectSend
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 909852535-0
                                                                                                                                                • Opcode ID: 08287b19beff2d3980bc7ebf44cde7c4714da73374600cb08e35e870e01d295a
                                                                                                                                                • Instruction ID: f58d41f9996718f1ea736214635b9ef7473e5cabeea884c3907a6985d53d1a20
                                                                                                                                                • Opcode Fuzzy Hash: 08287b19beff2d3980bc7ebf44cde7c4714da73374600cb08e35e870e01d295a
                                                                                                                                                • Instruction Fuzzy Hash: D2E08CB2700008FFEB11DBA4EE84DAEB7B9FB00319F00007AF502E10A0D7704D02EA28
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00405BA9 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 68%
                                                                                                                                                			E00405BA9(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                                                0x00405bad
                                                                                                                                                0x00405bba
                                                                                                                                                0x00405bcf
                                                                                                                                                0x00405bd5

                                                                                                                                                APIs
                                                                                                                                                • GetFileAttributesA.KERNELBASE(00000003,00402E04,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405BAD
                                                                                                                                                • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BCF
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: File$AttributesCreate
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 415043291-0
                                                                                                                                                • Opcode ID: 80243517f436f95d2d00e5b5224d95f101b34955670c918b0becce4e09b30ec3
                                                                                                                                                • Instruction ID: 6905ba7dec075751c4c8bdaf1e97cd52a4ed4154a0977e2bcfee25d1bc4df630
                                                                                                                                                • Opcode Fuzzy Hash: 80243517f436f95d2d00e5b5224d95f101b34955670c918b0becce4e09b30ec3
                                                                                                                                                • Instruction Fuzzy Hash: F5D09E31254201EFEF098F20DE16F2EBBA2EB94B00F11952CB682944E1DA715819AB19
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00405B84 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00405B84(CHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesA(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesA(_a4, _t3 & 0x000000fe); // executed
				}
				return _t7;
			}





                                                                                                                                                0x00405b89
                                                                                                                                                0x00405b8f
                                                                                                                                                0x00405b94
                                                                                                                                                0x00405b9d
                                                                                                                                                0x00405b9d
                                                                                                                                                0x00405ba6

                                                                                                                                                APIs
                                                                                                                                                • GetFileAttributesA.KERNELBASE(?,?,0040579C,?,?,00000000,0040597F,?,?,?,?), ref: 00405B89
                                                                                                                                                • SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405B9D
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                • Opcode ID: a53a5738952024e77fe51bdf82e6835a24f68a8863f167a8e3b3ad13dd9f075c
                                                                                                                                                • Instruction ID: 89bb1c08115ccb47c9876ad1094a3663263f91dea81084495bed50ebcc9a35d2
                                                                                                                                                • Opcode Fuzzy Hash: a53a5738952024e77fe51bdf82e6835a24f68a8863f167a8e3b3ad13dd9f075c
                                                                                                                                                • Instruction Fuzzy Hash: B7D0C972504421ABD2102728AE0889BBBA5DB542717028A36F9A5A22B1DB304C569A99
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00403753 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00403753() {
				void* _t1;
				void* _t3;
				signed int _t6;

				_t1 =  *0x40a018; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
					_t6 =  *0x40a018;
				}
				E00403798();
				_t3 = E004057D8(_t6, "C:\\Users\\hardz\\AppData\\Local\\Temp\\nspF522.tmp\\", 7); // executed
				return _t3;
			}






                                                                                                                                                0x00403753
                                                                                                                                                0x0040375b
                                                                                                                                                0x0040375e
                                                                                                                                                0x00403764
                                                                                                                                                0x00403764
                                                                                                                                                0x00403764
                                                                                                                                                0x0040376b
                                                                                                                                                0x00403777
                                                                                                                                                0x0040377c

                                                                                                                                                APIs
                                                                                                                                                • CloseHandle.KERNEL32(FFFFFFFF,0040358A,?,?,00000006,00000008,0000000A), ref: 0040375E
                                                                                                                                                Strings
                                                                                                                                                • C:\Users\user\AppData\Local\Temp\nspF522.tmp\, xrefs: 00403772
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nspF522.tmp\
                                                                                                                                                • API String ID: 2962429428-442585970
                                                                                                                                                • Opcode ID: 4bfc4a86c4512e3107b8fb86be471d5238cf24995b86bfa467bc0e008276a2a3
                                                                                                                                                • Instruction ID: fc3c4bd29221364ca44687d693abbcbbd121fb750d4ff3e3919dc32638d5829b
                                                                                                                                                • Opcode Fuzzy Hash: 4bfc4a86c4512e3107b8fb86be471d5238cf24995b86bfa467bc0e008276a2a3
                                                                                                                                                • Instruction Fuzzy Hash: F6C012B0540700B6C5647F799E8F9053A545B41736F608726B0B8F20F1C73C4659556F
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0040567A Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E0040567A(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                                                                                0x00405680
                                                                                                                                                0x00405688
                                                                                                                                                0x00000000
                                                                                                                                                0x0040568e
                                                                                                                                                0x00000000

                                                                                                                                                APIs
                                                                                                                                                • CreateDirectoryA.KERNELBASE(?,00000000,0040325E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 00405680
                                                                                                                                                • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 0040568E
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CreateDirectoryErrorLast
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1375471231-0
                                                                                                                                                • Opcode ID: f012ed4f2e447eb03a7c1a9074efbf4aa4d4dcf66ab1e3e2b7403bfb804529af
                                                                                                                                                • Instruction ID: cb450b3a329ff4c2b820c3640ee2c86a22e1ba63869c3c930ac7c2b00640337e
                                                                                                                                                • Opcode Fuzzy Hash: f012ed4f2e447eb03a7c1a9074efbf4aa4d4dcf66ab1e3e2b7403bfb804529af
                                                                                                                                                • Instruction Fuzzy Hash: B3C04C302145029EDA515B319E08B1B7A59AB90781F528839654AE81B0DE768455DD2E
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00401F48 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                			E00401F48(void* __ecx) {
				void* _t8;
				void* _t12;
				void* _t14;
				void* _t16;
				void* _t17;
				void* _t20;
				void* _t22;

				_t16 = __ecx;
				_t19 = E00402B2C(_t14);
				E00405137(0xffffffeb, _t6); // executed
				_t8 = E004056AF(_t19); // executed
				_t20 = _t8;
				if(_t20 == _t14) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x2c)) != _t14) {
						_t12 = E0040641D(_t16, _t20); // executed
						if( *((intOrPtr*)(_t22 - 0x30)) < _t14) {
							if(_t12 != _t14) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E00405F6E(_t17, _t12);
						}
					}
					_push(_t20); // executed
					FindCloseChangeNotification(); // executed
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}










                                                                                                                                                0x00401f48
                                                                                                                                                0x00401f4e
                                                                                                                                                0x00401f53
                                                                                                                                                0x00401f59
                                                                                                                                                0x00401f5e
                                                                                                                                                0x00401f62
                                                                                                                                                0x00402783
                                                                                                                                                0x00401f68
                                                                                                                                                0x00401f6b
                                                                                                                                                0x00401f6e
                                                                                                                                                0x00401f76
                                                                                                                                                0x00401f83
                                                                                                                                                0x00401f85
                                                                                                                                                0x00401f85
                                                                                                                                                0x00401f78
                                                                                                                                                0x00401f7a
                                                                                                                                                0x00401f7a
                                                                                                                                                0x00401f76
                                                                                                                                                0x00401f8c
                                                                                                                                                0x00401f8d
                                                                                                                                                0x00401f8d
                                                                                                                                                0x004029bb
                                                                                                                                                0x004029c7

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00405137: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,00000000,00423A28,74D0EA30,?,?,?,?,?,?,?,?,?,00403156,00000000,?), ref: 00405170
                                                                                                                                                  • Part of subcall function 00405137: lstrlenA.KERNEL32(00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,00000000,00423A28,74D0EA30,?,?,?,?,?,?,?,?,?,00403156,00000000), ref: 00405180
                                                                                                                                                  • Part of subcall function 00405137: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,00403156,00403156,Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,00000000,00423A28,74D0EA30), ref: 00405193
                                                                                                                                                  • Part of subcall function 00405137: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nspF522.tmp\), ref: 004051A5
                                                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32 ref: 004051CB
                                                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32 ref: 004051E5
                                                                                                                                                  • Part of subcall function 00405137: SendMessageA.USER32 ref: 004051F3
                                                                                                                                                  • Part of subcall function 004056AF: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C078,Error launching installer), ref: 004056D8
                                                                                                                                                  • Part of subcall function 004056AF: CloseHandle.KERNEL32(?), ref: 004056E5
                                                                                                                                                • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?), ref: 00401F8D
                                                                                                                                                  • Part of subcall function 0040641D: WaitForSingleObject.KERNEL32(?,00000064), ref: 0040642E
                                                                                                                                                  • Part of subcall function 0040641D: GetExitCodeProcess.KERNELBASE ref: 00406450
                                                                                                                                                  • Part of subcall function 00405F6E: wsprintfA.USER32 ref: 00405F7B
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend$CloseProcesslstrlen$ChangeCodeCreateExitFindHandleNotificationObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1543427666-0
                                                                                                                                                • Opcode ID: f8363799d4078e813ba25254c12b07cb01106bdfe0a7eb29a0760d46d4749358
                                                                                                                                                • Instruction ID: 496c5526ea8919913ac139df2c9003272b56504e991eb5cf70cacdc6c7c0cc95
                                                                                                                                                • Opcode Fuzzy Hash: f8363799d4078e813ba25254c12b07cb01106bdfe0a7eb29a0760d46d4749358
                                                                                                                                                • Instruction Fuzzy Hash: B2F09072A04121ABCB21BBA59A849EF72A8DF41314F51017BE901B72D1C37C0A428ABE
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004026EF Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 40%
                                                                                                                                                			E004026EF(intOrPtr __edx, void* __eflags) {
				long _t7;
				long _t9;
				LONG* _t11;
				void* _t13;
				intOrPtr _t14;
				void* _t17;
				void* _t19;

				_t14 = __edx;
				_push(ds);
				if(__eflags != 0) {
					_t7 = E00402B0A(2);
					_pop(_t13);
					 *((intOrPtr*)(_t19 - 0x10)) = _t14;
					_t9 = SetFilePointer(E00405F87(_t13, _t17), _t7, _t11,  *(_t19 - 0x28)); // executed
					if( *((intOrPtr*)(_t19 - 0x30)) >= _t11) {
						_push(_t9);
						E00405F6E();
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}










                                                                                                                                                0x004026ef
                                                                                                                                                0x004026ef
                                                                                                                                                0x004026f0
                                                                                                                                                0x004026f8
                                                                                                                                                0x004026fd
                                                                                                                                                0x004026fe
                                                                                                                                                0x0040270d
                                                                                                                                                0x00402716
                                                                                                                                                0x0040295e
                                                                                                                                                0x00402960
                                                                                                                                                0x00402960
                                                                                                                                                0x00402716
                                                                                                                                                0x004029bb
                                                                                                                                                0x004029c7

                                                                                                                                                APIs
                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 0040270D
                                                                                                                                                  • Part of subcall function 00405F6E: wsprintfA.USER32 ref: 00405F7B
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FilePointerwsprintf
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 327478801-0
                                                                                                                                                • Opcode ID: e2356404ccad4a8935ddbf8fc280853e41599541898f6f199fb76157ee16f907
                                                                                                                                                • Instruction ID: 342abdd748c97434aad0a636f6a3342ea7e6d44647dfd0d52b4034c74de68662
                                                                                                                                                • Opcode Fuzzy Hash: e2356404ccad4a8935ddbf8fc280853e41599541898f6f199fb76157ee16f907
                                                                                                                                                • Instruction Fuzzy Hash: 32E06DB2700215ABD702ABA4AE89DBF776CEB44314F10043BF200F10C0C6B948428A69
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0040273B Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 41%
                                                                                                                                                			E0040273B(char __ebx, void* __ecx, char* __esi, void* __eflags) {
				void* _t5;
				int _t8;
				char _t11;
				void* _t15;
				void* _t19;

				_t17 = __esi;
				_t11 = __ebx;
				_t5 = E00405F87(__ecx, _t15);
				if(_t5 == __ebx) {
					L2:
					 *((intOrPtr*)(_t19 - 4)) = 1;
					 *_t17 = _t11;
				} else {
					_t8 = FindNextFileA(_t5, _t19 - 0x1c8); // executed
					if(_t8 != 0) {
						_push(_t19 - 0x19c);
						_push(__esi);
						E00406010();
					} else {
						goto L2;
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}








                                                                                                                                                0x0040273b
                                                                                                                                                0x0040273b
                                                                                                                                                0x0040273c
                                                                                                                                                0x00402743
                                                                                                                                                0x00402757
                                                                                                                                                0x00402757
                                                                                                                                                0x0040275e
                                                                                                                                                0x00402745
                                                                                                                                                0x0040274d
                                                                                                                                                0x00402755
                                                                                                                                                0x0040279c
                                                                                                                                                0x0040279d
                                                                                                                                                0x004028d6
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00402755
                                                                                                                                                0x004029bb
                                                                                                                                                0x004029c7

                                                                                                                                                APIs
                                                                                                                                                • FindNextFileA.KERNELBASE(00000000,?), ref: 0040274D
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileFindNext
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2029273394-0
                                                                                                                                                • Opcode ID: 6c16fb3265d5434a67bbc3a754364c03fa3765a95b5e2a99f6dd1015abf345d3
                                                                                                                                                • Instruction ID: d4e75fc674a14897d4eb9114d760336efd11fbe9bbc54defada1aced3dc9a7b2
                                                                                                                                                • Opcode Fuzzy Hash: 6c16fb3265d5434a67bbc3a754364c03fa3765a95b5e2a99f6dd1015abf345d3
                                                                                                                                                • Instruction Fuzzy Hash: E7E06D726001159BD711EBA49A88AAEB3ACEB15314F60447BD142F31C0E6B999869B29
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00405EC4 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00405EC4(void* __eflags, intOrPtr _a4, char* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00405E1B(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExA(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                                                                                0x00405ece
                                                                                                                                                0x00405ed7
                                                                                                                                                0x00405eed
                                                                                                                                                0x00000000
                                                                                                                                                0x00405eed
                                                                                                                                                0x00405edb
                                                                                                                                                0x00000000

                                                                                                                                                APIs
                                                                                                                                                • RegCreateKeyExA.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402BDD,00000000,?,?), ref: 00405EED
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Create
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2289755597-0
                                                                                                                                                • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                                • Instruction ID: 1d4fb08659ff36ace7b23f5759770be8a1f2413d8495cc917bdfefdc51ec9cff
                                                                                                                                                • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                                • Instruction Fuzzy Hash: 64E0E67201050DBEDF195F50DD0AD7B371DE704304F10492EFA45D5150E6B5AA716B78
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00405C50 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00405C50(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                                                0x00405c54
                                                                                                                                                0x00405c64
                                                                                                                                                0x00405c6c
                                                                                                                                                0x00000000
                                                                                                                                                0x00405c73
                                                                                                                                                0x00000000
                                                                                                                                                0x00405c75

                                                                                                                                                APIs
                                                                                                                                                • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004031D6,00000000,0041D428,000000FF,0041D428,000000FF,000000FF,00000004,00000000), ref: 00405C64
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileWrite
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3934441357-0
                                                                                                                                                • Opcode ID: d47d29d2c4ad98e9097244963089aa7711ad8f9da7a01510603535aa68a2578c
                                                                                                                                                • Instruction ID: df976955bb7b77361248817f919be03bb6bd2f6f3b4dc1c0c3d16748aaf5f5c5
                                                                                                                                                • Opcode Fuzzy Hash: d47d29d2c4ad98e9097244963089aa7711ad8f9da7a01510603535aa68a2578c
                                                                                                                                                • Instruction Fuzzy Hash: 65E0EC3221476EABEF509F559D04EEB7B6CEB06360F004436FE25E2550D631E9219BA8
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00405C21 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00405C21(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                                                0x00405c25
                                                                                                                                                0x00405c35
                                                                                                                                                0x00405c3d
                                                                                                                                                0x00000000
                                                                                                                                                0x00405c44
                                                                                                                                                0x00000000
                                                                                                                                                0x00405c46

                                                                                                                                                APIs
                                                                                                                                                • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403220,00000000,00000000,0040304A,000000FF,00000004,00000000,00000000,00000000), ref: 00405C35
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileRead
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                • Opcode ID: c828ac78080eafadef002e80ceae40fa9d69551b6ff84e56452d6cc727993955
                                                                                                                                                • Instruction ID: 6d14d449f293f6f00ca5a49b865ea561f53b7d8d8b79739f6419f9b8fb6d3ad5
                                                                                                                                                • Opcode Fuzzy Hash: c828ac78080eafadef002e80ceae40fa9d69551b6ff84e56452d6cc727993955
                                                                                                                                                • Instruction Fuzzy Hash: 9EE0EC3221476AABEF109E559C00EEB7B6CEB05361F008836F915E3150D631E8219FA8
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00405E96 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00405E96(void* __eflags, intOrPtr _a4, char* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00405E1B(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExA(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                                                                                0x00405ea0
                                                                                                                                                0x00405ea7
                                                                                                                                                0x00405eba
                                                                                                                                                0x00000000
                                                                                                                                                0x00405eba
                                                                                                                                                0x00405eab
                                                                                                                                                0x00000000

                                                                                                                                                APIs
                                                                                                                                                • RegOpenKeyExA.KERNELBASE(00000000,?,00000000,?,?,?,?,?,00405F24,?,?,?,?,00000002,Remove folder: ), ref: 00405EBA
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Open
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 71445658-0
                                                                                                                                                • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                                • Instruction ID: 4562f56e26d1b405a4b2aa3aa7a0366252bc09d65f2ff82b9814b1ce5e7315b9
                                                                                                                                                • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                                • Instruction Fuzzy Hash: 19D0EC3200020DBADF115F90DD05FAB3B2EEB04310F004426FA45A50A0D775D630AA58
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0040409E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E0040409E(intOrPtr _a12) {
				intOrPtr _v0;
				struct HWND__* _v4;
				int _t7;
				void* _t8;
				void* _t9;
				void* _t10;

				_t7 = SetDlgItemTextA(_v4, _v0 + 0x3e8, E00406032(_t8, _t9, _t10, 0, _a12)); // executed
				return _t7;
			}









                                                                                                                                                0x004040b8
                                                                                                                                                0x004040bd

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ItemText
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3367045223-0
                                                                                                                                                • Opcode ID: 7addf3f18e9d0d56e199eb11e66d6ae7e1516a54a217a72792b4c500e8f84200
                                                                                                                                                • Instruction ID: 6a473d6abd2afb14868c07d698b52ed5b96812309ea8467a529f180f5ae5c3ae
                                                                                                                                                • Opcode Fuzzy Hash: 7addf3f18e9d0d56e199eb11e66d6ae7e1516a54a217a72792b4c500e8f84200
                                                                                                                                                • Instruction Fuzzy Hash: 7BC04C75188300FFD641E769CC42F1FB7DDEFA4716F40C52EB15CA11D1C63589209A26
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004040EA Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E004040EA(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x42ebd8; // 0x60462
				if(_t2 != 0) {
					_t3 = SendMessageA(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                                                                                                                0x004040ea
                                                                                                                                                0x004040f1
                                                                                                                                                0x004040fc
                                                                                                                                                0x00000000
                                                                                                                                                0x004040fc
                                                                                                                                                0x00404102

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                • Opcode ID: 72d0fdd0e21cb56c477cf419d385c95605940825065c69d2cee1e8d6d2b2924a
                                                                                                                                                • Instruction ID: 7943fe6562f209d381c89a283f4c80e3b99f892abcbfa0530db3e7c971cb473d
                                                                                                                                                • Opcode Fuzzy Hash: 72d0fdd0e21cb56c477cf419d385c95605940825065c69d2cee1e8d6d2b2924a
                                                                                                                                                • Instruction Fuzzy Hash: D1C04C717406006AEA20CB519D4DF0677556750B01F5484797351E50D0C674E850DA1C
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00403223 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00403223(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                                                0x00403231
                                                                                                                                                0x00403237

                                                                                                                                                APIs
                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402F89,?), ref: 00403231
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FilePointer
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 973152223-0
                                                                                                                                                • Opcode ID: af556f1437a27586b8d302be8c6d190c2fb2fb51029204f11d8d070fc2108142
                                                                                                                                                • Instruction ID: 81fdcbbc46e9ac73494c3809a02cbb86869920566b24394b282a4516d046c7b0
                                                                                                                                                • Opcode Fuzzy Hash: af556f1437a27586b8d302be8c6d190c2fb2fb51029204f11d8d070fc2108142
                                                                                                                                                • Instruction Fuzzy Hash: 32B01231140300BFDA214F00DF09F057B21AB90700F10C034B384780F086711075EB0D
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004040D3 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E004040D3(int _a4) {
				long _t2;

				_t2 = SendMessageA( *0x42f408, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                                                                                                                0x004040e1
                                                                                                                                                0x004040e7

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                • Opcode ID: 2bf10b83fa6dd9bc40a18547b02fbce2a65827e50004d0a7ab2884d4d9fdcea2
                                                                                                                                                • Instruction ID: 0adc9c0e194aa77c868d6ef978719a9753de7db756a7c543b14a3307e76eee0a
                                                                                                                                                • Opcode Fuzzy Hash: 2bf10b83fa6dd9bc40a18547b02fbce2a65827e50004d0a7ab2884d4d9fdcea2
                                                                                                                                                • Instruction Fuzzy Hash: B2B09235280A00AAEA215B00DE09F467A62A764701F408038B240250B1CAB200A6DB18
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004040C0 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E004040C0(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x42a86c, _a4); // executed
				return _t2;
			}




                                                                                                                                                0x004040ca
                                                                                                                                                0x004040d0

                                                                                                                                                APIs
                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,00403E9C), ref: 004040CA
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CallbackDispatcherUser
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2492992576-0
                                                                                                                                                • Opcode ID: a5e593389213340eb0093cabe197c3c64578a6f34cb7028dbabfa569c0510a2c
                                                                                                                                                • Instruction ID: d750239a91494785f156a03a2b8d5ac9aaa4eec5ddabb582aaccf4f48b9497e5
                                                                                                                                                • Opcode Fuzzy Hash: a5e593389213340eb0093cabe197c3c64578a6f34cb7028dbabfa569c0510a2c
                                                                                                                                                • Instruction Fuzzy Hash: C9A012710000009BCB015B00EF04C057F61AB507007018434A2404003186310432FF1D
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E004014D6(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402B0A(_t7);
				 *((intOrPtr*)(_t13 - 0x10)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}







                                                                                                                                                0x004014d6
                                                                                                                                                0x004014d7
                                                                                                                                                0x004014e0
                                                                                                                                                0x004014e3
                                                                                                                                                0x004014e7
                                                                                                                                                0x004014e7
                                                                                                                                                0x004014e9
                                                                                                                                                0x004029bb
                                                                                                                                                0x004029c7

                                                                                                                                                APIs
                                                                                                                                                • Sleep.KERNELBASE(00000000), ref: 004014E9
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Sleep
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                • Opcode ID: 304e40c09ca84ea39dbdbc89486c3f13133389b82dc946018d0dbde829e4e3d0
                                                                                                                                                • Instruction ID: bd841e02301729f6c733b5dcab67e03884b535d4bcf0bc385101bf129f75e5b0
                                                                                                                                                • Opcode Fuzzy Hash: 304e40c09ca84ea39dbdbc89486c3f13133389b82dc946018d0dbde829e4e3d0
                                                                                                                                                • Instruction Fuzzy Hash: A6D05E73B10201CBD710EBB8AE8485F73B8E7503257604837D542F2191E6B8C9428668
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Non-executed Functions

                                                                                                                                                Function 00404530 Relevance: 28.3, APIs: 10, Strings: 6, Instructions: 274stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                			E00404530(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed char _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed char* _t160;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;
				void* _t205;

				_t156 = __edx;
				_t82 =  *0x42a048; // 0x72c0ec
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + "0x00004688";
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405710(0x3fb, _t146);
					E0040627A(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405710(0x3fb, _t146);
							if(E00405A96(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00406010(0x429840, _t146);
							_t87 = E004063A8(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406010(0x429840, _t146);
								_t89 = E00405A41(0x429840);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x429840,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x429840) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x429840,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E004059EF(0x429840);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160 - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x429840) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E004049C4(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x42ebdc; // 0x737e50
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E004049AC(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x429830);
									} else {
										E004048E7(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42f4c4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E004040C0(0 | _v8 == _t158);
								if(_v8 == _t158) {
									_t205 =  *0x42a860 - _t158; // 0x0
									if(_t205 == 0) {
										E00404489();
									}
								}
								 *0x42a860 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x42a870;
							_v60 = E00404881;
							_v56 = _t146;
							_v68 = E00406032(_t146, 0x42a870, _t166, 0x429c48, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E004059A8(_t146);
								_t125 =  *((intOrPtr*)( *0x42f414 + 0x11c));
								if( *((intOrPtr*)( *0x42f414 + 0x11c)) != 0 && _t146 == "C:\\Program Files\\Wildix\\WIService") {
									E00406032(_t146, 0x42a870, _t166, 0, _t125);
									if(lstrcmpiA(0x42e3a0, 0x42a870) != 0) {
										lstrcatA(_t146, 0x42e3a0);
									}
								}
								 *0x42a860 =  *0x42a860 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					} else {
						_a8 = 0x40f;
						goto L12;
					}
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405A15(_t146) != 0 && E00405A41(_t146) == 0) {
						E004059A8(_t146);
					}
					 *0x42ebd8 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E0040409E(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E0040409E(_t166);
					E004040D3(_t165);
					_t138 = E004063A8(7);
					if(_t138 == 0) {
						L53:
						return E00404105(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}















































                                                                                                                                                0x00404530
                                                                                                                                                0x00404536
                                                                                                                                                0x0040453c
                                                                                                                                                0x00404549
                                                                                                                                                0x00404557
                                                                                                                                                0x0040455a
                                                                                                                                                0x00404562
                                                                                                                                                0x00404568
                                                                                                                                                0x00404568
                                                                                                                                                0x00404574
                                                                                                                                                0x00404577
                                                                                                                                                0x004045e5
                                                                                                                                                0x004045ec
                                                                                                                                                0x004046c3
                                                                                                                                                0x004046ca
                                                                                                                                                0x004046d9
                                                                                                                                                0x004046d9
                                                                                                                                                0x004046dd
                                                                                                                                                0x004046e7
                                                                                                                                                0x004046f4
                                                                                                                                                0x004046f6
                                                                                                                                                0x004046f6
                                                                                                                                                0x00404704
                                                                                                                                                0x0040470b
                                                                                                                                                0x00404712
                                                                                                                                                0x00404715
                                                                                                                                                0x0040474c
                                                                                                                                                0x0040474e
                                                                                                                                                0x00404754
                                                                                                                                                0x00404759
                                                                                                                                                0x0040475d
                                                                                                                                                0x0040475f
                                                                                                                                                0x0040475f
                                                                                                                                                0x0040477b
                                                                                                                                                0x00000000
                                                                                                                                                0x0040477d
                                                                                                                                                0x00404780
                                                                                                                                                0x0040478e
                                                                                                                                                0x00404794
                                                                                                                                                0x00404795
                                                                                                                                                0x00404798
                                                                                                                                                0x0040479b
                                                                                                                                                0x00000000
                                                                                                                                                0x0040479b
                                                                                                                                                0x00404717
                                                                                                                                                0x00404719
                                                                                                                                                0x0040471d
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040471f
                                                                                                                                                0x0040471f
                                                                                                                                                0x0040472c
                                                                                                                                                0x00404731
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00404735
                                                                                                                                                0x00404737
                                                                                                                                                0x00404737
                                                                                                                                                0x0040473f
                                                                                                                                                0x00404741
                                                                                                                                                0x00404744
                                                                                                                                                0x00404747
                                                                                                                                                0x0040474a
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040474a
                                                                                                                                                0x004047a7
                                                                                                                                                0x004047b1
                                                                                                                                                0x004047b4
                                                                                                                                                0x004047b7
                                                                                                                                                0x004047be
                                                                                                                                                0x004047be
                                                                                                                                                0x004047c0
                                                                                                                                                0x004047c0
                                                                                                                                                0x004047c5
                                                                                                                                                0x004047c7
                                                                                                                                                0x004047cf
                                                                                                                                                0x004047d6
                                                                                                                                                0x004047d8
                                                                                                                                                0x004047e3
                                                                                                                                                0x004047e3
                                                                                                                                                0x004047d8
                                                                                                                                                0x004047ea
                                                                                                                                                0x004047f3
                                                                                                                                                0x004047fd
                                                                                                                                                0x00404805
                                                                                                                                                0x00404820
                                                                                                                                                0x00404807
                                                                                                                                                0x00404810
                                                                                                                                                0x00404810
                                                                                                                                                0x00404805
                                                                                                                                                0x00404825
                                                                                                                                                0x0040482a
                                                                                                                                                0x0040482f
                                                                                                                                                0x00404838
                                                                                                                                                0x00404838
                                                                                                                                                0x00404841
                                                                                                                                                0x00404843
                                                                                                                                                0x00404843
                                                                                                                                                0x0040484f
                                                                                                                                                0x00404857
                                                                                                                                                0x00404859
                                                                                                                                                0x0040485f
                                                                                                                                                0x00404861
                                                                                                                                                0x00404861
                                                                                                                                                0x0040485f
                                                                                                                                                0x00404866
                                                                                                                                                0x00000000
                                                                                                                                                0x00404866
                                                                                                                                                0x00404715
                                                                                                                                                0x004046cc
                                                                                                                                                0x004046d3
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004046d3
                                                                                                                                                0x004045f2
                                                                                                                                                0x004045fb
                                                                                                                                                0x00404615
                                                                                                                                                0x0040461a
                                                                                                                                                0x00404624
                                                                                                                                                0x0040462b
                                                                                                                                                0x00404637
                                                                                                                                                0x0040463a
                                                                                                                                                0x0040463d
                                                                                                                                                0x00404644
                                                                                                                                                0x0040464c
                                                                                                                                                0x0040464f
                                                                                                                                                0x00404653
                                                                                                                                                0x0040465a
                                                                                                                                                0x00404662
                                                                                                                                                0x004046bc
                                                                                                                                                0x00404664
                                                                                                                                                0x00404665
                                                                                                                                                0x0040466c
                                                                                                                                                0x00404676
                                                                                                                                                0x0040467e
                                                                                                                                                0x0040468b
                                                                                                                                                0x0040469f
                                                                                                                                                0x004046a3
                                                                                                                                                0x004046a3
                                                                                                                                                0x0040469f
                                                                                                                                                0x004046a8
                                                                                                                                                0x004046b5
                                                                                                                                                0x004046b5
                                                                                                                                                0x00404662
                                                                                                                                                0x00000000
                                                                                                                                                0x0040461a
                                                                                                                                                0x00404608
                                                                                                                                                0x00000000
                                                                                                                                                0x0040460e
                                                                                                                                                0x0040460e
                                                                                                                                                0x00000000
                                                                                                                                                0x0040460e
                                                                                                                                                0x00404579
                                                                                                                                                0x00404586
                                                                                                                                                0x0040458f
                                                                                                                                                0x0040459c
                                                                                                                                                0x0040459c
                                                                                                                                                0x004045a3
                                                                                                                                                0x004045a9
                                                                                                                                                0x004045b2
                                                                                                                                                0x004045b5
                                                                                                                                                0x004045b8
                                                                                                                                                0x004045c0
                                                                                                                                                0x004045c3
                                                                                                                                                0x004045c6
                                                                                                                                                0x004045cc
                                                                                                                                                0x004045d3
                                                                                                                                                0x004045da
                                                                                                                                                0x0040486c
                                                                                                                                                0x0040487e
                                                                                                                                                0x004045e0
                                                                                                                                                0x004045e3
                                                                                                                                                0x00000000
                                                                                                                                                0x004045e3
                                                                                                                                                0x004045da

                                                                                                                                                APIs
                                                                                                                                                • GetDlgItem.USER32 ref: 0040457F
                                                                                                                                                • SetWindowTextA.USER32(00000000,?), ref: 004045A9
                                                                                                                                                • SHBrowseForFolderA.SHELL32(?,00429C48,?), ref: 0040465A
                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00404665
                                                                                                                                                • lstrcmpiA.KERNEL32(Remove folder: ,Wildix Integration Service v3.9.1 Setup ,00000000,?,?), ref: 00404697
                                                                                                                                                • lstrcatA.KERNEL32(?,Remove folder: ), ref: 004046A3
                                                                                                                                                • SetDlgItemTextA.USER32 ref: 004046B5
                                                                                                                                                  • Part of subcall function 00405710: GetDlgItemTextA.USER32 ref: 00405723
                                                                                                                                                  • Part of subcall function 0040627A: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SetupWIService.exe" ,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062D2
                                                                                                                                                  • Part of subcall function 0040627A: CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004062DF
                                                                                                                                                  • Part of subcall function 0040627A: CharNextA.USER32(?,"C:\Users\user\Desktop\SetupWIService.exe" ,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062E4
                                                                                                                                                  • Part of subcall function 0040627A: CharPrevA.USER32(?,?,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062F4
                                                                                                                                                • GetDiskFreeSpaceA.KERNEL32(00429840,?,?,0000040F,?,00429840,00429840,?,00000001,00429840,?,?,000003FB,?), ref: 00404773
                                                                                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040478E
                                                                                                                                                  • Part of subcall function 004048E7: lstrlenA.KERNEL32(Wildix Integration Service v3.9.1 Setup ,Wildix Integration Service v3.9.1 Setup ,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404802,000000DF,00000000,00000400,?), ref: 00404985
                                                                                                                                                  • Part of subcall function 004048E7: wsprintfA.USER32 ref: 0040498D
                                                                                                                                                  • Part of subcall function 004048E7: SetDlgItemTextA.USER32 ref: 004049A0
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                • String ID: 0x00004688$A$C:\Program Files\Wildix\WIService$P~s$Remove folder: $Wildix Integration Service v3.9.1 Setup
                                                                                                                                                • API String ID: 2624150263-3507602074
                                                                                                                                                • Opcode ID: 316427cd64828faea5151f666a2d1f757f666310bf7756d31ba3fb7317618fcd
                                                                                                                                                • Instruction ID: 05eea3de79cf24fe9bb33e9012793c4f482d3b98f46f23a5f19240ee3c7d349e
                                                                                                                                                • Opcode Fuzzy Hash: 316427cd64828faea5151f666a2d1f757f666310bf7756d31ba3fb7317618fcd
                                                                                                                                                • Instruction Fuzzy Hash: 78A160B1900218ABDB11AFA6CD45AAF77B8AF85314F14843BF601B62D1D77C8A418B6D
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004067ED Relevance: .3, Instructions: 334COMMONCrypto
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 79%
                                                                                                                                                			E004067ED(signed int __ebx, signed int* __esi) {
				signed int _t396;
				signed int _t425;
				signed int _t442;
				signed int _t443;
				signed int* _t446;
				void* _t448;

				L0:
				while(1) {
					L0:
					_t446 = __esi;
					_t425 = __ebx;
					if( *(_t448 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t443 = _t442 | 0xffffffff;
							 *_t446 = 0x11;
							L10:
							_t446[0x147] =  *(_t448 - 0x40);
							_t446[0x146] = _t425;
							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
							L11:
							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
							_t446[0x26ea] =  *(_t448 - 0x30);
							E00406F5C( *(_t448 + 8));
							return _t443;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L182;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x408400; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x408400; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E00406FC4( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L180:
									_t396 =  *_t446;
									if(_t396 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t396 * 4 +  &M00406F1C))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x40a3e8 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L180;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L180;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L180;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x40a3e8 + __eax * 2) & 0x0000ffff =  *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x40a3e8 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L180;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L180;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x40a3e8 + __eax * 2) & 0x0000ffff =  *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											__eax = __eax - __esi;
											__ecx = __eax - __esi - 0x1ba0;
											__eflags = __eax - __esi - 0x1ba0 - __edx;
											if(__eax - __esi - 0x1ba0 >= __edx) {
												__ecx = __eax;
												__ecx = __eax - __edx;
												__eflags = __ecx;
											} else {
												__esi[0x26e8] = __esi[0x26e8] - __edx;
												__ecx = __esi[0x26e8] - __edx - __esi;
												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
											}
											__eflags = __esi[1];
											 *(__ebp - 0x20) = __ecx;
											if(__esi[1] != 0) {
												L135:
												__edi =  *(__ebp - 0x2c);
												do {
													L136:
													__eflags = __edi;
													if(__edi != 0) {
														goto L152;
													}
													L137:
													__edi = __esi[0x26e8];
													__eflags = __eax - __edi;
													if(__eax != __edi) {
														L143:
														__esi[0x26ea] = __eax;
														__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
														__eax = __esi[0x26ea];
														__ecx = __esi[0x26e9];
														__eflags = __eax - __ecx;
														 *(__ebp - 0x30) = __eax;
														if(__eax >= __ecx) {
															__edi = __esi[0x26e8];
															__edi = __esi[0x26e8] - __eax;
															__eflags = __edi;
														} else {
															__ecx = __ecx - __eax;
															__edi = __ecx - __eax - 1;
														}
														__edx = __esi[0x26e8];
														__eflags = __eax - __edx;
														 *(__ebp - 8) = __edx;
														if(__eax == __edx) {
															__edx =  &(__esi[0x6e8]);
															__eflags = __ecx - __edx;
															if(__ecx != __edx) {
																__eax = __edx;
																__eflags = __eax - __ecx;
																 *(__ebp - 0x30) = __eax;
																if(__eax >= __ecx) {
																	__edi =  *(__ebp - 8);
																	__edi =  *(__ebp - 8) - __eax;
																	__eflags = __edi;
																} else {
																	__ecx = __ecx - __eax;
																	__edi = __ecx;
																}
															}
														}
														__eflags = __edi;
														if(__edi == 0) {
															goto L183;
														} else {
															goto L152;
														}
													}
													L138:
													__ecx = __esi[0x26e9];
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx == __edx) {
														goto L143;
													}
													L139:
													__eax = __edx;
													__eflags = __eax - __ecx;
													if(__eax >= __ecx) {
														__edi = __edi - __eax;
														__eflags = __edi;
													} else {
														__ecx = __ecx - __eax;
														__edi = __ecx;
													}
													__eflags = __edi;
													if(__edi == 0) {
														goto L143;
													}
													L152:
													__ecx =  *(__ebp - 0x20);
													 *__eax =  *__ecx;
													__eax = __eax + 1;
													__ecx = __ecx + 1;
													__edi = __edi - 1;
													__eflags = __ecx - __esi[0x26e8];
													 *(__ebp - 0x30) = __eax;
													 *(__ebp - 0x20) = __ecx;
													 *(__ebp - 0x2c) = __edi;
													if(__ecx == __esi[0x26e8]) {
														__ecx =  &(__esi[0x6e8]);
														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
													}
													_t357 =  &(__esi[1]);
													 *_t357 = __esi[1] - 1;
													__eflags =  *_t357;
												} while ( *_t357 != 0);
											}
											goto L23;
										case 6:
											L156:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L172:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L157:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L163:
												__esi[0x26ea] = __edi;
												__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L172;
												}
											}
											L158:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if(__eax == __edx) {
												goto L163;
											}
											L159:
											__edi = __edx;
											__eflags = __edi - __eax;
											if(__edi >= __eax) {
												__ecx = __ecx - __edi;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edi;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L172;
											} else {
												goto L163;
											}
										case 7:
											L173:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t380 = __ebp - 0x38;
												 *_t380 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t380;
											}
											goto L175;
										case 8:
											L4:
											while(_t425 < 3) {
												if( *(_t448 - 0x34) == 0) {
													goto L182;
												} else {
													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
													_t425 = _t425 + 8;
													continue;
												}
											}
											_t425 = _t425 - 3;
											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
											_t406 =  *(_t448 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t408 = _t406 >> 1;
											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
											if(_t408 == 0) {
												L24:
												 *_t446 = 9;
												_t436 = _t425 & 0x00000007;
												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
												_t425 = _t425 - _t436;
												goto L180;
											}
											L6:
											_t411 = _t408 - 1;
											if(_t411 == 0) {
												L13:
												__eflags =  *0x42e388;
												if( *0x42e388 != 0) {
													L22:
													_t412 =  *0x40a40c; // 0x9
													_t446[4] = _t412;
													_t413 =  *0x40a410; // 0x5
													_t446[4] = _t413;
													_t414 =  *0x42d204; // 0x42db08
													_t446[5] = _t414;
													_t415 =  *0x42d200; // 0x42e308
													_t446[6] = _t415;
													L23:
													 *_t446 =  *_t446 & 0x00000000;
													goto L180;
												} else {
													_t26 = _t448 - 8;
													 *_t26 =  *(_t448 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t416 = 0x42d208;
													goto L15;
													L20:
													 *_t416 = _t438;
													_t416 = _t416 + 4;
													__eflags = _t416 - 0x42d688;
													if(_t416 < 0x42d688) {
														L15:
														__eflags = _t416 - 0x42d444;
														_t438 = 8;
														if(_t416 > 0x42d444) {
															__eflags = _t416 - 0x42d608;
															if(_t416 >= 0x42d608) {
																__eflags = _t416 - 0x42d668;
																if(_t416 < 0x42d668) {
																	_t438 = 7;
																}
															} else {
																_t438 = 9;
															}
														}
														goto L20;
													} else {
														E00406FC4(0x42d208, 0x120, 0x101, 0x408414, 0x408454, 0x42d204, 0x40a40c, 0x42db08, _t448 - 8);
														_push(0x1e);
														_pop(_t440);
														_push(5);
														_pop(_t419);
														memset(0x42d208, _t419, _t440 << 2);
														_t450 = _t450 + 0xc;
														_t442 = 0x42d208 + _t440;
														E00406FC4(0x42d208, 0x1e, 0, 0x408494, 0x4084d0, 0x42d200, 0x40a410, 0x42db08, _t448 - 8);
														 *0x42e388 =  *0x42e388 + 1;
														__eflags =  *0x42e388;
														goto L22;
													}
												}
											}
											L7:
											_t423 = _t411 - 1;
											if(_t423 == 0) {
												 *_t446 = 0xb;
												goto L180;
											}
											L8:
											if(_t423 != 1) {
												goto L180;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x20;
												if(__ebx >= 0x20) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L182;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E00405B64( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L180;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L182;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x40a3e8 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L182;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x40a3e8 + __eax * 2) & 0x0000ffff =  *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x40a3e8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E00406FC4( &(__esi[3]), __edi, 0x101, 0x408414, 0x408454, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E00406FC4(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x408494, 0x4084d0, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L175:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = E00406F5C( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L183:
												__edi = 0;
												goto L10;
											} else {
												L179:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L184:
													0 = 1;
													goto L10;
												}
												goto L180;
											}
									}
								}
								L181:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L182:
				_t443 = 0;
				_t446[0x147] =  *(_t448 - 0x40);
				_t446[0x146] = _t425;
				( *(_t448 + 8))[1] = 0;
				goto L11;
			}









                                                                                                                                                0x004067ed
                                                                                                                                                0x004067ed
                                                                                                                                                0x004067ed
                                                                                                                                                0x004067ed
                                                                                                                                                0x004067ed
                                                                                                                                                0x004067f1
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004067f7
                                                                                                                                                0x004067f7
                                                                                                                                                0x004067fa
                                                                                                                                                0x004067fd
                                                                                                                                                0x00406802
                                                                                                                                                0x00406804
                                                                                                                                                0x00406807
                                                                                                                                                0x0040680a
                                                                                                                                                0x0040680d
                                                                                                                                                0x0040680d
                                                                                                                                                0x00406810
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406812
                                                                                                                                                0x00406812
                                                                                                                                                0x00406815
                                                                                                                                                0x0040681a
                                                                                                                                                0x0040681c
                                                                                                                                                0x0040681f
                                                                                                                                                0x00406825
                                                                                                                                                0x00406584
                                                                                                                                                0x00406584
                                                                                                                                                0x00406587
                                                                                                                                                0x0040658d
                                                                                                                                                0x00406593
                                                                                                                                                0x0040659c
                                                                                                                                                0x004065a2
                                                                                                                                                0x004065a5
                                                                                                                                                0x004065ac
                                                                                                                                                0x004065b1
                                                                                                                                                0x004065b7
                                                                                                                                                0x004065c2
                                                                                                                                                0x004065c2
                                                                                                                                                0x0040682b
                                                                                                                                                0x0040682b
                                                                                                                                                0x00406835
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040683b
                                                                                                                                                0x0040683b
                                                                                                                                                0x0040683f
                                                                                                                                                0x00406842
                                                                                                                                                0x00406842
                                                                                                                                                0x00406846
                                                                                                                                                0x0040684c
                                                                                                                                                0x0040684c
                                                                                                                                                0x0040684f
                                                                                                                                                0x00406852
                                                                                                                                                0x00406858
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040685a
                                                                                                                                                0x0040687c
                                                                                                                                                0x0040687c
                                                                                                                                                0x0040687f
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040685c
                                                                                                                                                0x00406860
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406866
                                                                                                                                                0x00406866
                                                                                                                                                0x00406869
                                                                                                                                                0x0040686c
                                                                                                                                                0x00406871
                                                                                                                                                0x00406873
                                                                                                                                                0x00406876
                                                                                                                                                0x00406879
                                                                                                                                                0x00406879
                                                                                                                                                0x00406881
                                                                                                                                                0x00406881
                                                                                                                                                0x00406887
                                                                                                                                                0x0040688a
                                                                                                                                                0x0040688d
                                                                                                                                                0x0040688d
                                                                                                                                                0x00406894
                                                                                                                                                0x00406898
                                                                                                                                                0x0040689c
                                                                                                                                                0x0040689f
                                                                                                                                                0x004068a2
                                                                                                                                                0x004068a8
                                                                                                                                                0x004068ad
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004068af
                                                                                                                                                0x004068c3
                                                                                                                                                0x004068c3
                                                                                                                                                0x004068c7
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004068b1
                                                                                                                                                0x004068b4
                                                                                                                                                0x004068b4
                                                                                                                                                0x004068bb
                                                                                                                                                0x004068c0
                                                                                                                                                0x004068c0
                                                                                                                                                0x004068c0
                                                                                                                                                0x004068c9
                                                                                                                                                0x004068c9
                                                                                                                                                0x004068cc
                                                                                                                                                0x004068da
                                                                                                                                                0x004068e0
                                                                                                                                                0x004068e5
                                                                                                                                                0x004068eb
                                                                                                                                                0x004068f1
                                                                                                                                                0x004068f7
                                                                                                                                                0x004068fe
                                                                                                                                                0x00406912
                                                                                                                                                0x00406912
                                                                                                                                                0x00406ee1
                                                                                                                                                0x00406ee1
                                                                                                                                                0x00406ee1
                                                                                                                                                0x00406ee6
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040651e
                                                                                                                                                0x0040651e
                                                                                                                                                0x00000000
                                                                                                                                                0x00406b19
                                                                                                                                                0x00406b19
                                                                                                                                                0x00406b1d
                                                                                                                                                0x00406b20
                                                                                                                                                0x00406b23
                                                                                                                                                0x00406b26
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406b2c
                                                                                                                                                0x00406b2c
                                                                                                                                                0x00406b51
                                                                                                                                                0x00406b51
                                                                                                                                                0x00406b51
                                                                                                                                                0x00406b53
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406b31
                                                                                                                                                0x00406b31
                                                                                                                                                0x00406b35
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406b3b
                                                                                                                                                0x00406b3b
                                                                                                                                                0x00406b3e
                                                                                                                                                0x00406b41
                                                                                                                                                0x00406b44
                                                                                                                                                0x00406b46
                                                                                                                                                0x00406b48
                                                                                                                                                0x00406b4b
                                                                                                                                                0x00406b4e
                                                                                                                                                0x00406b4e
                                                                                                                                                0x00406b4e
                                                                                                                                                0x00406b55
                                                                                                                                                0x00406b55
                                                                                                                                                0x00406b5d
                                                                                                                                                0x00406b60
                                                                                                                                                0x00406b63
                                                                                                                                                0x00406b66
                                                                                                                                                0x00406b6a
                                                                                                                                                0x00406b6d
                                                                                                                                                0x00406b6f
                                                                                                                                                0x00406b72
                                                                                                                                                0x00406b74
                                                                                                                                                0x00406b88
                                                                                                                                                0x00406b88
                                                                                                                                                0x00406b8b
                                                                                                                                                0x00406ba5
                                                                                                                                                0x00406ba5
                                                                                                                                                0x00406ba8
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406bae
                                                                                                                                                0x00406bae
                                                                                                                                                0x00406bb1
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406bb7
                                                                                                                                                0x00406bb7
                                                                                                                                                0x00000000
                                                                                                                                                0x00406bb7
                                                                                                                                                0x00406b8d
                                                                                                                                                0x00406b90
                                                                                                                                                0x00406b97
                                                                                                                                                0x00406b9a
                                                                                                                                                0x00000000
                                                                                                                                                0x00406b9a
                                                                                                                                                0x00406b76
                                                                                                                                                0x00406b7a
                                                                                                                                                0x00406b7d
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406bc2
                                                                                                                                                0x00406bc2
                                                                                                                                                0x00406be7
                                                                                                                                                0x00406be7
                                                                                                                                                0x00406be7
                                                                                                                                                0x00406be9
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406bc7
                                                                                                                                                0x00406bc7
                                                                                                                                                0x00406bcb
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406bd1
                                                                                                                                                0x00406bd1
                                                                                                                                                0x00406bd4
                                                                                                                                                0x00406bd7
                                                                                                                                                0x00406bda
                                                                                                                                                0x00406bdc
                                                                                                                                                0x00406bde
                                                                                                                                                0x00406be1
                                                                                                                                                0x00406be4
                                                                                                                                                0x00406be4
                                                                                                                                                0x00406be4
                                                                                                                                                0x00406beb
                                                                                                                                                0x00406bf3
                                                                                                                                                0x00406bf6
                                                                                                                                                0x00406bf9
                                                                                                                                                0x00406bfb
                                                                                                                                                0x00406bfe
                                                                                                                                                0x00406bfe
                                                                                                                                                0x00406c00
                                                                                                                                                0x00406c04
                                                                                                                                                0x00406c07
                                                                                                                                                0x00406c0a
                                                                                                                                                0x00406c0d
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406c13
                                                                                                                                                0x00406c13
                                                                                                                                                0x00406c38
                                                                                                                                                0x00406c38
                                                                                                                                                0x00406c38
                                                                                                                                                0x00406c3a
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406c18
                                                                                                                                                0x00406c18
                                                                                                                                                0x00406c1c
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406c22
                                                                                                                                                0x00406c22
                                                                                                                                                0x00406c25
                                                                                                                                                0x00406c28
                                                                                                                                                0x00406c2b
                                                                                                                                                0x00406c2d
                                                                                                                                                0x00406c2f
                                                                                                                                                0x00406c32
                                                                                                                                                0x00406c35
                                                                                                                                                0x00406c35
                                                                                                                                                0x00406c35
                                                                                                                                                0x00406c3c
                                                                                                                                                0x00406c3c
                                                                                                                                                0x00406c44
                                                                                                                                                0x00406c47
                                                                                                                                                0x00406c4a
                                                                                                                                                0x00406c4d
                                                                                                                                                0x00406c51
                                                                                                                                                0x00406c54
                                                                                                                                                0x00406c56
                                                                                                                                                0x00406c59
                                                                                                                                                0x00406c5c
                                                                                                                                                0x00406c76
                                                                                                                                                0x00406c76
                                                                                                                                                0x00406c79
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406c7f
                                                                                                                                                0x00406c7f
                                                                                                                                                0x00406c82
                                                                                                                                                0x00406c89
                                                                                                                                                0x00000000
                                                                                                                                                0x00406c89
                                                                                                                                                0x00406c5e
                                                                                                                                                0x00406c61
                                                                                                                                                0x00406c68
                                                                                                                                                0x00406c6b
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406c91
                                                                                                                                                0x00406c91
                                                                                                                                                0x00406cb6
                                                                                                                                                0x00406cb6
                                                                                                                                                0x00406cb6
                                                                                                                                                0x00406cb8
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406c96
                                                                                                                                                0x00406c96
                                                                                                                                                0x00406c9a
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406ca0
                                                                                                                                                0x00406ca0
                                                                                                                                                0x00406ca3
                                                                                                                                                0x00406ca6
                                                                                                                                                0x00406ca9
                                                                                                                                                0x00406cab
                                                                                                                                                0x00406cad
                                                                                                                                                0x00406cb0
                                                                                                                                                0x00406cb3
                                                                                                                                                0x00406cb3
                                                                                                                                                0x00406cb3
                                                                                                                                                0x00406cba
                                                                                                                                                0x00406cc2
                                                                                                                                                0x00406cc5
                                                                                                                                                0x00406cc8
                                                                                                                                                0x00406cca
                                                                                                                                                0x00406ccd
                                                                                                                                                0x00406ccd
                                                                                                                                                0x00406ccf
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406cd5
                                                                                                                                                0x00406cd5
                                                                                                                                                0x00406cd8
                                                                                                                                                0x00406cdd
                                                                                                                                                0x00406cdf
                                                                                                                                                0x00406ce5
                                                                                                                                                0x00406ce7
                                                                                                                                                0x00406cfc
                                                                                                                                                0x00406cfe
                                                                                                                                                0x00406cfe
                                                                                                                                                0x00406ce9
                                                                                                                                                0x00406cef
                                                                                                                                                0x00406cf1
                                                                                                                                                0x00406cf3
                                                                                                                                                0x00406cf3
                                                                                                                                                0x00406d00
                                                                                                                                                0x00406d04
                                                                                                                                                0x00406d07
                                                                                                                                                0x00406d0d
                                                                                                                                                0x00406d0d
                                                                                                                                                0x00406d10
                                                                                                                                                0x00406d10
                                                                                                                                                0x00406d10
                                                                                                                                                0x00406d12
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406d18
                                                                                                                                                0x00406d18
                                                                                                                                                0x00406d1e
                                                                                                                                                0x00406d20
                                                                                                                                                0x00406d45
                                                                                                                                                0x00406d48
                                                                                                                                                0x00406d4e
                                                                                                                                                0x00406d53
                                                                                                                                                0x00406d59
                                                                                                                                                0x00406d5f
                                                                                                                                                0x00406d61
                                                                                                                                                0x00406d64
                                                                                                                                                0x00406d6d
                                                                                                                                                0x00406d73
                                                                                                                                                0x00406d73
                                                                                                                                                0x00406d66
                                                                                                                                                0x00406d68
                                                                                                                                                0x00406d6a
                                                                                                                                                0x00406d6a
                                                                                                                                                0x00406d75
                                                                                                                                                0x00406d7b
                                                                                                                                                0x00406d7d
                                                                                                                                                0x00406d80
                                                                                                                                                0x00406d82
                                                                                                                                                0x00406d88
                                                                                                                                                0x00406d8a
                                                                                                                                                0x00406d8c
                                                                                                                                                0x00406d8e
                                                                                                                                                0x00406d90
                                                                                                                                                0x00406d93
                                                                                                                                                0x00406d9c
                                                                                                                                                0x00406d9f
                                                                                                                                                0x00406d9f
                                                                                                                                                0x00406d95
                                                                                                                                                0x00406d95
                                                                                                                                                0x00406d98
                                                                                                                                                0x00406d98
                                                                                                                                                0x00406d93
                                                                                                                                                0x00406d8a
                                                                                                                                                0x00406da1
                                                                                                                                                0x00406da3
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406da3
                                                                                                                                                0x00406d22
                                                                                                                                                0x00406d22
                                                                                                                                                0x00406d28
                                                                                                                                                0x00406d2e
                                                                                                                                                0x00406d30
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406d32
                                                                                                                                                0x00406d32
                                                                                                                                                0x00406d34
                                                                                                                                                0x00406d36
                                                                                                                                                0x00406d3f
                                                                                                                                                0x00406d3f
                                                                                                                                                0x00406d38
                                                                                                                                                0x00406d38
                                                                                                                                                0x00406d3b
                                                                                                                                                0x00406d3b
                                                                                                                                                0x00406d41
                                                                                                                                                0x00406d43
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406da9
                                                                                                                                                0x00406da9
                                                                                                                                                0x00406dae
                                                                                                                                                0x00406db0
                                                                                                                                                0x00406db1
                                                                                                                                                0x00406db2
                                                                                                                                                0x00406db3
                                                                                                                                                0x00406db9
                                                                                                                                                0x00406dbc
                                                                                                                                                0x00406dbf
                                                                                                                                                0x00406dc2
                                                                                                                                                0x00406dc4
                                                                                                                                                0x00406dca
                                                                                                                                                0x00406dca
                                                                                                                                                0x00406dcd
                                                                                                                                                0x00406dcd
                                                                                                                                                0x00406dcd
                                                                                                                                                0x00406dcd
                                                                                                                                                0x00406dd6
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406ddb
                                                                                                                                                0x00406ddb
                                                                                                                                                0x00406dde
                                                                                                                                                0x00406de1
                                                                                                                                                0x00406de3
                                                                                                                                                0x00406e7a
                                                                                                                                                0x00406e7a
                                                                                                                                                0x00406e7d
                                                                                                                                                0x00406e7f
                                                                                                                                                0x00406e80
                                                                                                                                                0x00406e81
                                                                                                                                                0x00406e84
                                                                                                                                                0x00000000
                                                                                                                                                0x00406e84
                                                                                                                                                0x00406de9
                                                                                                                                                0x00406de9
                                                                                                                                                0x00406def
                                                                                                                                                0x00406df1
                                                                                                                                                0x00406e16
                                                                                                                                                0x00406e19
                                                                                                                                                0x00406e1f
                                                                                                                                                0x00406e24
                                                                                                                                                0x00406e2a
                                                                                                                                                0x00406e30
                                                                                                                                                0x00406e32
                                                                                                                                                0x00406e35
                                                                                                                                                0x00406e3e
                                                                                                                                                0x00406e44
                                                                                                                                                0x00406e44
                                                                                                                                                0x00406e37
                                                                                                                                                0x00406e39
                                                                                                                                                0x00406e3b
                                                                                                                                                0x00406e3b
                                                                                                                                                0x00406e46
                                                                                                                                                0x00406e4c
                                                                                                                                                0x00406e4e
                                                                                                                                                0x00406e51
                                                                                                                                                0x00406e53
                                                                                                                                                0x00406e59
                                                                                                                                                0x00406e5b
                                                                                                                                                0x00406e5d
                                                                                                                                                0x00406e5f
                                                                                                                                                0x00406e61
                                                                                                                                                0x00406e64
                                                                                                                                                0x00406e6d
                                                                                                                                                0x00406e70
                                                                                                                                                0x00406e70
                                                                                                                                                0x00406e66
                                                                                                                                                0x00406e66
                                                                                                                                                0x00406e69
                                                                                                                                                0x00406e69
                                                                                                                                                0x00406e64
                                                                                                                                                0x00406e5b
                                                                                                                                                0x00406e72
                                                                                                                                                0x00406e74
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406e74
                                                                                                                                                0x00406df3
                                                                                                                                                0x00406df3
                                                                                                                                                0x00406df9
                                                                                                                                                0x00406dff
                                                                                                                                                0x00406e01
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406e03
                                                                                                                                                0x00406e03
                                                                                                                                                0x00406e05
                                                                                                                                                0x00406e07
                                                                                                                                                0x00406e0e
                                                                                                                                                0x00406e0e
                                                                                                                                                0x00406e10
                                                                                                                                                0x00406e09
                                                                                                                                                0x00406e09
                                                                                                                                                0x00406e0b
                                                                                                                                                0x00406e0b
                                                                                                                                                0x00406e12
                                                                                                                                                0x00406e14
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406e8c
                                                                                                                                                0x00406e8c
                                                                                                                                                0x00406e8f
                                                                                                                                                0x00406e91
                                                                                                                                                0x00406e94
                                                                                                                                                0x00406e97
                                                                                                                                                0x00406e97
                                                                                                                                                0x00406e97
                                                                                                                                                0x00406e97
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406545
                                                                                                                                                0x00406529
                                                                                                                                                0x00000000
                                                                                                                                                0x0040652f
                                                                                                                                                0x00406532
                                                                                                                                                0x0040653c
                                                                                                                                                0x0040653f
                                                                                                                                                0x00406542
                                                                                                                                                0x00000000
                                                                                                                                                0x00406542
                                                                                                                                                0x00406529
                                                                                                                                                0x0040654d
                                                                                                                                                0x00406550
                                                                                                                                                0x00406554
                                                                                                                                                0x0040655e
                                                                                                                                                0x00406568
                                                                                                                                                0x0040656b
                                                                                                                                                0x00406571
                                                                                                                                                0x004066a5
                                                                                                                                                0x004066a7
                                                                                                                                                0x004066ad
                                                                                                                                                0x004066b0
                                                                                                                                                0x004066b3
                                                                                                                                                0x00000000
                                                                                                                                                0x004066b3
                                                                                                                                                0x00406577
                                                                                                                                                0x00406577
                                                                                                                                                0x00406578
                                                                                                                                                0x004065d0
                                                                                                                                                0x004065d0
                                                                                                                                                0x004065d7
                                                                                                                                                0x0040667d
                                                                                                                                                0x0040667d
                                                                                                                                                0x00406682
                                                                                                                                                0x00406685
                                                                                                                                                0x0040668a
                                                                                                                                                0x0040668d
                                                                                                                                                0x00406692
                                                                                                                                                0x00406695
                                                                                                                                                0x0040669a
                                                                                                                                                0x0040669d
                                                                                                                                                0x0040669d
                                                                                                                                                0x00000000
                                                                                                                                                0x004065dd
                                                                                                                                                0x004065dd
                                                                                                                                                0x004065dd
                                                                                                                                                0x004065dd
                                                                                                                                                0x004065e1
                                                                                                                                                0x004065e1
                                                                                                                                                0x00406603
                                                                                                                                                0x00406606
                                                                                                                                                0x00406608
                                                                                                                                                0x0040660b
                                                                                                                                                0x00406610
                                                                                                                                                0x004065e6
                                                                                                                                                0x004065e6
                                                                                                                                                0x004065eb
                                                                                                                                                0x004065ed
                                                                                                                                                0x004065ef
                                                                                                                                                0x004065f4
                                                                                                                                                0x004065fa
                                                                                                                                                0x004065ff
                                                                                                                                                0x00406601
                                                                                                                                                0x00406601
                                                                                                                                                0x004065f6
                                                                                                                                                0x004065f6
                                                                                                                                                0x004065f6
                                                                                                                                                0x004065f4
                                                                                                                                                0x00000000
                                                                                                                                                0x00406612
                                                                                                                                                0x0040663f
                                                                                                                                                0x00406644
                                                                                                                                                0x00406646
                                                                                                                                                0x00406647
                                                                                                                                                0x00406649
                                                                                                                                                0x0040664a
                                                                                                                                                0x0040664a
                                                                                                                                                0x0040664a
                                                                                                                                                0x00406672
                                                                                                                                                0x00406677
                                                                                                                                                0x00406677
                                                                                                                                                0x00000000
                                                                                                                                                0x00406677
                                                                                                                                                0x00406610
                                                                                                                                                0x004065d7
                                                                                                                                                0x0040657a
                                                                                                                                                0x0040657a
                                                                                                                                                0x0040657b
                                                                                                                                                0x004065c5
                                                                                                                                                0x00000000
                                                                                                                                                0x004065c5
                                                                                                                                                0x0040657d
                                                                                                                                                0x0040657e
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004066da
                                                                                                                                                0x004066da
                                                                                                                                                0x004066da
                                                                                                                                                0x004066dd
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004066ba
                                                                                                                                                0x004066ba
                                                                                                                                                0x004066be
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004066c4
                                                                                                                                                0x004066c4
                                                                                                                                                0x004066c7
                                                                                                                                                0x004066ca
                                                                                                                                                0x004066cf
                                                                                                                                                0x004066d1
                                                                                                                                                0x004066d4
                                                                                                                                                0x004066d7
                                                                                                                                                0x004066d7
                                                                                                                                                0x004066d7
                                                                                                                                                0x004066df
                                                                                                                                                0x004066df
                                                                                                                                                0x004066e2
                                                                                                                                                0x004066e4
                                                                                                                                                0x004066e9
                                                                                                                                                0x004066ec
                                                                                                                                                0x004066ee
                                                                                                                                                0x004066f1
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004066f7
                                                                                                                                                0x004066f7
                                                                                                                                                0x004066f9
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004066ff
                                                                                                                                                0x004066ff
                                                                                                                                                0x00406703
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406709
                                                                                                                                                0x00406709
                                                                                                                                                0x0040670c
                                                                                                                                                0x0040670e
                                                                                                                                                0x004067ac
                                                                                                                                                0x004067ac
                                                                                                                                                0x004067af
                                                                                                                                                0x004067b1
                                                                                                                                                0x004067b1
                                                                                                                                                0x004067b4
                                                                                                                                                0x004067b7
                                                                                                                                                0x004067b9
                                                                                                                                                0x004067bb
                                                                                                                                                0x004067bd
                                                                                                                                                0x004067bd
                                                                                                                                                0x004067c6
                                                                                                                                                0x004067cb
                                                                                                                                                0x004067ce
                                                                                                                                                0x004067d1
                                                                                                                                                0x004067d4
                                                                                                                                                0x004067d7
                                                                                                                                                0x004067d7
                                                                                                                                                0x004067d7
                                                                                                                                                0x004067da
                                                                                                                                                0x004067e0
                                                                                                                                                0x004067e0
                                                                                                                                                0x004067e6
                                                                                                                                                0x004067e6
                                                                                                                                                0x004067e6
                                                                                                                                                0x00000000
                                                                                                                                                0x004067da
                                                                                                                                                0x00406714
                                                                                                                                                0x00406714
                                                                                                                                                0x0040671a
                                                                                                                                                0x0040671d
                                                                                                                                                0x0040671f
                                                                                                                                                0x0040674a
                                                                                                                                                0x0040674d
                                                                                                                                                0x00406753
                                                                                                                                                0x00406758
                                                                                                                                                0x0040675e
                                                                                                                                                0x00406764
                                                                                                                                                0x00406766
                                                                                                                                                0x00406769
                                                                                                                                                0x00406772
                                                                                                                                                0x00406778
                                                                                                                                                0x00406778
                                                                                                                                                0x0040676b
                                                                                                                                                0x0040676d
                                                                                                                                                0x0040676f
                                                                                                                                                0x0040676f
                                                                                                                                                0x0040677a
                                                                                                                                                0x00406780
                                                                                                                                                0x00406783
                                                                                                                                                0x00406785
                                                                                                                                                0x00406787
                                                                                                                                                0x0040678d
                                                                                                                                                0x0040678f
                                                                                                                                                0x00406791
                                                                                                                                                0x00406794
                                                                                                                                                0x0040679d
                                                                                                                                                0x0040679d
                                                                                                                                                0x0040679f
                                                                                                                                                0x00406796
                                                                                                                                                0x00406796
                                                                                                                                                0x00406799
                                                                                                                                                0x00406799
                                                                                                                                                0x004067a1
                                                                                                                                                0x004067a1
                                                                                                                                                0x0040678f
                                                                                                                                                0x004067a4
                                                                                                                                                0x004067a6
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004067a6
                                                                                                                                                0x00406721
                                                                                                                                                0x00406721
                                                                                                                                                0x00406727
                                                                                                                                                0x0040672d
                                                                                                                                                0x0040672f
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406731
                                                                                                                                                0x00406731
                                                                                                                                                0x00406733
                                                                                                                                                0x00406735
                                                                                                                                                0x00406738
                                                                                                                                                0x0040673f
                                                                                                                                                0x0040673f
                                                                                                                                                0x00406741
                                                                                                                                                0x0040673a
                                                                                                                                                0x0040673a
                                                                                                                                                0x0040673c
                                                                                                                                                0x0040673c
                                                                                                                                                0x00406743
                                                                                                                                                0x00406745
                                                                                                                                                0x00406748
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040684c
                                                                                                                                                0x0040684f
                                                                                                                                                0x00406852
                                                                                                                                                0x00406858
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406a2f
                                                                                                                                                0x00406a2f
                                                                                                                                                0x00406a2f
                                                                                                                                                0x00406a32
                                                                                                                                                0x00406a35
                                                                                                                                                0x00406a37
                                                                                                                                                0x00406a3a
                                                                                                                                                0x00406a40
                                                                                                                                                0x00406a47
                                                                                                                                                0x00406a49
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040691d
                                                                                                                                                0x0040691d
                                                                                                                                                0x00406945
                                                                                                                                                0x00406945
                                                                                                                                                0x00406945
                                                                                                                                                0x00406947
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406925
                                                                                                                                                0x00406925
                                                                                                                                                0x00406929
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040692f
                                                                                                                                                0x0040692f
                                                                                                                                                0x00406932
                                                                                                                                                0x00406935
                                                                                                                                                0x00406938
                                                                                                                                                0x0040693a
                                                                                                                                                0x0040693c
                                                                                                                                                0x0040693f
                                                                                                                                                0x00406942
                                                                                                                                                0x00406942
                                                                                                                                                0x00406942
                                                                                                                                                0x00406949
                                                                                                                                                0x00406949
                                                                                                                                                0x00406951
                                                                                                                                                0x00406954
                                                                                                                                                0x0040695a
                                                                                                                                                0x0040695d
                                                                                                                                                0x00406961
                                                                                                                                                0x00406965
                                                                                                                                                0x00406968
                                                                                                                                                0x0040696b
                                                                                                                                                0x00406983
                                                                                                                                                0x00406983
                                                                                                                                                0x00406986
                                                                                                                                                0x00406994
                                                                                                                                                0x00406997
                                                                                                                                                0x00406988
                                                                                                                                                0x00406988
                                                                                                                                                0x0040698a
                                                                                                                                                0x00406991
                                                                                                                                                0x00406991
                                                                                                                                                0x004069c0
                                                                                                                                                0x004069c0
                                                                                                                                                0x004069c0
                                                                                                                                                0x004069c3
                                                                                                                                                0x004069c5
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004069a0
                                                                                                                                                0x004069a0
                                                                                                                                                0x004069a4
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004069aa
                                                                                                                                                0x004069aa
                                                                                                                                                0x004069ad
                                                                                                                                                0x004069b0
                                                                                                                                                0x004069b3
                                                                                                                                                0x004069b5
                                                                                                                                                0x004069b7
                                                                                                                                                0x004069ba
                                                                                                                                                0x004069bd
                                                                                                                                                0x004069bd
                                                                                                                                                0x004069bd
                                                                                                                                                0x004069c7
                                                                                                                                                0x004069c7
                                                                                                                                                0x004069c9
                                                                                                                                                0x004069cb
                                                                                                                                                0x004069d6
                                                                                                                                                0x004069d9
                                                                                                                                                0x004069dc
                                                                                                                                                0x004069de
                                                                                                                                                0x004069e0
                                                                                                                                                0x004069e2
                                                                                                                                                0x004069e5
                                                                                                                                                0x004069e8
                                                                                                                                                0x004069ed
                                                                                                                                                0x004069f0
                                                                                                                                                0x004069f3
                                                                                                                                                0x004069f6
                                                                                                                                                0x004069fd
                                                                                                                                                0x00406a00
                                                                                                                                                0x00406a02
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406a08
                                                                                                                                                0x00406a08
                                                                                                                                                0x00406a0c
                                                                                                                                                0x00406a1d
                                                                                                                                                0x00406a1d
                                                                                                                                                0x00406a1d
                                                                                                                                                0x00406a1f
                                                                                                                                                0x00406a1f
                                                                                                                                                0x00406a23
                                                                                                                                                0x00406a23
                                                                                                                                                0x00406a23
                                                                                                                                                0x00406a25
                                                                                                                                                0x00406a26
                                                                                                                                                0x00406a29
                                                                                                                                                0x00406a29
                                                                                                                                                0x00406a29
                                                                                                                                                0x00406a2c
                                                                                                                                                0x00000000
                                                                                                                                                0x00406a2c
                                                                                                                                                0x00406a0e
                                                                                                                                                0x00406a0e
                                                                                                                                                0x00406a11
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406a17
                                                                                                                                                0x00406a17
                                                                                                                                                0x00000000
                                                                                                                                                0x00406a17
                                                                                                                                                0x0040696d
                                                                                                                                                0x0040696d
                                                                                                                                                0x0040696f
                                                                                                                                                0x00406971
                                                                                                                                                0x00406974
                                                                                                                                                0x00406977
                                                                                                                                                0x0040697b
                                                                                                                                                0x0040697b
                                                                                                                                                0x00406a4f
                                                                                                                                                0x00406a4f
                                                                                                                                                0x00406a52
                                                                                                                                                0x00406a59
                                                                                                                                                0x00406a5d
                                                                                                                                                0x00406a5f
                                                                                                                                                0x00406a62
                                                                                                                                                0x00406a65
                                                                                                                                                0x00406a6a
                                                                                                                                                0x00406a6d
                                                                                                                                                0x00406a6f
                                                                                                                                                0x00406a70
                                                                                                                                                0x00406a73
                                                                                                                                                0x00406a7e
                                                                                                                                                0x00406a81
                                                                                                                                                0x00406a98
                                                                                                                                                0x00406a9d
                                                                                                                                                0x00406aa4
                                                                                                                                                0x00406aa9
                                                                                                                                                0x00406aad
                                                                                                                                                0x00406aaf
                                                                                                                                                0x00406aaf
                                                                                                                                                0x00406aaf
                                                                                                                                                0x00406ab2
                                                                                                                                                0x00406ab4
                                                                                                                                                0x00000000
                                                                                                                                                0x00406aba
                                                                                                                                                0x00406aba
                                                                                                                                                0x00406abe
                                                                                                                                                0x00406ac9
                                                                                                                                                0x00406adc
                                                                                                                                                0x00406ae1
                                                                                                                                                0x00406ae6
                                                                                                                                                0x00406ae8
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406aee
                                                                                                                                                0x00406aee
                                                                                                                                                0x00406af1
                                                                                                                                                0x00406af3
                                                                                                                                                0x00406b01
                                                                                                                                                0x00406b01
                                                                                                                                                0x00406b04
                                                                                                                                                0x00406b04
                                                                                                                                                0x00406b07
                                                                                                                                                0x00406b0a
                                                                                                                                                0x00406b0d
                                                                                                                                                0x00406b10
                                                                                                                                                0x00406b13
                                                                                                                                                0x00406b16
                                                                                                                                                0x00000000
                                                                                                                                                0x00406b16
                                                                                                                                                0x00406af5
                                                                                                                                                0x00406af5
                                                                                                                                                0x00406afb
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406afb
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406e9a
                                                                                                                                                0x00406e9a
                                                                                                                                                0x00406ea0
                                                                                                                                                0x00406ea6
                                                                                                                                                0x00406eab
                                                                                                                                                0x00406eb1
                                                                                                                                                0x00406eb7
                                                                                                                                                0x00406eb9
                                                                                                                                                0x00406ebc
                                                                                                                                                0x00406ec5
                                                                                                                                                0x00406ecb
                                                                                                                                                0x00406ecb
                                                                                                                                                0x00406ebe
                                                                                                                                                0x00406ec0
                                                                                                                                                0x00406ec2
                                                                                                                                                0x00406ec2
                                                                                                                                                0x00406ecd
                                                                                                                                                0x00406ecf
                                                                                                                                                0x00406ed2
                                                                                                                                                0x00406f0d
                                                                                                                                                0x00406f0d
                                                                                                                                                0x00000000
                                                                                                                                                0x00406ed4
                                                                                                                                                0x00406ed4
                                                                                                                                                0x00406ed4
                                                                                                                                                0x00406eda
                                                                                                                                                0x00406edd
                                                                                                                                                0x00406edf
                                                                                                                                                0x00406f14
                                                                                                                                                0x00406f16
                                                                                                                                                0x00000000
                                                                                                                                                0x00406f16
                                                                                                                                                0x00000000
                                                                                                                                                0x00406edf
                                                                                                                                                0x00000000
                                                                                                                                                0x0040651e
                                                                                                                                                0x00406eec
                                                                                                                                                0x00000000
                                                                                                                                                0x00406eec
                                                                                                                                                0x00406900
                                                                                                                                                0x00406902
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406904
                                                                                                                                                0x00406904
                                                                                                                                                0x00406907
                                                                                                                                                0x00000000
                                                                                                                                                0x00406907
                                                                                                                                                0x0040684c
                                                                                                                                                0x0040680d
                                                                                                                                                0x00406ef1
                                                                                                                                                0x00406ef4
                                                                                                                                                0x00406ef6
                                                                                                                                                0x00406eff
                                                                                                                                                0x00406f05
                                                                                                                                                0x00000000

                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 82a44bc8fd526afdff965e1cd5e7f2d0a246497ca5c27b0c944ad4ba04d420dd
                                                                                                                                                • Instruction ID: dc39b55080118b2a9f2c57fc2b953182458e36931565741e2945480d6a34e330
                                                                                                                                                • Opcode Fuzzy Hash: 82a44bc8fd526afdff965e1cd5e7f2d0a246497ca5c27b0c944ad4ba04d420dd
                                                                                                                                                • Instruction Fuzzy Hash: D2E19A7190070ADFDB24CF58D890BAAB7F1EB44305F15842EE897A76C1D738AA95CF44
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00406FC4 Relevance: .3, Instructions: 300COMMONCrypto
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00406FC4(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x42d688 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x42d688;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t283 = _t282 - 1;
								_t200 = _a28 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									if(_t296 > _a28) {
										_t296 = _a28;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_a5 = _a28;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t225 = _t224 + _a28;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t284 = _v36;
								_a5 = _v8 - _t186;
								if(_t284 < 0x42d688 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t283 = _t282 - 1;
										_t200 = _a28 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}











































































                                                                                                                                                0x00406fcf
                                                                                                                                                0x00406fd7
                                                                                                                                                0x00406fdb
                                                                                                                                                0x00406fdd
                                                                                                                                                0x00406fe0
                                                                                                                                                0x00406fe2
                                                                                                                                                0x00406fe2
                                                                                                                                                0x00406fe4
                                                                                                                                                0x00406feb
                                                                                                                                                0x00406fed
                                                                                                                                                0x00406fed
                                                                                                                                                0x00406ff3
                                                                                                                                                0x00407008
                                                                                                                                                0x00407010
                                                                                                                                                0x00407012
                                                                                                                                                0x00407014
                                                                                                                                                0x00407017
                                                                                                                                                0x00407018
                                                                                                                                                0x00407018
                                                                                                                                                0x0040701e
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00407020
                                                                                                                                                0x00407023
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00407023
                                                                                                                                                0x00407027
                                                                                                                                                0x0040702a
                                                                                                                                                0x0040702c
                                                                                                                                                0x0040702c
                                                                                                                                                0x0040702f
                                                                                                                                                0x00407035
                                                                                                                                                0x00407036
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00407036
                                                                                                                                                0x0040703b
                                                                                                                                                0x0040703e
                                                                                                                                                0x00407040
                                                                                                                                                0x00407040
                                                                                                                                                0x00407046
                                                                                                                                                0x00407048
                                                                                                                                                0x00407059
                                                                                                                                                0x0040704c
                                                                                                                                                0x00407050
                                                                                                                                                0x004072f5
                                                                                                                                                0x00000000
                                                                                                                                                0x004072f5
                                                                                                                                                0x00407056
                                                                                                                                                0x00407057
                                                                                                                                                0x00407057
                                                                                                                                                0x0040705f
                                                                                                                                                0x00407062
                                                                                                                                                0x00407066
                                                                                                                                                0x00407068
                                                                                                                                                0x0040706a
                                                                                                                                                0x0040706d
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00407075
                                                                                                                                                0x0040707b
                                                                                                                                                0x0040707d
                                                                                                                                                0x0040707f
                                                                                                                                                0x00407080
                                                                                                                                                0x00407095
                                                                                                                                                0x00407095
                                                                                                                                                0x00407098
                                                                                                                                                0x0040709a
                                                                                                                                                0x0040709a
                                                                                                                                                0x0040709c
                                                                                                                                                0x004070a1
                                                                                                                                                0x004070a3
                                                                                                                                                0x004070aa
                                                                                                                                                0x004070ac
                                                                                                                                                0x004070b4
                                                                                                                                                0x004070b4
                                                                                                                                                0x004070b6
                                                                                                                                                0x004070b7
                                                                                                                                                0x004070c6
                                                                                                                                                0x004070ca
                                                                                                                                                0x004070ce
                                                                                                                                                0x004070d1
                                                                                                                                                0x004070d4
                                                                                                                                                0x004070d9
                                                                                                                                                0x004070dc
                                                                                                                                                0x004070e2
                                                                                                                                                0x004070e9
                                                                                                                                                0x004070ef
                                                                                                                                                0x004072e8
                                                                                                                                                0x004072e8
                                                                                                                                                0x004072ed
                                                                                                                                                0x004072fc
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004072ed
                                                                                                                                                0x004070fc
                                                                                                                                                0x004070ff
                                                                                                                                                0x00407102
                                                                                                                                                0x00407105
                                                                                                                                                0x00407109
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00407114
                                                                                                                                                0x00407117
                                                                                                                                                0x00407118
                                                                                                                                                0x0040711a
                                                                                                                                                0x00407120
                                                                                                                                                0x00407123
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00407129
                                                                                                                                                0x0040712a
                                                                                                                                                0x0040712d
                                                                                                                                                0x00407130
                                                                                                                                                0x00407133
                                                                                                                                                0x00407139
                                                                                                                                                0x0040713b
                                                                                                                                                0x0040713b
                                                                                                                                                0x00407143
                                                                                                                                                0x00407147
                                                                                                                                                0x0040714c
                                                                                                                                                0x00407171
                                                                                                                                                0x00407177
                                                                                                                                                0x00407179
                                                                                                                                                0x0040717b
                                                                                                                                                0x0040717e
                                                                                                                                                0x00407187
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040714e
                                                                                                                                                0x0040714e
                                                                                                                                                0x00407157
                                                                                                                                                0x0040715b
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040716c
                                                                                                                                                0x0040716c
                                                                                                                                                0x0040716f
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040715f
                                                                                                                                                0x00407162
                                                                                                                                                0x00407164
                                                                                                                                                0x00407168
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040716a
                                                                                                                                                0x0040716a
                                                                                                                                                0x00000000
                                                                                                                                                0x0040716c
                                                                                                                                                0x00407190
                                                                                                                                                0x00407196
                                                                                                                                                0x004071a0
                                                                                                                                                0x004071a2
                                                                                                                                                0x004071a7
                                                                                                                                                0x004071a9
                                                                                                                                                0x004071df
                                                                                                                                                0x004071ab
                                                                                                                                                0x004071ab
                                                                                                                                                0x004071ae
                                                                                                                                                0x004071b1
                                                                                                                                                0x004071bb
                                                                                                                                                0x004071be
                                                                                                                                                0x004071c5
                                                                                                                                                0x004071d0
                                                                                                                                                0x004071d7
                                                                                                                                                0x004071d7
                                                                                                                                                0x004071e1
                                                                                                                                                0x004071e4
                                                                                                                                                0x004071e6
                                                                                                                                                0x004071ec
                                                                                                                                                0x004071ec
                                                                                                                                                0x004071f5
                                                                                                                                                0x004071f8
                                                                                                                                                0x004071fd
                                                                                                                                                0x0040720c
                                                                                                                                                0x00407214
                                                                                                                                                0x00407219
                                                                                                                                                0x0040723d
                                                                                                                                                0x00407245
                                                                                                                                                0x00407249
                                                                                                                                                0x0040724f
                                                                                                                                                0x0040721b
                                                                                                                                                0x00407229
                                                                                                                                                0x0040722c
                                                                                                                                                0x00407232
                                                                                                                                                0x00407232
                                                                                                                                                0x00407253
                                                                                                                                                0x0040720e
                                                                                                                                                0x0040720e
                                                                                                                                                0x0040720e
                                                                                                                                                0x00407264
                                                                                                                                                0x00407268
                                                                                                                                                0x00407274
                                                                                                                                                0x0040726f
                                                                                                                                                0x00407272
                                                                                                                                                0x00407272
                                                                                                                                                0x0040727c
                                                                                                                                                0x00407281
                                                                                                                                                0x00407289
                                                                                                                                                0x00407285
                                                                                                                                                0x00407287
                                                                                                                                                0x00407287
                                                                                                                                                0x0040728f
                                                                                                                                                0x00407291
                                                                                                                                                0x00407298
                                                                                                                                                0x004072a2
                                                                                                                                                0x004072ac
                                                                                                                                                0x004072c8
                                                                                                                                                0x004072cc
                                                                                                                                                0x00407111
                                                                                                                                                0x00407117
                                                                                                                                                0x00407118
                                                                                                                                                0x0040711a
                                                                                                                                                0x00407120
                                                                                                                                                0x00407123
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00407123
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x004072ae
                                                                                                                                                0x004072ae
                                                                                                                                                0x004072ae
                                                                                                                                                0x004072b3
                                                                                                                                                0x004072bc
                                                                                                                                                0x004072c5
                                                                                                                                                0x00000000
                                                                                                                                                0x004072c5
                                                                                                                                                0x004072d2
                                                                                                                                                0x004072d2
                                                                                                                                                0x004072d5
                                                                                                                                                0x004072dc
                                                                                                                                                0x004072df
                                                                                                                                                0x00000000
                                                                                                                                                0x00407102
                                                                                                                                                0x00407082
                                                                                                                                                0x00407084
                                                                                                                                                0x00407084
                                                                                                                                                0x00407088
                                                                                                                                                0x0040708b
                                                                                                                                                0x0040708c
                                                                                                                                                0x0040708c
                                                                                                                                                0x00000000
                                                                                                                                                0x00407084
                                                                                                                                                0x00406ff8
                                                                                                                                                0x00406ffe
                                                                                                                                                0x00000000

                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: fca4b55698b2abcc8e5cbf272b741b12ffb4e3b740e9774b5bdfc5da95159218
                                                                                                                                                • Instruction ID: 2f0950e66cb79552dca6b2fc49cb98149526550dbc918883d7c1b9af38c738a1
                                                                                                                                                • Opcode Fuzzy Hash: fca4b55698b2abcc8e5cbf272b741b12ffb4e3b740e9774b5bdfc5da95159218
                                                                                                                                                • Instruction Fuzzy Hash: 42C13831E042598BCF18CF68D4905EEB7B2BF99314F25827ED8567B380D734A942CB95
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00404AA3 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 489windowmemoryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                			E00404AA3(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t203;
				void* _t205;
				intOrPtr _t206;
				intOrPtr _t208;
				long _t212;
				signed int _t216;
				signed int _t227;
				void* _t230;
				void* _t231;
				int _t237;
				long _t242;
				long _t243;
				signed int _t244;
				signed int _t250;
				signed int _t252;
				signed char _t253;
				signed char _t259;
				void* _t264;
				void* _t266;
				signed char* _t284;
				signed char _t285;
				long _t287;
				long _t290;
				void* _t291;
				signed int _t300;
				signed int _t308;
				void* _t309;
				void* _t310;
				signed char* _t316;
				int _t320;
				int _t321;
				signed int* _t322;
				int _t323;
				long _t324;
				signed int _t325;
				long _t327;
				int _t328;
				signed int _t329;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_v8 = GetDlgItem(_a4, 0x408);
				_t331 = SendMessageA;
				_v24 =  *0x42f448;
				_v28 =  *0x42f414 + 0x94;
				_t320 = 0x10;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t298 = _a16;
					} else {
						_a12 = 0;
						_t298 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t298;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t298 + 4)) == 0x408) {
							if(( *0x42f41d & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t242 = _v16;
									if( *((intOrPtr*)(_t242 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, 0,  *(_t242 + 0x5c));
									}
									_t243 = _v16;
									if( *((intOrPtr*)(_t243 + 8)) == 0xfffffe6a) {
										_t298 = _v24;
										_t244 =  *(_t243 + 0x5c);
										if( *((intOrPtr*)(_t243 + 0xc)) != 2) {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) & 0xffffffdf;
										} else {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t298 = 0 | _a8 != 0x00000413;
								_t250 = E004049F1(_v8, _a8 != 0x413);
								_t325 = _t250;
								if(_t325 >= 0) {
									_t99 = _v24 + 8; // 0x8
									_t298 = _t250 * 0x418 + _t99;
									_t252 =  *_t298;
									if((_t252 & 0x00000010) == 0) {
										if((_t252 & 0x00000040) == 0) {
											_t253 = _t252 ^ 0x00000001;
										} else {
											_t259 = _t252 ^ 0x00000080;
											if(_t259 >= 0) {
												_t253 = _t259 & 0x000000fe;
											} else {
												_t253 = _t259 | 0x00000001;
											}
										}
										 *_t298 = _t253;
										E0040117D(_t325);
										_a12 = _t325 + 1;
										_a16 =  !( *0x42f41c) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t298 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t230 =  *0x42a854; // 0x0
								if(_t230 != 0) {
									ImageList_Destroy(_t230);
								}
								_t231 =  *0x42a868; // 0x0
								if(_t231 != 0) {
									GlobalFree(_t231);
								}
								 *0x42a854 = 0;
								 *0x42a868 = 0;
								 *0x42f480 = 0;
							}
							if(_a8 != 0x40f) {
								L88:
								if(_a8 == 0x420 && ( *0x42f41d & 0x00000001) != 0) {
									_t321 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t321);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t321);
								}
								goto L91;
							} else {
								E004011EF(_t298, 0, 0);
								_t203 = _a12;
								if(_t203 != 0) {
									if(_t203 != 0xffffffff) {
										_t203 = _t203 - 1;
									}
									_push(_t203);
									_push(8);
									E00404A71();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t298, 0, 0);
									_t205 =  *0x42a868; // 0x0
									_v36 = _t205;
									_t206 =  *0x42f448;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42f44c <= 0) {
										L86:
										InvalidateRect(_v8, 0, 1);
										_t208 =  *0x42ebdc; // 0x737e50
										if( *((intOrPtr*)(_t208 + 0x10)) != 0) {
											E004049AC(0x3ff, 0xfffffffb, E004049C4(5));
										}
										goto L88;
									}
									_t322 = _t206 + 8;
									do {
										_t212 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t212 != 0) {
											_t300 =  *_t322;
											_v72 = _t212;
											_v76 = 8;
											if((_t300 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t322[4]);
												_t322[0] = _t322[0] & 0x000000fe;
											}
											if((_t300 & 0x00000040) == 0) {
												_t216 = (_t300 & 0x00000001) + 1;
												if((_t300 & 0x00000010) != 0) {
													_t216 = _t216 + 3;
												}
											} else {
												_t216 = 3;
											}
											_v68 = (_t216 << 0x0000000b | _t300 & 0x00000008) + (_t216 << 0x0000000b | _t300 & 0x00000008) | _t300 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t300 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageA(_v8, 0x110d, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t322 =  &(_t322[0x106]);
									} while (_v24 <  *0x42f44c);
									goto L86;
								} else {
									_t323 = E004012E2( *0x42a868);
									E00401299(_t323);
									_t227 = 0;
									_t298 = 0;
									if(_t323 <= 0) {
										L74:
										SendMessageA(_v12, 0x14e, _t298, 0);
										_a16 = _t323;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t227 * 4)) != 0) {
											_t298 = _t298 + 1;
										}
										_t227 = _t227 + 1;
									} while (_t227 < _t323);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L91;
						} else {
							_t237 = SendMessageA(_v12, 0x147, 0, 0);
							if(_t237 == 0xffffffff) {
								goto L91;
							}
							_t324 = SendMessageA(_v12, 0x150, _t237, 0);
							if(_t324 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t324 * 4)) == 0) {
								_t324 = 0x20;
							}
							E00401299(_t324);
							SendMessageA(_a4, 0x420, 0, _t324);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					 *0x42f480 = _a4;
					_v20 = 2;
					 *0x42a868 = GlobalAlloc(0x40,  *0x42f44c << 2);
					_t264 = LoadImageA( *0x42f400, 0x6e, 0, 0, 0, 0);
					 *0x42a85c =  *0x42a85c | 0xffffffff;
					_v16 = _t264;
					 *0x42a864 = SetWindowLongA(_v8, 0xfffffffc, E004050AB);
					_t266 = ImageList_Create(_t320, _t320, 0x21, 6, 0);
					 *0x42a854 = _t266;
					ImageList_AddMasked(_t266, _v16, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x42a854);
					if(SendMessageA(_v8, 0x111c, 0, 0) < _t320) {
						SendMessageA(_v8, 0x111b, _t320, 0);
					}
					DeleteObject(_v16);
					_t327 = 0;
					do {
						_t272 =  *((intOrPtr*)(_v28 + _t327 * 4));
						if( *((intOrPtr*)(_v28 + _t327 * 4)) != 0) {
							if(_t327 != 0x20) {
								_v20 = 0;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, 0, E00406032(0, _t327, _t331, 0, _t272)), _t327);
						}
						_t327 = _t327 + 1;
					} while (_t327 < 0x21);
					_t328 = _a16;
					_push( *((intOrPtr*)(_t328 + 0x30 + _v20 * 4)));
					_push(0x15);
					E0040409E(_a4);
					_push( *((intOrPtr*)(_t328 + 0x34 + _v20 * 4)));
					_push(0x16);
					E0040409E(_a4);
					_t329 = 0;
					_v16 = 0;
					if( *0x42f44c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t316 = _v24 + 8;
						_v32 = _t316;
						do {
							_t284 =  &(_t316[0x10]);
							if( *_t284 != 0) {
								_v64 = _t284;
								_t285 =  *_t316;
								_v88 = _v16;
								_t308 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t308;
								_v44 = _t329;
								_v72 = _t285 & _t308;
								if((_t285 & 0x00000002) == 0) {
									if((_t285 & 0x00000004) == 0) {
										_t287 = SendMessageA(_v8, 0x1100, 0,  &_v88);
										_t309 =  *0x42a868; // 0x0
										 *(_t309 + _t329 * 4) = _t287;
									} else {
										_v16 = SendMessageA(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t290 = SendMessageA(_v8, 0x1100, 0,  &_v88);
									_t310 =  *0x42a868; // 0x0
									_v36 = 1;
									 *(_t310 + _t329 * 4) = _t290;
									_t291 =  *0x42a868; // 0x0
									_v16 =  *(_t291 + _t329 * 4);
								}
							}
							_t329 = _t329 + 1;
							_t316 =  &(_v32[0x418]);
							_v32 = _t316;
						} while (_t329 <  *0x42f44c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004040D3(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004040D3(_v12);
								L91:
								return E00404105(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}































































                                                                                                                                                0x00404ac1
                                                                                                                                                0x00404ac9
                                                                                                                                                0x00404ad1
                                                                                                                                                0x00404ad7
                                                                                                                                                0x00404aef
                                                                                                                                                0x00404af2
                                                                                                                                                0x00404af3
                                                                                                                                                0x00404d20
                                                                                                                                                0x00404d27
                                                                                                                                                0x00404d3b
                                                                                                                                                0x00404d29
                                                                                                                                                0x00404d2b
                                                                                                                                                0x00404d2e
                                                                                                                                                0x00404d2f
                                                                                                                                                0x00404d36
                                                                                                                                                0x00404d36
                                                                                                                                                0x00404d47
                                                                                                                                                0x00404d55
                                                                                                                                                0x00404d58
                                                                                                                                                0x00404d6e
                                                                                                                                                0x00404de3
                                                                                                                                                0x00404de6
                                                                                                                                                0x00404de8
                                                                                                                                                0x00404df2
                                                                                                                                                0x00404e00
                                                                                                                                                0x00404e00
                                                                                                                                                0x00404e02
                                                                                                                                                0x00404e0c
                                                                                                                                                0x00404e12
                                                                                                                                                0x00404e15
                                                                                                                                                0x00404e18
                                                                                                                                                0x00404e33
                                                                                                                                                0x00404e1a
                                                                                                                                                0x00404e24
                                                                                                                                                0x00404e24
                                                                                                                                                0x00404e18
                                                                                                                                                0x00404e0c
                                                                                                                                                0x00000000
                                                                                                                                                0x00404de6
                                                                                                                                                0x00404d73
                                                                                                                                                0x00404d7e
                                                                                                                                                0x00404d83
                                                                                                                                                0x00404d8a
                                                                                                                                                0x00404d8f
                                                                                                                                                0x00404d93
                                                                                                                                                0x00404d9e
                                                                                                                                                0x00404d9e
                                                                                                                                                0x00404da2
                                                                                                                                                0x00404da6
                                                                                                                                                0x00404daa
                                                                                                                                                0x00404dbd
                                                                                                                                                0x00404dac
                                                                                                                                                0x00404dac
                                                                                                                                                0x00404db3
                                                                                                                                                0x00404db9
                                                                                                                                                0x00404db5
                                                                                                                                                0x00404db5
                                                                                                                                                0x00404db5
                                                                                                                                                0x00404db3
                                                                                                                                                0x00404dc1
                                                                                                                                                0x00404dc3
                                                                                                                                                0x00404dd6
                                                                                                                                                0x00404dd9
                                                                                                                                                0x00404ddc
                                                                                                                                                0x00404ddc
                                                                                                                                                0x00404da6
                                                                                                                                                0x00000000
                                                                                                                                                0x00404d93
                                                                                                                                                0x00404d75
                                                                                                                                                0x00404d7c
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00404e36
                                                                                                                                                0x00404e36
                                                                                                                                                0x00404e3d
                                                                                                                                                0x00404eae
                                                                                                                                                0x00404eb6
                                                                                                                                                0x00404ebe
                                                                                                                                                0x00404ebe
                                                                                                                                                0x00404ec7
                                                                                                                                                0x00404ec9
                                                                                                                                                0x00404ed0
                                                                                                                                                0x00404ed3
                                                                                                                                                0x00404ed3
                                                                                                                                                0x00404ed9
                                                                                                                                                0x00404ee0
                                                                                                                                                0x00404ee3
                                                                                                                                                0x00404ee3
                                                                                                                                                0x00404ee9
                                                                                                                                                0x00404eef
                                                                                                                                                0x00404ef5
                                                                                                                                                0x00404ef5
                                                                                                                                                0x00404f02
                                                                                                                                                0x00405058
                                                                                                                                                0x0040505f
                                                                                                                                                0x0040507c
                                                                                                                                                0x00405082
                                                                                                                                                0x00405094
                                                                                                                                                0x00405094
                                                                                                                                                0x00000000
                                                                                                                                                0x00404f08
                                                                                                                                                0x00404f0a
                                                                                                                                                0x00404f0f
                                                                                                                                                0x00404f14
                                                                                                                                                0x00404f19
                                                                                                                                                0x00404f1b
                                                                                                                                                0x00404f1b
                                                                                                                                                0x00404f1c
                                                                                                                                                0x00404f1d
                                                                                                                                                0x00404f1f
                                                                                                                                                0x00404f1f
                                                                                                                                                0x00404f27
                                                                                                                                                0x00404f68
                                                                                                                                                0x00404f6a
                                                                                                                                                0x00404f6f
                                                                                                                                                0x00404f7a
                                                                                                                                                0x00404f7d
                                                                                                                                                0x00404f82
                                                                                                                                                0x00404f89
                                                                                                                                                0x00404f8c
                                                                                                                                                0x0040502e
                                                                                                                                                0x00405034
                                                                                                                                                0x0040503a
                                                                                                                                                0x00405042
                                                                                                                                                0x00405053
                                                                                                                                                0x00405053
                                                                                                                                                0x00000000
                                                                                                                                                0x00405042
                                                                                                                                                0x00404f92
                                                                                                                                                0x00404f95
                                                                                                                                                0x00404f9b
                                                                                                                                                0x00404fa0
                                                                                                                                                0x00404fa2
                                                                                                                                                0x00404fa4
                                                                                                                                                0x00404faa
                                                                                                                                                0x00404fb1
                                                                                                                                                0x00404fb6
                                                                                                                                                0x00404fbd
                                                                                                                                                0x00404fc0
                                                                                                                                                0x00404fc0
                                                                                                                                                0x00404fc7
                                                                                                                                                0x00404fd3
                                                                                                                                                0x00404fd7
                                                                                                                                                0x00404fd9
                                                                                                                                                0x00404fd9
                                                                                                                                                0x00404fc9
                                                                                                                                                0x00404fcb
                                                                                                                                                0x00404fcb
                                                                                                                                                0x00404ff9
                                                                                                                                                0x00405005
                                                                                                                                                0x00405014
                                                                                                                                                0x00405014
                                                                                                                                                0x00405016
                                                                                                                                                0x00405019
                                                                                                                                                0x00405022
                                                                                                                                                0x00000000
                                                                                                                                                0x00404f29
                                                                                                                                                0x00404f34
                                                                                                                                                0x00404f37
                                                                                                                                                0x00404f3c
                                                                                                                                                0x00404f3e
                                                                                                                                                0x00404f42
                                                                                                                                                0x00404f52
                                                                                                                                                0x00404f5c
                                                                                                                                                0x00404f5e
                                                                                                                                                0x00404f61
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00404f44
                                                                                                                                                0x00404f44
                                                                                                                                                0x00404f4a
                                                                                                                                                0x00404f4c
                                                                                                                                                0x00404f4c
                                                                                                                                                0x00404f4d
                                                                                                                                                0x00404f4e
                                                                                                                                                0x00000000
                                                                                                                                                0x00404f44
                                                                                                                                                0x00404f27
                                                                                                                                                0x00404f02
                                                                                                                                                0x00404e45
                                                                                                                                                0x00000000
                                                                                                                                                0x00404e5b
                                                                                                                                                0x00404e65
                                                                                                                                                0x00404e6a
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00404e7c
                                                                                                                                                0x00404e81
                                                                                                                                                0x00404e8d
                                                                                                                                                0x00404e8d
                                                                                                                                                0x00404e8f
                                                                                                                                                0x00404e9e
                                                                                                                                                0x00404ea0
                                                                                                                                                0x00404ea4
                                                                                                                                                0x00404ea7
                                                                                                                                                0x00000000
                                                                                                                                                0x00404ea7
                                                                                                                                                0x00404e45
                                                                                                                                                0x00404af9
                                                                                                                                                0x00404afc
                                                                                                                                                0x00404aff
                                                                                                                                                0x00404b0f
                                                                                                                                                0x00404b22
                                                                                                                                                0x00404b2d
                                                                                                                                                0x00404b33
                                                                                                                                                0x00404b41
                                                                                                                                                0x00404b54
                                                                                                                                                0x00404b59
                                                                                                                                                0x00404b64
                                                                                                                                                0x00404b6d
                                                                                                                                                0x00404b83
                                                                                                                                                0x00404b93
                                                                                                                                                0x00404b9f
                                                                                                                                                0x00404b9f
                                                                                                                                                0x00404ba4
                                                                                                                                                0x00404baa
                                                                                                                                                0x00404bac
                                                                                                                                                0x00404baf
                                                                                                                                                0x00404bb4
                                                                                                                                                0x00404bb9
                                                                                                                                                0x00404bbb
                                                                                                                                                0x00404bbb
                                                                                                                                                0x00404bdb
                                                                                                                                                0x00404bdb
                                                                                                                                                0x00404bdd
                                                                                                                                                0x00404bde
                                                                                                                                                0x00404be3
                                                                                                                                                0x00404be9
                                                                                                                                                0x00404bed
                                                                                                                                                0x00404bf2
                                                                                                                                                0x00404bfa
                                                                                                                                                0x00404bfe
                                                                                                                                                0x00404c03
                                                                                                                                                0x00404c08
                                                                                                                                                0x00404c10
                                                                                                                                                0x00404c13
                                                                                                                                                0x00404ce2
                                                                                                                                                0x00404cf5
                                                                                                                                                0x00000000
                                                                                                                                                0x00404c19
                                                                                                                                                0x00404c1c
                                                                                                                                                0x00404c1f
                                                                                                                                                0x00404c22
                                                                                                                                                0x00404c22
                                                                                                                                                0x00404c27
                                                                                                                                                0x00404c30
                                                                                                                                                0x00404c33
                                                                                                                                                0x00404c37
                                                                                                                                                0x00404c3a
                                                                                                                                                0x00404c3d
                                                                                                                                                0x00404c46
                                                                                                                                                0x00404c4f
                                                                                                                                                0x00404c52
                                                                                                                                                0x00404c55
                                                                                                                                                0x00404c58
                                                                                                                                                0x00404c96
                                                                                                                                                0x00404cb9
                                                                                                                                                0x00404cbb
                                                                                                                                                0x00404cc1
                                                                                                                                                0x00404c98
                                                                                                                                                0x00404ca7
                                                                                                                                                0x00404ca7
                                                                                                                                                0x00404c5a
                                                                                                                                                0x00404c5d
                                                                                                                                                0x00404c6b
                                                                                                                                                0x00404c75
                                                                                                                                                0x00404c77
                                                                                                                                                0x00404c7d
                                                                                                                                                0x00404c84
                                                                                                                                                0x00404c87
                                                                                                                                                0x00404c8f
                                                                                                                                                0x00404c8f
                                                                                                                                                0x00404c58
                                                                                                                                                0x00404cc7
                                                                                                                                                0x00404cc8
                                                                                                                                                0x00404cd4
                                                                                                                                                0x00404cd4
                                                                                                                                                0x00404ce0
                                                                                                                                                0x00404cfb
                                                                                                                                                0x00404cfe
                                                                                                                                                0x00404d1b
                                                                                                                                                0x00000000
                                                                                                                                                0x00404d00
                                                                                                                                                0x00404d05
                                                                                                                                                0x00404d0e
                                                                                                                                                0x00405096
                                                                                                                                                0x004050a8
                                                                                                                                                0x004050a8
                                                                                                                                                0x00404cfe
                                                                                                                                                0x00000000
                                                                                                                                                0x00404ce0
                                                                                                                                                0x00404c13

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                • String ID: $M$N$P~s
                                                                                                                                                • API String ID: 2564846305-2092576055
                                                                                                                                                • Opcode ID: e6310760d5add9660af2be19d135ade5c2f3b3dacb8baa6f0f882f7135c6f8ba
                                                                                                                                                • Instruction ID: b93138f0eedc2449d1e9bfda9be5258a8e47cdb0f0c7c2118b7039f3366b9e37
                                                                                                                                                • Opcode Fuzzy Hash: e6310760d5add9660af2be19d135ade5c2f3b3dacb8baa6f0f882f7135c6f8ba
                                                                                                                                                • Instruction Fuzzy Hash: AA026EB0900209AFEB20DFA5DD45AAE7BB5FB44314F14813AF614B62E0C7799D52CF58
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00404209 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 202windowstringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                			E00404209(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				intOrPtr _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t103;
				signed int _t106;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L11:
						__eflags = _a8 - 0x4e;
						if(_a8 != 0x4e) {
							__eflags = _a8 - 0x40b;
							if(_a8 == 0x40b) {
								 *0x42983c =  *0x42983c + 1;
								__eflags =  *0x42983c;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00404105(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x70b;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b) {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x201;
							if( *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
								_t100 =  *((intOrPtr*)(_t110 + 0x1c));
								_t109 =  *((intOrPtr*)(_t110 + 0x18));
								_v12 = _t100;
								__eflags = _t100 - _t109 - 0x800;
								_v16 = _t109;
								_v8 = 0x42e3a0;
								if(_t100 - _t109 < 0x800) {
									SendMessageA(_t52, 0x44b, 0,  &_v16);
									SetCursor(LoadCursorA(0, 0x7f02));
									_push(1);
									E004044AD(_a4, _v8);
									SetCursor(LoadCursorA(0, 0x7f00));
									_t110 = _a16;
								}
							}
						}
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x700;
						if( *((intOrPtr*)(_t110 + 8)) != 0x700) {
							goto L26;
						} else {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x100;
							if( *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
								goto L26;
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0xd;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x42f408, 0x111, 1, 0);
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0x1b;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x42f408, 0x10, 0, 0);
							}
							return 1;
						}
					}
					__eflags = _a12 >> 0x10;
					if(_a12 >> 0x10 != 0) {
						goto L25;
					}
					__eflags =  *0x42983c; // 0x0
					if(__eflags != 0) {
						goto L25;
					}
					_t103 =  *0x42a048; // 0x72c0ec
					_t25 = _t103 + 0x14; // 0x72c100
					_t112 = _t25;
					__eflags =  *_t112 & 0x00000020;
					if(( *_t112 & 0x00000020) == 0) {
						goto L25;
					}
					_t106 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
					__eflags = _t106;
					 *_t112 = _t106;
					E004040C0(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
					E00404489();
					goto L11;
				} else {
					_t98 = _a16;
					_t113 =  *(_t98 + 0x30);
					if(_t113 < 0) {
						_t107 =  *0x42ebdc; // 0x737e50
						_t113 =  *(_t107 - 4 + _t113 * 4);
					}
					_push( *((intOrPtr*)(_t98 + 0x34)));
					_t114 = _t113 +  *0x42f458;
					_push(0x22);
					_a16 =  *_t114;
					_v12 = _v12 & 0x00000000;
					_t115 = _t114 + 1;
					_v16 = _t115;
					_v8 = E004041D4;
					E0040409E(_a4);
					_push( *((intOrPtr*)(_t98 + 0x38)));
					_push(0x23);
					E0040409E(_a4);
					CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
					E004040C0( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
					_t99 = GetDlgItem(_a4, 0x3e8);
					E004040D3(_t99);
					SendMessageA(_t99, 0x45b, 1, 0);
					_t86 =  *( *0x42f414 + 0x68);
					if(_t86 < 0) {
						_t86 = GetSysColor( ~_t86);
					}
					SendMessageA(_t99, 0x443, 0, _t86);
					SendMessageA(_t99, 0x445, 0, 0x4010000);
					SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
					 *0x42983c = 0;
					SendMessageA(_t99, 0x449, _a16,  &_v16);
					 *0x42983c = 0;
					return 0;
				}
			}




















                                                                                                                                                0x00404219
                                                                                                                                                0x0040432b
                                                                                                                                                0x0040433e
                                                                                                                                                0x0040439a
                                                                                                                                                0x0040439a
                                                                                                                                                0x0040439e
                                                                                                                                                0x00404464
                                                                                                                                                0x0040446b
                                                                                                                                                0x0040446d
                                                                                                                                                0x0040446d
                                                                                                                                                0x0040446d
                                                                                                                                                0x00404473
                                                                                                                                                0x00404473
                                                                                                                                                0x00404476
                                                                                                                                                0x00000000
                                                                                                                                                0x0040447d
                                                                                                                                                0x004043ac
                                                                                                                                                0x004043ae
                                                                                                                                                0x004043b1
                                                                                                                                                0x004043b8
                                                                                                                                                0x004043ba
                                                                                                                                                0x004043c1
                                                                                                                                                0x004043c3
                                                                                                                                                0x004043c6
                                                                                                                                                0x004043c9
                                                                                                                                                0x004043ce
                                                                                                                                                0x004043d4
                                                                                                                                                0x004043d7
                                                                                                                                                0x004043de
                                                                                                                                                0x004043ec
                                                                                                                                                0x00404404
                                                                                                                                                0x00404406
                                                                                                                                                0x0040440e
                                                                                                                                                0x0040441d
                                                                                                                                                0x0040441f
                                                                                                                                                0x0040441f
                                                                                                                                                0x004043de
                                                                                                                                                0x004043c1
                                                                                                                                                0x00404422
                                                                                                                                                0x00404429
                                                                                                                                                0x00000000
                                                                                                                                                0x0040442b
                                                                                                                                                0x0040442b
                                                                                                                                                0x00404432
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00404434
                                                                                                                                                0x00404438
                                                                                                                                                0x00404449
                                                                                                                                                0x00404449
                                                                                                                                                0x0040444b
                                                                                                                                                0x0040444f
                                                                                                                                                0x0040445d
                                                                                                                                                0x0040445d
                                                                                                                                                0x00000000
                                                                                                                                                0x00404461
                                                                                                                                                0x00404429
                                                                                                                                                0x00404346
                                                                                                                                                0x00404349
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00404351
                                                                                                                                                0x00404357
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040435d
                                                                                                                                                0x00404363
                                                                                                                                                0x00404363
                                                                                                                                                0x00404366
                                                                                                                                                0x00404369
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040438c
                                                                                                                                                0x0040438c
                                                                                                                                                0x0040438e
                                                                                                                                                0x00404390
                                                                                                                                                0x00404395
                                                                                                                                                0x00000000
                                                                                                                                                0x0040421f
                                                                                                                                                0x0040421f
                                                                                                                                                0x00404222
                                                                                                                                                0x00404227
                                                                                                                                                0x00404229
                                                                                                                                                0x00404238
                                                                                                                                                0x00404238
                                                                                                                                                0x0040423f
                                                                                                                                                0x00404242
                                                                                                                                                0x00404244
                                                                                                                                                0x00404249
                                                                                                                                                0x00404252
                                                                                                                                                0x00404258
                                                                                                                                                0x00404264
                                                                                                                                                0x00404267
                                                                                                                                                0x00404270
                                                                                                                                                0x00404275
                                                                                                                                                0x00404278
                                                                                                                                                0x0040427d
                                                                                                                                                0x00404294
                                                                                                                                                0x0040429b
                                                                                                                                                0x004042ae
                                                                                                                                                0x004042b1
                                                                                                                                                0x004042c6
                                                                                                                                                0x004042cd
                                                                                                                                                0x004042d2
                                                                                                                                                0x004042d7
                                                                                                                                                0x004042d7
                                                                                                                                                0x004042e6
                                                                                                                                                0x004042f5
                                                                                                                                                0x00404307
                                                                                                                                                0x0040430c
                                                                                                                                                0x0040431c
                                                                                                                                                0x0040431e
                                                                                                                                                0x00000000
                                                                                                                                                0x00404324

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                • String ID: N$P~s$Remove folder:
                                                                                                                                                • API String ID: 3103080414-3949996749
                                                                                                                                                • Opcode ID: 448c26d367fa4ce24fea73f86f3c1ebcb169a2680b3cc918c82a0762cc84cb42
                                                                                                                                                • Instruction ID: e1855738532d9be41fcebd9a9c4146cd0e241e622fdf0fb061f71f1fb699f553
                                                                                                                                                • Opcode Fuzzy Hash: 448c26d367fa4ce24fea73f86f3c1ebcb169a2680b3cc918c82a0762cc84cb42
                                                                                                                                                • Instruction Fuzzy Hash: 2661A4B1A40208BFDB109F61DD45F6A7B69FB84314F00803AFB057A1D1C7B8A952CF98
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 90%
                                                                                                                                                			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42f414;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "Wildix Integration Service v3.9.1 Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42f408;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                                                                                                                0x0040100a
                                                                                                                                                0x00401039
                                                                                                                                                0x00401047
                                                                                                                                                0x0040104d
                                                                                                                                                0x00401051
                                                                                                                                                0x0040105b
                                                                                                                                                0x00401061
                                                                                                                                                0x00401064
                                                                                                                                                0x004010f3
                                                                                                                                                0x00401089
                                                                                                                                                0x0040108c
                                                                                                                                                0x004010a6
                                                                                                                                                0x004010bd
                                                                                                                                                0x004010cc
                                                                                                                                                0x004010cf
                                                                                                                                                0x004010d5
                                                                                                                                                0x004010d9
                                                                                                                                                0x004010e4
                                                                                                                                                0x004010ed
                                                                                                                                                0x004010ef
                                                                                                                                                0x004010ef
                                                                                                                                                0x00401100
                                                                                                                                                0x00401105
                                                                                                                                                0x0040110d
                                                                                                                                                0x00401110
                                                                                                                                                0x00401112
                                                                                                                                                0x00401118
                                                                                                                                                0x0040111f
                                                                                                                                                0x00401126
                                                                                                                                                0x00401130
                                                                                                                                                0x00401142
                                                                                                                                                0x00401156
                                                                                                                                                0x00401160
                                                                                                                                                0x00401165
                                                                                                                                                0x00401165
                                                                                                                                                0x00401110
                                                                                                                                                0x0040116e
                                                                                                                                                0x00000000
                                                                                                                                                0x00401178
                                                                                                                                                0x00401010
                                                                                                                                                0x00401013
                                                                                                                                                0x00401015
                                                                                                                                                0x0040101f
                                                                                                                                                0x0040101f
                                                                                                                                                0x00000000

                                                                                                                                                APIs
                                                                                                                                                • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                • GetClientRect.USER32 ref: 0040105B
                                                                                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                • FillRect.USER32 ref: 004010E4
                                                                                                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                • DrawTextA.USER32(00000000,Wildix Integration Service v3.9.1 Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                • String ID: F$Wildix Integration Service v3.9.1 Setup
                                                                                                                                                • API String ID: 941294808-1273018411
                                                                                                                                                • Opcode ID: 7b2e9886d4a0a86190cfd2eb73994447d751dd60ad8b28ccd238e082d53d4ecc
                                                                                                                                                • Instruction ID: a83fe4be3842045fa55e49ef5e4516223b86fcdf0b70f1128ddfc4a40beffe79
                                                                                                                                                • Opcode Fuzzy Hash: 7b2e9886d4a0a86190cfd2eb73994447d751dd60ad8b28ccd238e082d53d4ecc
                                                                                                                                                • Instruction Fuzzy Hash: 48418C71400209AFCB058FA5DE459BF7BB9FF45314F00842EF9A1AA1A0C7749955DFA4
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00405C7F Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00405C7F(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				CHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x42c600 = 0x4c554e;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameA( *(_t52 + 0x1c), 0x42ca00, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x42c200, "%s=%s\r\n", 0x42c600, 0x42ca00);
						_t53 = _t52 + 0x10;
						E00406032(_t37, 0x400, 0x42ca00, 0x42ca00,  *((intOrPtr*)( *0x42f414 + 0x128)));
						_t12 = E00405BA9(0x42ca00, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405C21(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405B0E(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405B0E(_t38, _t21 + 0xa, 0x40a3b8);
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405B64(_t24 + _t46, 0x42c200, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405C50(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405BA9(_t44, 0, 1));
					_t12 = GetShortPathNameA(_t44, 0x42c600, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                                                                                                0x00405c7f
                                                                                                                                                0x00405c88
                                                                                                                                                0x00405c8f
                                                                                                                                                0x00405ca3
                                                                                                                                                0x00405ccb
                                                                                                                                                0x00405cd6
                                                                                                                                                0x00405cda
                                                                                                                                                0x00405cfa
                                                                                                                                                0x00405d01
                                                                                                                                                0x00405d0b
                                                                                                                                                0x00405d18
                                                                                                                                                0x00405d1d
                                                                                                                                                0x00405d22
                                                                                                                                                0x00405d26
                                                                                                                                                0x00405d35
                                                                                                                                                0x00405d37
                                                                                                                                                0x00405d44
                                                                                                                                                0x00405d48
                                                                                                                                                0x00405de3
                                                                                                                                                0x00000000
                                                                                                                                                0x00405d5e
                                                                                                                                                0x00405d6b
                                                                                                                                                0x00405d8f
                                                                                                                                                0x00405d93
                                                                                                                                                0x00405db2
                                                                                                                                                0x00405db6
                                                                                                                                                0x00405db6
                                                                                                                                                0x00405db8
                                                                                                                                                0x00405dc1
                                                                                                                                                0x00405dcc
                                                                                                                                                0x00405dd7
                                                                                                                                                0x00405ddd
                                                                                                                                                0x00000000
                                                                                                                                                0x00405ddd
                                                                                                                                                0x00405d95
                                                                                                                                                0x00405d98
                                                                                                                                                0x00405da3
                                                                                                                                                0x00405d9f
                                                                                                                                                0x00405da1
                                                                                                                                                0x00405da2
                                                                                                                                                0x00405da2
                                                                                                                                                0x00405daa
                                                                                                                                                0x00405dac
                                                                                                                                                0x00000000
                                                                                                                                                0x00405dac
                                                                                                                                                0x00405d76
                                                                                                                                                0x00405d7c
                                                                                                                                                0x00000000
                                                                                                                                                0x00405d7c
                                                                                                                                                0x00405d48
                                                                                                                                                0x00405d26
                                                                                                                                                0x00405ca5
                                                                                                                                                0x00405cb0
                                                                                                                                                0x00405cb9
                                                                                                                                                0x00405cbd
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405cbd
                                                                                                                                                0x00405dee

                                                                                                                                                APIs
                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00405E10,?,?), ref: 00405CB0
                                                                                                                                                • GetShortPathNameA.KERNEL32 ref: 00405CB9
                                                                                                                                                  • Part of subcall function 00405B0E: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B1E
                                                                                                                                                  • Part of subcall function 00405B0E: lstrlenA.KERNEL32(00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B50
                                                                                                                                                • GetShortPathNameA.KERNEL32 ref: 00405CD6
                                                                                                                                                • wsprintfA.USER32 ref: 00405CF4
                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,0042CA00,C0000000,00000004,0042CA00,?,?,?,?,?), ref: 00405D2F
                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405D3E
                                                                                                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D76
                                                                                                                                                • SetFilePointer.KERNEL32(0040A3B8,00000000,00000000,00000000,00000000,0042C200,00000000,-0000000A,0040A3B8,00000000,[Rename],00000000,00000000,00000000), ref: 00405DCC
                                                                                                                                                • GlobalFree.KERNEL32 ref: 00405DDD
                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405DE4
                                                                                                                                                  • Part of subcall function 00405BA9: GetFileAttributesA.KERNELBASE(00000003,00402E04,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405BAD
                                                                                                                                                  • Part of subcall function 00405BA9: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BCF
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                • String ID: %s=%s$[Rename]
                                                                                                                                                • API String ID: 2171350718-1727408572
                                                                                                                                                • Opcode ID: 9b3c869b6b1e82ddb45cfc6139009d55e6e06fb54681fa3ce92f21bb8c1168e1
                                                                                                                                                • Instruction ID: 5f10e72b046bb4c3808544f3b96a1b07f09bbbda3d3e46611c613b54f85f09c3
                                                                                                                                                • Opcode Fuzzy Hash: 9b3c869b6b1e82ddb45cfc6139009d55e6e06fb54681fa3ce92f21bb8c1168e1
                                                                                                                                                • Instruction Fuzzy Hash: F631F231600B15ABD2207BA59D4DFAB3A6CDF42754F14443BFA01F62D2DA7CE8058ABD
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0040627A Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E0040627A(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405A15(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004059D3("*?|<>/\":", _t5))) == 0) {
							E00405B64(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                                                0x0040627c
                                                                                                                                                0x00406284
                                                                                                                                                0x00406298
                                                                                                                                                0x00406298
                                                                                                                                                0x0040629e
                                                                                                                                                0x004062ab
                                                                                                                                                0x004062ab
                                                                                                                                                0x004062ac
                                                                                                                                                0x004062ae
                                                                                                                                                0x004062b2
                                                                                                                                                0x004062b4
                                                                                                                                                0x004062bd
                                                                                                                                                0x004062bf
                                                                                                                                                0x004062d9
                                                                                                                                                0x004062e1
                                                                                                                                                0x004062e1
                                                                                                                                                0x004062e6
                                                                                                                                                0x004062e8
                                                                                                                                                0x004062ea
                                                                                                                                                0x004062ee
                                                                                                                                                0x004062ef
                                                                                                                                                0x004062f2
                                                                                                                                                0x004062fa
                                                                                                                                                0x004062fc
                                                                                                                                                0x00406300
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00406306
                                                                                                                                                0x0040630b
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x0040630b
                                                                                                                                                0x00406310

                                                                                                                                                APIs
                                                                                                                                                • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SetupWIService.exe" ,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062D2
                                                                                                                                                • CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004062DF
                                                                                                                                                • CharNextA.USER32(?,"C:\Users\user\Desktop\SetupWIService.exe" ,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062E4
                                                                                                                                                • CharPrevA.USER32(?,?,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403246,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004062F4
                                                                                                                                                Strings
                                                                                                                                                • "C:\Users\user\Desktop\SetupWIService.exe" , xrefs: 004062B6
                                                                                                                                                • *?|<>/":, xrefs: 004062C2
                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 0040627B
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Char$Next$Prev
                                                                                                                                                • String ID: "C:\Users\user\Desktop\SetupWIService.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                • API String ID: 589700163-447923758
                                                                                                                                                • Opcode ID: a4ab23b94a56fbb4e4ab915d6a0181bd243ee2e30b5e95404a857257d08c8b81
                                                                                                                                                • Instruction ID: 6247d5b4c7038ff51e561e9c2f84ae45375c8bcee8d01d3c6d5c321a6abb2e6d
                                                                                                                                                • Opcode Fuzzy Hash: a4ab23b94a56fbb4e4ab915d6a0181bd243ee2e30b5e95404a857257d08c8b81
                                                                                                                                                • Instruction Fuzzy Hash: 2211E95180479029EB3226246C40BBB7F884F97751F1A00BFE8C2722C1C67C5C52867D
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00404105 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00404105(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                                                                                                0x00404117
                                                                                                                                                0x004041cd
                                                                                                                                                0x00000000
                                                                                                                                                0x004041cd
                                                                                                                                                0x00404128
                                                                                                                                                0x0040412c
                                                                                                                                                0x00000000
                                                                                                                                                0x00404146
                                                                                                                                                0x00404146
                                                                                                                                                0x0040414f
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00404151
                                                                                                                                                0x0040415d
                                                                                                                                                0x00404160
                                                                                                                                                0x00404160
                                                                                                                                                0x00404166
                                                                                                                                                0x0040416c
                                                                                                                                                0x0040416c
                                                                                                                                                0x00404178
                                                                                                                                                0x0040417e
                                                                                                                                                0x00404185
                                                                                                                                                0x00404188
                                                                                                                                                0x0040418b
                                                                                                                                                0x0040418d
                                                                                                                                                0x0040418d
                                                                                                                                                0x00404195
                                                                                                                                                0x0040419b
                                                                                                                                                0x0040419b
                                                                                                                                                0x004041a5
                                                                                                                                                0x004041aa
                                                                                                                                                0x004041ad
                                                                                                                                                0x004041b2
                                                                                                                                                0x004041b5
                                                                                                                                                0x004041b5
                                                                                                                                                0x004041c5
                                                                                                                                                0x004041c5
                                                                                                                                                0x00000000
                                                                                                                                                0x004041c8

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2320649405-0
                                                                                                                                                • Opcode ID: 2fd397ab70c88e7053abfa2b1889d7e6adf273714bf8f91ffd366fbe1d5efa4b
                                                                                                                                                • Instruction ID: 549509973aaa983cd2a57f184cdff44cbcc336d3318ba047a0b32752f088f93e
                                                                                                                                                • Opcode Fuzzy Hash: 2fd397ab70c88e7053abfa2b1889d7e6adf273714bf8f91ffd366fbe1d5efa4b
                                                                                                                                                • Instruction Fuzzy Hash: 7D2162715007049BCB219F68DD4CB5BBBF8AF91714B048A3EEA96A66E0C734E984CB54
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004049F1 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E004049F1(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                                                0x004049ff
                                                                                                                                                0x00404a0c
                                                                                                                                                0x00404a12
                                                                                                                                                0x00404a50
                                                                                                                                                0x00404a50
                                                                                                                                                0x00404a5f
                                                                                                                                                0x00404a66
                                                                                                                                                0x00000000
                                                                                                                                                0x00404a68
                                                                                                                                                0x00404a14
                                                                                                                                                0x00404a23
                                                                                                                                                0x00404a2b
                                                                                                                                                0x00404a2e
                                                                                                                                                0x00404a40
                                                                                                                                                0x00404a46
                                                                                                                                                0x00404a4d
                                                                                                                                                0x00000000
                                                                                                                                                0x00404a4d
                                                                                                                                                0x00000000

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Message$Send$ClientScreen
                                                                                                                                                • String ID: f
                                                                                                                                                • API String ID: 41195575-1993550816
                                                                                                                                                • Opcode ID: b233b2991907e98a40282691d164461162982266b543cde43f51771bab81e11a
                                                                                                                                                • Instruction ID: dd2724b276b0829887a11dc4f26b79c7971af77995a7330ace4ae867cc8e4813
                                                                                                                                                • Opcode Fuzzy Hash: b233b2991907e98a40282691d164461162982266b543cde43f51771bab81e11a
                                                                                                                                                • Instruction Fuzzy Hash: 4B018071940218BADB00DB94DD81BFEBBB8AF95711F10412BBA11B61C0C7B455018FA4
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00401DFF Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 73%
                                                                                                                                                			E00401DFF(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402B0A(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40b818->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40b828 = E00402B0A(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x24));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40b82f = 1;
				 *0x40b82c = _t15 & 0x00000001;
				 *0x40b82d = _t15 & 0x00000002;
				 *0x40b82e = _t15 & 0x00000004;
				E00406032(_t9, _t31, _t33, "MS Shell Dlg",  *((intOrPtr*)(_t35 - 0x30)));
				_t18 = CreateFontIndirectA(0x40b818);
				_push(_t18);
				_push(_t33);
				E00405F6E();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                                                                                                0x00401dff
                                                                                                                                                0x00401e0a
                                                                                                                                                0x00401e0c
                                                                                                                                                0x00401e19
                                                                                                                                                0x00401e30
                                                                                                                                                0x00401e35
                                                                                                                                                0x00401e42
                                                                                                                                                0x00401e47
                                                                                                                                                0x00401e4b
                                                                                                                                                0x00401e56
                                                                                                                                                0x00401e5d
                                                                                                                                                0x00401e6f
                                                                                                                                                0x00401e75
                                                                                                                                                0x00401e7a
                                                                                                                                                0x00401e84
                                                                                                                                                0x004025e4
                                                                                                                                                0x00401569
                                                                                                                                                0x00402960
                                                                                                                                                0x004029bb
                                                                                                                                                0x004029c7

                                                                                                                                                APIs
                                                                                                                                                • GetDC.USER32(?), ref: 00401E02
                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E1C
                                                                                                                                                • MulDiv.KERNEL32(00000000,00000000), ref: 00401E24
                                                                                                                                                • ReleaseDC.USER32 ref: 00401E35
                                                                                                                                                • CreateFontIndirectA.GDI32(0040B818), ref: 00401E84
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                • String ID: MS Shell Dlg
                                                                                                                                                • API String ID: 3808545654-76309092
                                                                                                                                                • Opcode ID: 1b1023e605a7569bd01593a01d84160b460a2ad04ac53f73906b90195a687a75
                                                                                                                                                • Instruction ID: a7e809a5f5c9b27870585acda152ffb90eb46fec6a88876af75f69e410eeec04
                                                                                                                                                • Opcode Fuzzy Hash: 1b1023e605a7569bd01593a01d84160b460a2ad04ac53f73906b90195a687a75
                                                                                                                                                • Instruction Fuzzy Hash: A6015672544240AFD7016B74AE4ABA93FB8EB59305F108839F141B61F2C7750505CB9C
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00402CDD Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00402CDD(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x41d420; // 0xb46984
					_t11 =  *0x42942c; // 0xb492b8
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                                                                                0x00402cea
                                                                                                                                                0x00402cf8
                                                                                                                                                0x00402cfe
                                                                                                                                                0x00402cfe
                                                                                                                                                0x00402d0c
                                                                                                                                                0x00402d0e
                                                                                                                                                0x00402d14
                                                                                                                                                0x00402d1b
                                                                                                                                                0x00402d1d
                                                                                                                                                0x00402d1d
                                                                                                                                                0x00402d33
                                                                                                                                                0x00402d43
                                                                                                                                                0x00402d55
                                                                                                                                                0x00402d55
                                                                                                                                                0x00402d5d

                                                                                                                                                APIs
                                                                                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402CF8
                                                                                                                                                • MulDiv.KERNEL32(00B46984,00000064,00B492B8), ref: 00402D23
                                                                                                                                                • wsprintfA.USER32 ref: 00402D33
                                                                                                                                                • SetWindowTextA.USER32(?,?), ref: 00402D43
                                                                                                                                                • SetDlgItemTextA.USER32 ref: 00402D55
                                                                                                                                                Strings
                                                                                                                                                • verifying installer: %d%%, xrefs: 00402D2D
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                • String ID: verifying installer: %d%%
                                                                                                                                                • API String ID: 1451636040-82062127
                                                                                                                                                • Opcode ID: f8f7fb574b01a37347c2b5a7030e5195f98b1542352a9ab3f35e70a1f9b9ac5a
                                                                                                                                                • Instruction ID: 025fba79a5afffe449226ec8edfc98a8674e121caf39d96b1da50a976b993c92
                                                                                                                                                • Opcode Fuzzy Hash: f8f7fb574b01a37347c2b5a7030e5195f98b1542352a9ab3f35e70a1f9b9ac5a
                                                                                                                                                • Instruction Fuzzy Hash: AA01FF71640209FBEF249F60DE49FAE37A9FB04345F008039FA06B61D0DBB599568F59
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004027A3 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                			E004027A3(int __ebx, void* __eflags) {
				void* _t26;
				long _t31;
				int _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0xc)) = 0xfffffd66;
				_t50 = E00402B2C(0xfffffff0);
				 *(_t56 - 0x4c) = _t23;
				if(E00405A15(_t50) == 0) {
					E00402B2C(0xffffffed);
				}
				E00405B84(_t50);
				_t26 = E00405BA9(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x42f418;
					 *(_t56 - 0x1c) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E00403223(_t45);
						E0040320D(_t49,  *(_t56 - 0x1c));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x2c));
						 *(_t56 - 0x10) = _t54;
						if(_t54 != _t45) {
							E00402FFB( *((intOrPtr*)(_t56 - 0x30)), _t45, _t54,  *(_t56 - 0x2c));
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x48) =  *_t54;
								E00405B64( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x48);
							}
							GlobalFree( *(_t56 - 0x10));
						}
						E00405C50( *(_t56 + 8), _t49,  *(_t56 - 0x1c));
						GlobalFree(_t49);
						 *((intOrPtr*)(_t56 - 0xc)) = E00402FFB(0xffffffff,  *(_t56 + 8), _t45, _t45);
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0xc)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileA( *(_t56 - 0x4c));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











                                                                                                                                                0x004027a3
                                                                                                                                                0x004027a5
                                                                                                                                                0x004027b1
                                                                                                                                                0x004027b4
                                                                                                                                                0x004027be
                                                                                                                                                0x004027c2
                                                                                                                                                0x004027c2
                                                                                                                                                0x004027c8
                                                                                                                                                0x004027d5
                                                                                                                                                0x004027dd
                                                                                                                                                0x004027e0
                                                                                                                                                0x004027e6
                                                                                                                                                0x004027f4
                                                                                                                                                0x004027f9
                                                                                                                                                0x004027fd
                                                                                                                                                0x00402800
                                                                                                                                                0x00402809
                                                                                                                                                0x00402815
                                                                                                                                                0x00402819
                                                                                                                                                0x0040281c
                                                                                                                                                0x00402826
                                                                                                                                                0x00402845
                                                                                                                                                0x0040282d
                                                                                                                                                0x00402832
                                                                                                                                                0x0040283a
                                                                                                                                                0x0040283d
                                                                                                                                                0x00402842
                                                                                                                                                0x00402842
                                                                                                                                                0x0040284c
                                                                                                                                                0x0040284c
                                                                                                                                                0x00402859
                                                                                                                                                0x0040285f
                                                                                                                                                0x00402871
                                                                                                                                                0x00402871
                                                                                                                                                0x00402877
                                                                                                                                                0x00402877
                                                                                                                                                0x00402882
                                                                                                                                                0x00402883
                                                                                                                                                0x00402887
                                                                                                                                                0x0040288b
                                                                                                                                                0x00402891
                                                                                                                                                0x00402891
                                                                                                                                                0x00402898
                                                                                                                                                0x004022a4
                                                                                                                                                0x004029bb
                                                                                                                                                0x004029c7

                                                                                                                                                APIs
                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004027F7
                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402813
                                                                                                                                                • GlobalFree.KERNEL32 ref: 0040284C
                                                                                                                                                • GlobalFree.KERNEL32 ref: 0040285F
                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402877
                                                                                                                                                • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040288B
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2667972263-0
                                                                                                                                                • Opcode ID: e2abfc661fdad60ed62e4d13aa7f6330b0c962e7e251a67214f8a8b653a914c8
                                                                                                                                                • Instruction ID: 78559feecc0fcc9b474bd36237e9e6194516f5e07b3510cecd676cf0fe7807ca
                                                                                                                                                • Opcode Fuzzy Hash: e2abfc661fdad60ed62e4d13aa7f6330b0c962e7e251a67214f8a8b653a914c8
                                                                                                                                                • Instruction Fuzzy Hash: A4217C72C00224ABCF217FA5CD49DAE7F79EF09364B10823AF520762E1CA7959419F98
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004048E7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 77%
                                                                                                                                                			E004048E7(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00406032(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00406032(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00406032(_t41, _t47, 0x42a870, 0x42a870, _a8);
				wsprintfA(_t32 + lstrlenA(0x42a870), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x42ebd8, _a4, 0x42a870);
			}



















                                                                                                                                                0x004048ed
                                                                                                                                                0x004048f2
                                                                                                                                                0x004048fa
                                                                                                                                                0x004048fb
                                                                                                                                                0x00404908
                                                                                                                                                0x00404910
                                                                                                                                                0x00404911
                                                                                                                                                0x00404913
                                                                                                                                                0x00404915
                                                                                                                                                0x00404917
                                                                                                                                                0x0040491a
                                                                                                                                                0x0040491a
                                                                                                                                                0x00404921
                                                                                                                                                0x00404927
                                                                                                                                                0x00404927
                                                                                                                                                0x0040492e
                                                                                                                                                0x00404935
                                                                                                                                                0x00404938
                                                                                                                                                0x0040493b
                                                                                                                                                0x0040493b
                                                                                                                                                0x0040493f
                                                                                                                                                0x0040494f
                                                                                                                                                0x00404951
                                                                                                                                                0x00404954
                                                                                                                                                0x004048fd
                                                                                                                                                0x004048fd
                                                                                                                                                0x00404904
                                                                                                                                                0x00404904
                                                                                                                                                0x0040495c
                                                                                                                                                0x00404967
                                                                                                                                                0x0040497d
                                                                                                                                                0x0040498d
                                                                                                                                                0x004049a9

                                                                                                                                                APIs
                                                                                                                                                • lstrlenA.KERNEL32(Wildix Integration Service v3.9.1 Setup ,Wildix Integration Service v3.9.1 Setup ,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404802,000000DF,00000000,00000400,?), ref: 00404985
                                                                                                                                                • wsprintfA.USER32 ref: 0040498D
                                                                                                                                                • SetDlgItemTextA.USER32 ref: 004049A0
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                • String ID: %u.%u%s%s$Wildix Integration Service v3.9.1 Setup
                                                                                                                                                • API String ID: 3540041739-2834737453
                                                                                                                                                • Opcode ID: b480e4054804026cb8092954fbfd1b724af8f69113b010ed1631aad44992e00a
                                                                                                                                                • Instruction ID: e3696489e73bdb8ba2be03c53b0d6a47c9a41464d55e6eab91935fd2637341d8
                                                                                                                                                • Opcode Fuzzy Hash: b480e4054804026cb8092954fbfd1b724af8f69113b010ed1631aad44992e00a
                                                                                                                                                • Instruction Fuzzy Hash: 0E11E473A441286BDB10A57D9C41EAF329CDB85374F254237FA26F31D1E978CC2282A9
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004059A8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E004059A8(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x40a014);
				}
				return _t7;
			}




                                                                                                                                                0x004059a9
                                                                                                                                                0x004059c0
                                                                                                                                                0x004059c8
                                                                                                                                                0x004059c8
                                                                                                                                                0x004059d0

                                                                                                                                                APIs
                                                                                                                                                • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403258,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004059AE
                                                                                                                                                • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403258,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040347D,?,00000006,00000008,0000000A), ref: 004059B7
                                                                                                                                                • lstrcatA.KERNEL32(?,0040A014,?,00000006,00000008,0000000A), ref: 004059C8
                                                                                                                                                Strings
                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 004059A8
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                • API String ID: 2659869361-3916508600
                                                                                                                                                • Opcode ID: dfed55a16eab86d89f3af7970decdd3a6c9dbbcd65d2cf450bad9cf681275afb
                                                                                                                                                • Instruction ID: 62df29c05e3eff7e61c48a1ee3c1863d20e1198667f6a1bd608fcc747cda2104
                                                                                                                                                • Opcode Fuzzy Hash: dfed55a16eab86d89f3af7970decdd3a6c9dbbcd65d2cf450bad9cf681275afb
                                                                                                                                                • Instruction Fuzzy Hash: 90D0A9B2211A30BAE20266259E09ECF2E088F06310B060037F200B21A1CA3D0D1287FE
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00405A41 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00405A41(CHAR* _a4) {
				CHAR* _t5;
				char* _t7;
				CHAR* _t9;
				char _t10;
				CHAR* _t11;
				void* _t13;

				_t11 = _a4;
				_t9 = CharNextA(_t11);
				_t5 = CharNextA(_t9);
				_t10 =  *_t11;
				if(_t10 == 0 ||  *_t9 != 0x3a || _t9[1] != 0x5c) {
					if(_t10 != 0x5c || _t11[1] != _t10) {
						L10:
						return 0;
					} else {
						_t13 = 2;
						while(1) {
							_t13 = _t13 - 1;
							_t7 = E004059D3(_t5, 0x5c);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 1;
							if(_t13 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextA(_t5);
				}
			}









                                                                                                                                                0x00405a4a
                                                                                                                                                0x00405a51
                                                                                                                                                0x00405a54
                                                                                                                                                0x00405a56
                                                                                                                                                0x00405a5a
                                                                                                                                                0x00405a6f
                                                                                                                                                0x00405a8e
                                                                                                                                                0x00000000
                                                                                                                                                0x00405a76
                                                                                                                                                0x00405a78
                                                                                                                                                0x00405a79
                                                                                                                                                0x00405a7c
                                                                                                                                                0x00405a7d
                                                                                                                                                0x00405a85
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405a87
                                                                                                                                                0x00405a8a
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405a8a
                                                                                                                                                0x00000000
                                                                                                                                                0x00405a79
                                                                                                                                                0x00405a67
                                                                                                                                                0x00000000
                                                                                                                                                0x00405a68

                                                                                                                                                APIs
                                                                                                                                                • CharNextA.USER32(?,?,C:\,?,00405AAD,C:\,C:\,74D0FA90,?,C:\Users\user\AppData\Local\Temp\,004057F8,?,74D0FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A4F
                                                                                                                                                • CharNextA.USER32(00000000), ref: 00405A54
                                                                                                                                                • CharNextA.USER32(00000000), ref: 00405A68
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CharNext
                                                                                                                                                • String ID: C:\
                                                                                                                                                • API String ID: 3213498283-3404278061
                                                                                                                                                • Opcode ID: b0e8f5e89ebadb76a027bec09a8a2b8523dc58ec169e45d2c78276560c1d622b
                                                                                                                                                • Instruction ID: 984e8433726efb403dd44e64a223cc5f2fc3fa985c42d0e1b55ccc4b068145f6
                                                                                                                                                • Opcode Fuzzy Hash: b0e8f5e89ebadb76a027bec09a8a2b8523dc58ec169e45d2c78276560c1d622b
                                                                                                                                                • Instruction Fuzzy Hash: F9F06251B04F656AFB2292744C94B7B5B8CCB55361F184667D980662C282784C418FAA
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00402D60 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00402D60(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x429428; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x42f410;
						if(_t2 >  *0x42f410) {
							_t3 = CreateDialogParamA( *0x42f400, 0x6f, 0, E00402CDD, 0);
							 *0x429428 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E004063E4(0);
					}
				} else {
					_t6 =  *0x429428; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x429428 = 0;
					return _t6;
				}
			}






                                                                                                                                                0x00402d67
                                                                                                                                                0x00402d81
                                                                                                                                                0x00402d87
                                                                                                                                                0x00402d91
                                                                                                                                                0x00402d97
                                                                                                                                                0x00402d9d
                                                                                                                                                0x00402dae
                                                                                                                                                0x00402db7
                                                                                                                                                0x00000000
                                                                                                                                                0x00402dbc
                                                                                                                                                0x00402dc3
                                                                                                                                                0x00402d89
                                                                                                                                                0x00402d90
                                                                                                                                                0x00402d90
                                                                                                                                                0x00402d69
                                                                                                                                                0x00402d69
                                                                                                                                                0x00402d70
                                                                                                                                                0x00402d73
                                                                                                                                                0x00402d73
                                                                                                                                                0x00402d79
                                                                                                                                                0x00402d80
                                                                                                                                                0x00402d80

                                                                                                                                                APIs
                                                                                                                                                • DestroyWindow.USER32(00000000,00000000,00402F3E,00000001), ref: 00402D73
                                                                                                                                                • GetTickCount.KERNEL32 ref: 00402D91
                                                                                                                                                • CreateDialogParamA.USER32(0000006F,00000000,00402CDD,00000000), ref: 00402DAE
                                                                                                                                                • ShowWindow.USER32(00000000,00000005), ref: 00402DBC
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2102729457-0
                                                                                                                                                • Opcode ID: 92830607251259d7b21fa7f6a4b037c479e5f1f9739c9a057c3e932900ba9aab
                                                                                                                                                • Instruction ID: 761b86bf19c83071f88326f4280a43ff42c19d235faedd25f12e3078a496723d
                                                                                                                                                • Opcode Fuzzy Hash: 92830607251259d7b21fa7f6a4b037c479e5f1f9739c9a057c3e932900ba9aab
                                                                                                                                                • Instruction Fuzzy Hash: 62F0F431A05621ABC6217B64BE4C9DF7A64BB04B11B51047AF545B22E4DB744C878BAC
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004050AB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 91%
                                                                                                                                                			E004050AB(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t11;
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					__eflags = _t15 - 0x200;
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						__eflags = _t15 - 0x419;
						if(_t15 == 0x419) {
							__eflags =  *0x42a85c - _t16; // 0x0
							if(__eflags != 0) {
								_push(_t16);
								_push(6);
								 *0x42a85c = _t16;
								E00404A71();
							}
						}
						L11:
						return CallWindowProcA( *0x42a864, _a4, _t15, _a12, _t16);
					}
					_t11 = IsWindowVisible(_a4);
					__eflags = _t11;
					if(_t11 == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E004049F1(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 == 0x20) {
					E004040EA(0x413);
					return 0;
				}
				goto L10;
			}






                                                                                                                                                0x004050af
                                                                                                                                                0x004050b9
                                                                                                                                                0x004050cf
                                                                                                                                                0x004050d5
                                                                                                                                                0x004050f7
                                                                                                                                                0x004050fa
                                                                                                                                                0x004050fa
                                                                                                                                                0x00405100
                                                                                                                                                0x00405102
                                                                                                                                                0x00405108
                                                                                                                                                0x0040510a
                                                                                                                                                0x0040510b
                                                                                                                                                0x0040510d
                                                                                                                                                0x00405113
                                                                                                                                                0x00405113
                                                                                                                                                0x00405108
                                                                                                                                                0x0040511d
                                                                                                                                                0x00000000
                                                                                                                                                0x0040512b
                                                                                                                                                0x004050da
                                                                                                                                                0x004050e0
                                                                                                                                                0x004050e2
                                                                                                                                                0x0040511a
                                                                                                                                                0x0040511a
                                                                                                                                                0x00000000
                                                                                                                                                0x0040511a
                                                                                                                                                0x004050ee
                                                                                                                                                0x004050f0
                                                                                                                                                0x00000000
                                                                                                                                                0x004050f0
                                                                                                                                                0x004050bf
                                                                                                                                                0x004050c6
                                                                                                                                                0x00000000
                                                                                                                                                0x004050cb
                                                                                                                                                0x00000000

                                                                                                                                                APIs
                                                                                                                                                • IsWindowVisible.USER32(?), ref: 004050DA
                                                                                                                                                • CallWindowProcA.USER32 ref: 0040512B
                                                                                                                                                  • Part of subcall function 004040EA: SendMessageA.USER32 ref: 004040FC
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3748168415-3916222277
                                                                                                                                                • Opcode ID: e888eab98be9719f5677808cf14d784dfa63dd3181dd39c0deeb7150e6d77b2f
                                                                                                                                                • Instruction ID: 77e6a5b3f6bfc6627eb61d09ca0671ae0e6a579f7b3ef645513b94fc1d41cd39
                                                                                                                                                • Opcode Fuzzy Hash: e888eab98be9719f5677808cf14d784dfa63dd3181dd39c0deeb7150e6d77b2f
                                                                                                                                                • Instruction Fuzzy Hash: FD017171600648ABDF206F11DD81A5B3B65EB84750F144036FA417A1D2D73A8C629F6E
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 004059EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E004059EF(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                                                                                0x004059f0
                                                                                                                                                0x004059fa
                                                                                                                                                0x004059fc
                                                                                                                                                0x00405a03
                                                                                                                                                0x00405a0b
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00000000
                                                                                                                                                0x00405a0b
                                                                                                                                                0x00405a0d
                                                                                                                                                0x00405a12

                                                                                                                                                APIs
                                                                                                                                                • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402E30,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SetupWIService.exe,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 004059F5
                                                                                                                                                • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402E30,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SetupWIService.exe,C:\Users\user\Desktop\SetupWIService.exe,80000000,00000003), ref: 00405A03
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CharPrevlstrlen
                                                                                                                                                • String ID: C:\Users\user\Desktop
                                                                                                                                                • API String ID: 2709904686-1669384263
                                                                                                                                                • Opcode ID: 4402843b33e5109e67992b99d0281bb7e81fac819ebae0ac34b6d7d52c4d849b
                                                                                                                                                • Instruction ID: 7185998fb8cc4c4ccda179d560b4c8302004e2739ffdff7e1043df3a51136750
                                                                                                                                                • Opcode Fuzzy Hash: 4402843b33e5109e67992b99d0281bb7e81fac819ebae0ac34b6d7d52c4d849b
                                                                                                                                                • Instruction Fuzzy Hash: E6D0C7B3519DB06EE30392549D04B9F6A48DF16710F094566E181A6195C6784D424BED
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00405B0E Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00405B0E(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                                                                                                0x00405b1e
                                                                                                                                                0x00405b20
                                                                                                                                                0x00405b23
                                                                                                                                                0x00405b4f
                                                                                                                                                0x00405b28
                                                                                                                                                0x00405b31
                                                                                                                                                0x00405b36
                                                                                                                                                0x00405b41
                                                                                                                                                0x00405b44
                                                                                                                                                0x00405b60
                                                                                                                                                0x00405b46
                                                                                                                                                0x00405b4d
                                                                                                                                                0x00000000
                                                                                                                                                0x00405b4d
                                                                                                                                                0x00405b59
                                                                                                                                                0x00405b5d
                                                                                                                                                0x00405b5d
                                                                                                                                                0x00405b57
                                                                                                                                                0x00000000

                                                                                                                                                APIs
                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B1E
                                                                                                                                                • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B36
                                                                                                                                                • CharNextA.USER32(00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B47
                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00405D69,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B50
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.509249342.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.509222058.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509292298.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509371238.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509543456.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509600922.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.509630839.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_SetupWIService.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 190613189-0
                                                                                                                                                • Opcode ID: dddc0b46adaff912d9c321cf48e41736a02eed0190ef2a74250491e495455120
                                                                                                                                                • Instruction ID: 0197496b5d832c36441f5dd9a15c5c44ab4bce902fcb82863052ee0cfca36748
                                                                                                                                                • Opcode Fuzzy Hash: dddc0b46adaff912d9c321cf48e41736a02eed0190ef2a74250491e495455120
                                                                                                                                                • Instruction Fuzzy Hash: C9F0C231600418BFC7029BA5DD00D9EBBB8DF06250B2540BAE840F7210D634FE019BA8
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Execution Graph

                                                                                                                                                Execution Coverage:4.7%
                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                Signature Coverage:0.5%
                                                                                                                                                Total number of Nodes:1447
                                                                                                                                                Total number of Limit Nodes:17
                                                                                                                                                execution_graph 16463 7ffc1fd15a7c InitializeCriticalSectionAndSpinCount GetModuleHandleW 16464 7ffc1fd15aad GetModuleHandleW 16463->16464 16465 7ffc1fd15ac2 GetProcAddress GetProcAddress 16463->16465 16464->16465 16466 7ffc1fd15b41 16464->16466 16467 7ffc1fd15aff CreateEventW 16465->16467 16468 7ffc1fd15aea 16465->16468 16485 7ffc1fd16758 IsProcessorFeaturePresent 16466->16485 16467->16466 16470 7ffc1fd15aef 16467->16470 16468->16467 16468->16470 16477 7ffc1fd158b4 16470->16477 16471 7ffc1fd15b4b DeleteCriticalSection 16473 7ffc1fd15b6f 16471->16473 16474 7ffc1fd15b69 CloseHandle 16471->16474 16474->16473 16476 7ffc1fd15b28 shared_ptr 16478 7ffc1fd158c5 16477->16478 16482 7ffc1fd158f7 16477->16482 16479 7ffc1fd15934 16478->16479 16483 7ffc1fd158ca __scrt_release_startup_lock 16478->16483 16480 7ffc1fd16758 9 API calls 16479->16480 16481 7ffc1fd1593e 16480->16481 16482->16466 16482->16476 16483->16482 16484 7ffc1fd158e7 _initialize_onexit_table 16483->16484 16484->16482 16486 7ffc1fd1677e 16485->16486 16487 7ffc1fd1678c memset RtlCaptureContext RtlLookupFunctionEntry 16486->16487 16488 7ffc1fd16802 memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16487->16488 16489 7ffc1fd167c6 RtlVirtualUnwind 16487->16489 16490 7ffc1fd16886 16488->16490 16489->16488 16490->16471 16491 7ffc1fd27b10 16492 7ffc1fd27b2a 16491->16492 16495 7ffc1fcf5460 16492->16495 16496 7ffc1fcf54e0 16495->16496 16496->16496 16513 7ffc1fcf49b0 16496->16513 16503 7ffc1fcf559a 16505 7ffc1fcf55e1 16503->16505 16509 7ffc1fcf55dc 16503->16509 16511 7ffc1fcf55d5 _invalid_parameter_noinfo_noreturn 16503->16511 16504 7ffc1fcf5595 16550 7ffc1fd156e4 16504->16550 16553 7ffc1fd15e20 16505->16553 16507 7ffc1fcf558e _invalid_parameter_noinfo_noreturn 16507->16504 16512 7ffc1fd156e4 ISource free 16509->16512 16511->16509 16512->16505 16562 7ffc1fcf3fd0 16513->16562 16516 7ffc1fd156e4 ISource free 16517 7ffc1fcf4a5e 16516->16517 16518 7ffc1fcf9100 7 API calls 16517->16518 16519 7ffc1fcf4a80 16518->16519 16520 7ffc1fcf4ac3 16519->16520 16521 7ffc1fcf4abe 16519->16521 16524 7ffc1fcf4ab7 _invalid_parameter_noinfo_noreturn 16519->16524 16522 7ffc1fd15e20 _Receive_impl 8 API calls 16520->16522 16525 7ffc1fd156e4 ISource free 16521->16525 16523 7ffc1fcf4ad5 16522->16523 16526 7ffc1fcf9100 16523->16526 16524->16521 16525->16520 16527 7ffc1fcf9124 memmove 16526->16527 16530 7ffc1fcf9145 16526->16530 16542 7ffc1fcf553e 16527->16542 16529 7ffc1fcf9251 Concurrency::cancel_current_task 16530->16529 16531 7ffc1fcf91c9 16530->16531 16532 7ffc1fcf9194 16530->16532 16536 7ffc1fcf91a1 16530->16536 16534 7ffc1fcf91db 16531->16534 16535 7ffc1fcf91ce 16531->16535 16532->16529 16532->16536 16538 7ffc1fcf91de memmove 16534->16538 16537 7ffc1fd156a8 std::_Facet_Register 3 API calls 16535->16537 16729 7ffc1fd156a8 16536->16729 16540 7ffc1fcf91b2 16537->16540 16541 7ffc1fcf91ff 16538->16541 16538->16542 16539 7ffc1fcf924a _invalid_parameter_noinfo_noreturn 16539->16529 16540->16538 16540->16539 16541->16539 16543 7ffc1fcf9224 16541->16543 16545 7ffc1fd0e5b0 16542->16545 16544 7ffc1fd156e4 ISource free 16543->16544 16544->16542 16736 7ffc1fd0d5c0 16545->16736 16547 7ffc1fd0e5d4 16745 7ffc1fd0e600 16547->16745 16549 7ffc1fcf5556 16549->16503 16549->16504 16549->16507 16550->16503 16551 7ffc1fd16590 free 16550->16551 16551->16503 16554 7ffc1fd15e29 16553->16554 16555 7ffc1fcf55f2 SetLastError 16554->16555 16556 7ffc1fd15f04 IsProcessorFeaturePresent 16554->16556 16557 7ffc1fd15f1c 16556->16557 17820 7ffc1fd15fd8 RtlCaptureContext 16557->17820 16563 7ffc1fcf45ce 16562->16563 16579 7ffc1fcf4012 16562->16579 16564 7ffc1fd15e20 _Receive_impl 8 API calls 16563->16564 16566 7ffc1fcf4614 16564->16566 16565 7ffc1fcf403c memchr 16567 7ffc1fcf45be 16565->16567 16565->16579 16566->16516 16620 7ffc1fcf8c80 16567->16620 16568 7ffc1fcf4065 memchr 16568->16579 16569 7ffc1fcf43c3 16629 7ffc1fd150c0 16569->16629 16571 7ffc1fcf4140 memmove 16571->16579 16573 7ffc1fcf40d3 memmove 16574 7ffc1fcf40de memchr 16573->16574 16574->16579 16576 7ffc1fd150c0 __std_exception_copy _CxxThrowException 16576->16579 16577 7ffc1fcf2960 __std_exception_copy _CxxThrowException 16577->16579 16579->16563 16579->16565 16579->16568 16579->16569 16579->16571 16579->16573 16579->16574 16579->16576 16579->16577 16580 7ffc1fcf4af0 8 API calls 16579->16580 16581 7ffc1fcf8ee0 16579->16581 16589 7ffc1fcf3cc0 16579->16589 16580->16579 16582 7ffc1fcf8f0c 16581->16582 16587 7ffc1fcf8f4e 16581->16587 16633 7ffc1fd156ec 16582->16633 16584 7ffc1fcf90aa 16586 7ffc1fd150c0 2 API calls 16584->16586 16588 7ffc1fcf90c8 16584->16588 16585 7ffc1fcf9070 memcmp 16585->16587 16586->16588 16587->16584 16587->16585 16588->16579 16590 7ffc1fcf3cd7 16589->16590 16610 7ffc1fcf3e9d 16589->16610 16590->16610 16646 7ffc1fcf3510 16590->16646 16593 7ffc1fcf3d33 16595 7ffc1fcf9260 2 API calls 16593->16595 16594 7ffc1fcf3cfd 16596 7ffc1fcf3d01 16594->16596 16597 7ffc1fcf3d1c 16594->16597 16599 7ffc1fcf3d0e 16595->16599 16596->16599 16657 7ffc1fcf9260 16596->16657 16598 7ffc1fcf9260 2 API calls 16597->16598 16598->16599 16600 7ffc1fcf3d7a 16599->16600 16602 7ffc1fcf3dce 16599->16602 16605 7ffc1fd150c0 2 API calls 16599->16605 16600->16602 16603 7ffc1fcf3db0 16600->16603 16606 7ffc1fd150c0 2 API calls 16600->16606 16602->16579 16603->16602 16604 7ffc1fcf3e4a 16603->16604 16609 7ffc1fcf3df5 16603->16609 16607 7ffc1fcf3e6c 16604->16607 16613 7ffc1fcf3e43 16604->16613 16663 7ffc1fcf3900 16604->16663 16605->16600 16606->16603 16608 7ffc1fd150c0 2 API calls 16607->16608 16607->16613 16608->16613 16612 7ffc1fd150c0 2 API calls 16609->16612 16609->16613 16610->16579 16612->16613 16613->16610 16614 7ffc1fcf3f32 16613->16614 16618 7ffc1fcf3ed7 16613->16618 16619 7ffc1fcf3f29 16613->16619 16614->16619 16687 7ffc1fcf36c0 16614->16687 16615 7ffc1fd150c0 2 API calls 16615->16610 16616 7ffc1fd150c0 2 API calls 16616->16619 16618->16616 16618->16619 16619->16610 16619->16615 16621 7ffc1fcf8c89 memchr 16620->16621 16622 7ffc1fcf8d54 16620->16622 16623 7ffc1fcf8d02 16621->16623 16626 7ffc1fcf8cb7 16621->16626 16622->16563 16623->16622 16624 7ffc1fcf8d49 memmove 16623->16624 16624->16622 16625 7ffc1fcf8d66 16626->16625 16724 7ffc1fcfba30 16626->16724 16630 7ffc1fd150f1 16629->16630 16728 7ffc1fcf8980 __std_exception_copy 16630->16728 16632 7ffc1fd15116 _CxxThrowException 16636 7ffc1fd156a8 16633->16636 16634 7ffc1fd156c2 malloc 16635 7ffc1fd156cc 16634->16635 16634->16636 16635->16587 16636->16634 16637 7ffc1fd156d2 16636->16637 16638 7ffc1fd156dd Concurrency::cancel_current_task 16637->16638 16640 7ffc1fd16570 16637->16640 16645 7ffc1fd16550 16640->16645 16642 7ffc1fd1657e _CxxThrowException 16643 7ffc1fd16590 free 16642->16643 16643->16638 16645->16642 16647 7ffc1fcf3537 16646->16647 16648 7ffc1fcf35b8 16647->16648 16649 7ffc1fcf359f 16647->16649 16650 7ffc1fcf35b6 16647->16650 16653 7ffc1fcf35cf 16647->16653 16652 7ffc1fcf364c __std_exception_copy 16648->16652 16648->16653 16651 7ffc1fd150c0 2 API calls 16649->16651 16650->16593 16650->16594 16650->16610 16651->16650 16711 7ffc1fcf8980 __std_exception_copy 16652->16711 16653->16650 16655 7ffc1fd150c0 2 API calls 16653->16655 16655->16650 16656 7ffc1fcf36a5 _CxxThrowException 16658 7ffc1fcf9274 16657->16658 16659 7ffc1fcf928b 16657->16659 16660 7ffc1fd150c0 2 API calls 16658->16660 16661 7ffc1fcf92bc 16659->16661 16662 7ffc1fd150c0 2 API calls 16659->16662 16660->16659 16661->16599 16662->16661 16664 7ffc1fcf3932 16663->16664 16665 7ffc1fcf3abd 16663->16665 16664->16665 16667 7ffc1fcf393c 16664->16667 16666 7ffc1fcf3acb 16665->16666 16668 7ffc1fd150c0 2 API calls 16665->16668 16672 7ffc1fcf2960 2 API calls 16666->16672 16669 7ffc1fcf3948 16667->16669 16670 7ffc1fcf3a1c 16667->16670 16668->16666 16674 7ffc1fd150c0 2 API calls 16669->16674 16679 7ffc1fcf399d 16669->16679 16671 7ffc1fcf3a02 16670->16671 16685 7ffc1fcf3a36 16670->16685 16673 7ffc1fd150c0 2 API calls 16671->16673 16686 7ffc1fcf39e7 16672->16686 16675 7ffc1fcf3a17 16673->16675 16674->16679 16675->16607 16676 7ffc1fcf39b2 16680 7ffc1fcf39ce 16676->16680 16682 7ffc1fd150c0 2 API calls 16676->16682 16677 7ffc1fcf2af0 2 API calls 16677->16675 16678 7ffc1fcf8ee0 6 API calls 16681 7ffc1fcf3a92 16678->16681 16679->16671 16679->16676 16712 7ffc1fcf2960 16680->16712 16716 7ffc1fcf2af0 16681->16716 16682->16680 16685->16678 16686->16677 16688 7ffc1fcf36f2 16687->16688 16689 7ffc1fcf387e 16687->16689 16688->16689 16691 7ffc1fcf36fc 16688->16691 16690 7ffc1fcf388c 16689->16690 16692 7ffc1fd150c0 2 API calls 16689->16692 16696 7ffc1fcf2960 2 API calls 16690->16696 16693 7ffc1fcf3708 16691->16693 16694 7ffc1fcf37dc 16691->16694 16692->16690 16698 7ffc1fd150c0 2 API calls 16693->16698 16702 7ffc1fcf375d 16693->16702 16695 7ffc1fcf37c2 16694->16695 16708 7ffc1fcf37f6 16694->16708 16697 7ffc1fd150c0 2 API calls 16695->16697 16710 7ffc1fcf37a7 16696->16710 16699 7ffc1fcf37d7 16697->16699 16698->16702 16699->16619 16700 7ffc1fcf3772 16703 7ffc1fcf378e 16700->16703 16706 7ffc1fd150c0 2 API calls 16700->16706 16701 7ffc1fcf2a20 2 API calls 16701->16699 16702->16695 16702->16700 16709 7ffc1fcf2960 2 API calls 16703->16709 16704 7ffc1fcf8ee0 6 API calls 16705 7ffc1fcf3852 16704->16705 16720 7ffc1fcf2a20 16705->16720 16706->16703 16708->16704 16709->16710 16710->16701 16711->16656 16714 7ffc1fcf297c 16712->16714 16713 7ffc1fcf2a09 16713->16686 16714->16713 16715 7ffc1fd150c0 2 API calls 16714->16715 16715->16713 16717 7ffc1fcf2b04 16716->16717 16718 7ffc1fd150c0 2 API calls 16717->16718 16719 7ffc1fcf2b76 16718->16719 16719->16675 16721 7ffc1fcf2a34 16720->16721 16722 7ffc1fd150c0 2 API calls 16721->16722 16723 7ffc1fcf2aa6 16722->16723 16723->16699 16725 7ffc1fcfba66 16724->16725 16726 7ffc1fcfba81 memmove 16725->16726 16727 7ffc1fcf8ce3 memchr 16725->16727 16726->16727 16727->16623 16727->16626 16728->16632 16730 7ffc1fd156c2 malloc 16729->16730 16731 7ffc1fd156cc 16730->16731 16732 7ffc1fd156b3 16730->16732 16731->16540 16732->16730 16733 7ffc1fd156d2 16732->16733 16734 7ffc1fd156dd Concurrency::cancel_current_task 16733->16734 16735 7ffc1fd16570 Concurrency::cancel_current_task 2 API calls 16733->16735 16735->16734 16737 7ffc1fd0d5f6 16736->16737 16738 7ffc1fd0d5e9 16736->16738 16858 7ffc1fd15c04 EnterCriticalSection 16737->16858 16738->16547 16740 7ffc1fd0d602 16740->16738 16741 7ffc1fd09190 292 API calls 16740->16741 16742 7ffc1fd0d61a shared_ptr 16741->16742 16743 7ffc1fd15ba4 shared_ptr EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 16742->16743 16744 7ffc1fd0d633 16743->16744 16744->16547 16746 7ffc1fd0e658 16745->16746 16747 7ffc1fd0e660 16746->16747 16748 7ffc1fd0f013 16746->16748 16866 7ffc1fd0d640 16747->16866 16749 7ffc1fd0f01a strerror 16748->16749 16751 7ffc1fd0f060 16749->16751 16751->16751 16753 7ffc1fcf9100 7 API calls 16751->16753 16752 7ffc1fd0e695 16871 7ffc1fd117c0 _localtime64 16752->16871 16755 7ffc1fd0f071 16753->16755 16755->16549 16757 7ffc1fcf49b0 31 API calls 16758 7ffc1fd0e776 16757->16758 16759 7ffc1fd0e79f 16758->16759 17021 7ffc1fd0bd30 16758->17021 16761 7ffc1fd0e7dd 16759->16761 16762 7ffc1fd0e7f9 16759->16762 16764 7ffc1fd156a8 std::_Facet_Register 3 API calls 16761->16764 16763 7ffc1fd0e85d 16762->16763 16765 7ffc1fd0e858 16762->16765 16767 7ffc1fd0e851 _invalid_parameter_noinfo_noreturn 16762->16767 16769 7ffc1fd0e8b1 16763->16769 16771 7ffc1fd0e8aa _invalid_parameter_noinfo_noreturn 16763->16771 16777 7ffc1fd0e8b6 16763->16777 16766 7ffc1fd0e7e7 16764->16766 16768 7ffc1fd156e4 ISource free 16765->16768 16766->16762 16767->16765 16768->16763 16774 7ffc1fd156e4 ISource free 16769->16774 16770 7ffc1fd0e967 _Mtx_unlock 16772 7ffc1fd0e982 AcquireSRWLockShared 16770->16772 16773 7ffc1fd0efe9 16770->16773 16771->16769 17040 7ffc1fd199b0 16772->17040 16776 7ffc1fd15e20 _Receive_impl 8 API calls 16773->16776 16774->16777 16779 7ffc1fd0eff8 16776->16779 16777->16770 16780 7ffc1fd0e9da _invalid_parameter_noinfo_noreturn 16777->16780 16781 7ffc1fd156e4 ISource free 16777->16781 16779->16549 16783 7ffc1fd0e9bb 16780->16783 16781->16777 16879 7ffc1fd1a540 16783->16879 16784 7ffc1fd0e9ac 16785 7ffc1fd180e0 2 API calls 16784->16785 16785->16783 16791 7ffc1fd0ea18 16793 7ffc1fd0ea41 16791->16793 17046 7ffc1fcf2190 16791->17046 16894 7ffc1fd08800 16793->16894 16800 7ffc1fd18120 3 API calls 16802 7ffc1fd0eb34 16800->16802 16801 7ffc1fd0ebaa 16804 7ffc1fd0ebef 16801->16804 16808 7ffc1fd0ebea 16801->16808 16811 7ffc1fd0ebe3 _invalid_parameter_noinfo_noreturn 16801->16811 16802->16801 16803 7ffc1fd0eba5 16802->16803 16806 7ffc1fd0eb9e _invalid_parameter_noinfo_noreturn 16802->16806 16807 7ffc1fd156e4 ISource free 16803->16807 16805 7ffc1fd0ec34 16804->16805 16809 7ffc1fd0ec2f 16804->16809 16813 7ffc1fd0ec28 _invalid_parameter_noinfo_noreturn 16804->16813 16810 7ffc1fd0ec91 16805->16810 16815 7ffc1fd0ec8c 16805->16815 16817 7ffc1fd0ec85 _invalid_parameter_noinfo_noreturn 16805->16817 16806->16803 16807->16801 16812 7ffc1fd156e4 ISource free 16808->16812 16814 7ffc1fd156e4 ISource free 16809->16814 16816 7ffc1fd180e0 2 API calls 16810->16816 16811->16808 16812->16804 16813->16809 16814->16805 16818 7ffc1fd156e4 ISource free 16815->16818 16819 7ffc1fd0ecdb 16816->16819 16817->16815 16818->16810 16820 7ffc1fd177f0 59 API calls 16819->16820 16821 7ffc1fd0ed11 16820->16821 16822 7ffc1fd18120 3 API calls 16821->16822 16823 7ffc1fd0ed27 16822->16823 16824 7ffc1fd0d640 2 API calls 16823->16824 16825 7ffc1fd0ed60 16824->16825 16826 7ffc1fd180e0 2 API calls 16825->16826 16827 7ffc1fd0ed6d 16826->16827 16828 7ffc1fd0ed95 16827->16828 17061 7ffc1fcfd4c0 16827->17061 16830 7ffc1fd177f0 59 API calls 16828->16830 16831 7ffc1fd0edc0 16830->16831 16832 7ffc1fd18120 3 API calls 16831->16832 16833 7ffc1fd0edd6 16832->16833 16834 7ffc1fd0ee34 16833->16834 17075 7ffc1fd1a9d0 16833->17075 16837 7ffc1fd0ee4c ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N 16834->16837 16838 7ffc1fd0efc7 16834->16838 16954 7ffc1fd0e130 ?exceptions@ios_base@std@@QEAAXH ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N 16837->16954 16839 7ffc1fd0efd1 16838->16839 17103 7ffc1fd197f0 16838->17103 17107 7ffc1fd0a280 16839->17107 16844 7ffc1fd0eee7 16955 7ffc1fd1dc80 16844->16955 16848 7ffc1fd0ef49 16979 7ffc1fd0d2c0 16848->16979 16849 7ffc1fd0d2c0 275 API calls 16849->16848 16856 7ffc1fd0efa7 ??_D?$basic_ostream@DU?$char_traits@D@std@@@std@ ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA 16856->16838 16857 7ffc1fd0ef9a ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 16857->16856 16860 7ffc1fd15c1a 16858->16860 16861 7ffc1fd15c1f LeaveCriticalSection 16860->16861 16863 7ffc1fd15cb0 16860->16863 16864 7ffc1fd15ce1 LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 16863->16864 16865 7ffc1fd15cc4 16863->16865 16865->16864 16867 7ffc1fd0d6a2 16866->16867 16868 7ffc1fd0d669 16866->16868 16867->16752 17111 7ffc1fd160f0 16868->17111 16872 7ffc1fd1181c strftime 16871->16872 16873 7ffc1fd11819 16871->16873 16874 7ffc1fd11853 16872->16874 16873->16872 16874->16874 16875 7ffc1fcf9100 7 API calls 16874->16875 16876 7ffc1fd1186a 16875->16876 16877 7ffc1fd15e20 _Receive_impl 8 API calls 16876->16877 16878 7ffc1fd0e6ce 16877->16878 16878->16757 17115 7ffc1fd1a2f0 16879->17115 16882 7ffc1fd18120 16883 7ffc1fd1815d 16882->16883 16884 7ffc1fd18197 16883->16884 16885 7ffc1fd0ea06 16883->16885 16886 7ffc1fd156a8 std::_Facet_Register 3 API calls 16884->16886 16888 7ffc1fd11260 16885->16888 16887 7ffc1fd181a1 16886->16887 16887->16885 16889 7ffc1fd11290 16888->16889 16889->16889 16890 7ffc1fd112ea 16889->16890 16891 7ffc1fcf9100 7 API calls 16889->16891 16892 7ffc1fd15e20 _Receive_impl 8 API calls 16890->16892 16891->16890 16893 7ffc1fd112fa 16892->16893 16893->16791 16895 7ffc1fd0884c 16894->16895 16896 7ffc1fd0889e 16894->16896 16895->16896 16897 7ffc1fd08851 memmove 16895->16897 16898 7ffc1fd088a6 memmove 16896->16898 16899 7ffc1fd088f9 16896->16899 16904 7ffc1fd08983 16897->16904 16900 7ffc1fd088df 16898->16900 16901 7ffc1fd088e2 memmove 16898->16901 16902 7ffc1fd0899d 16899->16902 17150 7ffc1fcfe540 16899->17150 16900->16901 16901->16904 16910 7ffc1fd180e0 malloc 16904->16910 16906 7ffc1fd0893e memmove 16908 7ffc1fd0896e memmove 16906->16908 16909 7ffc1fd0896b 16906->16909 16908->16904 16909->16908 16911 7ffc1fd0eac9 16910->16911 16912 7ffc1fd180f4 std::bad_alloc::bad_alloc 16910->16912 16914 7ffc1fd177f0 16911->16914 16913 7ffc1fd180fe _CxxThrowException 16912->16913 17158 7ffc1fd175d0 16914->17158 16918 7ffc1fd178ed ReleaseSRWLockShared AcquireSRWLockExclusive 16924 7ffc1fd17911 16918->16924 16919 7ffc1fd179a2 16920 7ffc1fd17bfe 16919->16920 16921 7ffc1fd179b4 16919->16921 17200 7ffc1fd02b20 16920->17200 16928 7ffc1fcf9100 7 API calls 16921->16928 16922 7ffc1fd1785a 16922->16918 16944 7ffc1fd178da ReleaseSRWLockShared 16922->16944 16924->16919 16926 7ffc1fd17992 memcmp 16924->16926 16926->16919 16929 7ffc1fd17bc8 ReleaseSRWLockExclusive 16926->16929 16931 7ffc1fd179df 16928->16931 16932 7ffc1fd17bd5 16929->16932 16930 7ffc1fd17c1c 17207 7ffc1fd16de0 16930->17207 16933 7ffc1fcfd4c0 std::bad_exception::bad_exception 6 API calls 16931->16933 16934 7ffc1fd15e20 _Receive_impl 8 API calls 16932->16934 16935 7ffc1fd179fd 16933->16935 16938 7ffc1fd0eb1e 16934->16938 16937 7ffc1fd17a1d 16935->16937 17174 7ffc1fd172e0 16935->17174 16941 7ffc1fd17a61 16937->16941 16942 7ffc1fd17a4b 16937->16942 16938->16800 16945 7ffc1fcfd4c0 std::bad_exception::bad_exception 6 API calls 16941->16945 16943 7ffc1fd156a8 std::_Facet_Register 3 API calls 16942->16943 16946 7ffc1fd17a55 16943->16946 16944->16932 16947 7ffc1fd17a83 16945->16947 16946->16941 17194 7ffc1fcf8a60 16947->17194 16950 7ffc1fd17aca 16951 7ffc1fd156e4 ISource free 16950->16951 16953 7ffc1fd17acf 16951->16953 16952 7ffc1fd17ac3 _invalid_parameter_noinfo_noreturn 16952->16950 16953->16929 16954->16844 17229 7ffc1fd0e130 ?exceptions@ios_base@std@@QEAAXH ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N 16955->17229 16957 7ffc1fd1dcb0 ?_Init@locale@std@@CAPEAV_Locimp@12@_N ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@ 16958 7ffc1fd1dce8 16957->16958 16960 7ffc1fd180e0 2 API calls 16958->16960 16974 7ffc1fd1deae 16958->16974 16959 7ffc1fd15e20 _Receive_impl 8 API calls 16961 7ffc1fd0ef00 16959->16961 16962 7ffc1fd1dd3c 16960->16962 16961->16848 16961->16849 16963 7ffc1fd1ddd5 16962->16963 16964 7ffc1fd1ddd0 16962->16964 16966 7ffc1fd1ddc9 _invalid_parameter_noinfo_noreturn 16962->16966 17230 7ffc1fd1a520 16963->17230 16967 7ffc1fd156e4 ISource free 16964->16967 16966->16964 16967->16963 16972 7ffc1fd1de7f ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N 16972->16974 16974->16959 16978 7ffc1fd1de7b 16978->16972 16980 7ffc1fd0d300 16979->16980 16981 7ffc1fd0d34c ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 16980->16981 16982 7ffc1fd0d3da ?uncaught_exception@std@ 16980->16982 16985 7ffc1fd0d3b9 16981->16985 16986 7ffc1fd0d369 16981->16986 16983 7ffc1fd0d3ed ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 16982->16983 16984 7ffc1fd0d3e3 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 16982->16984 16995 7ffc1fd19ca0 16983->16995 16984->16983 16987 7ffc1fd0c010 289 API calls 16985->16987 16988 7ffc1fd0d380 16986->16988 16989 7ffc1fd0d3a8 16986->16989 16991 7ffc1fd0d3a6 16987->16991 16992 7ffc1fd0c010 289 API calls 16988->16992 16990 7ffc1fd0c0c0 10 API calls 16989->16990 16990->16985 16991->16982 16993 7ffc1fd0d38b 16992->16993 17315 7ffc1fd0c0c0 16993->17315 16996 7ffc1fd19cc8 16995->16996 17000 7ffc1fd19d62 16995->17000 17338 7ffc1fd18390 16996->17338 16998 7ffc1fd19cd6 16998->17000 17346 7ffc1fd18620 16998->17346 16999 7ffc1fd19dd0 17002 7ffc1fd19dd5 16999->17002 17019 7ffc1fd19ddf 16999->17019 17000->16999 17001 7ffc1fd19daf 17000->17001 17004 7ffc1fd1a1c3 Concurrency::cancel_current_task 17000->17004 17000->17019 17003 7ffc1fd156a8 std::_Facet_Register 3 API calls 17001->17003 17005 7ffc1fd156a8 std::_Facet_Register 3 API calls 17002->17005 17006 7ffc1fd19db4 17003->17006 17007 7ffc1fd19dbc 17005->17007 17006->17007 17008 7ffc1fd19dca _invalid_parameter_noinfo_noreturn 17006->17008 17007->17019 17008->16999 17010 7ffc1fd1a192 17011 7ffc1fd0ef82 17010->17011 17370 7ffc1fd19780 17010->17370 17098 7ffc1fd1dc10 17011->17098 17012 7ffc1fd26670 TlsGetValue 17012->17019 17013 7ffc1fd1a101 17013->17010 17014 7ffc1fd1a18a 17013->17014 17015 7ffc1fd1a183 _invalid_parameter_noinfo_noreturn 17013->17015 17016 7ffc1fd156e4 ISource free 17014->17016 17015->17014 17016->17010 17019->17012 17019->17013 17330 7ffc1fd08050 GetCurrentThreadId 17019->17330 17354 7ffc1fd19b00 AcquireSRWLockExclusive 17019->17354 17023 7ffc1fd0bd54 17021->17023 17022 7ffc1fd0bef6 Concurrency::cancel_current_task 17710 7ffc1fd0bf10 ?_Xlength_error@std@@YAXPEBD 17022->17710 17023->17022 17025 7ffc1fd0bdd7 17023->17025 17026 7ffc1fd0bdab 17023->17026 17029 7ffc1fd156a8 std::_Facet_Register 3 API calls 17025->17029 17035 7ffc1fd0bdc0 17025->17035 17026->17022 17028 7ffc1fd156a8 std::_Facet_Register 3 API calls 17026->17028 17028->17035 17029->17035 17030 7ffc1fd0bde9 memmove 17031 7ffc1fd0be34 memmove memset 17030->17031 17032 7ffc1fd0be59 memmove memmove 17030->17032 17033 7ffc1fd0be89 memset 17031->17033 17032->17033 17036 7ffc1fd0bed6 17033->17036 17037 7ffc1fd0bea8 17033->17037 17034 7ffc1fd0beef _invalid_parameter_noinfo_noreturn 17034->17022 17035->17030 17035->17034 17036->16759 17037->17034 17038 7ffc1fd0bece 17037->17038 17039 7ffc1fd156e4 ISource free 17038->17039 17039->17036 17711 7ffc1fd19840 17040->17711 17043 7ffc1fd18020 17044 7ffc1fd156a8 std::_Facet_Register 3 API calls 17043->17044 17045 7ffc1fd18037 17044->17045 17045->16784 17047 7ffc1fcf21be 17046->17047 17051 7ffc1fcf230b Concurrency::cancel_current_task 17046->17051 17048 7ffc1fcf2211 17047->17048 17049 7ffc1fcf2246 17047->17049 17050 7ffc1fd156a8 std::_Facet_Register 3 API calls 17048->17050 17048->17051 17052 7ffc1fcf222f 17049->17052 17054 7ffc1fd156a8 std::_Facet_Register 3 API calls 17049->17054 17050->17052 17053 7ffc1fcf22c4 _invalid_parameter_noinfo_noreturn 17052->17053 17055 7ffc1fcf22cb memmove memmove 17052->17055 17056 7ffc1fcf2277 memmove memmove 17052->17056 17053->17055 17054->17052 17059 7ffc1fcf22c2 17055->17059 17057 7ffc1fcf22b7 17056->17057 17058 7ffc1fcf22a2 17056->17058 17060 7ffc1fd156e4 ISource free 17057->17060 17058->17053 17058->17057 17059->16793 17060->17059 17062 7ffc1fcfd4ed 17061->17062 17063 7ffc1fcfd4fb 17062->17063 17064 7ffc1fcfd55b 17062->17064 17067 7ffc1fcfd597 Concurrency::cancel_current_task 17062->17067 17068 7ffc1fcfd536 17062->17068 17063->16828 17065 7ffc1fcfd565 memmove 17064->17065 17066 7ffc1fcfd560 17064->17066 17065->17063 17069 7ffc1fd156a8 std::_Facet_Register 3 API calls 17066->17069 17072 7ffc1fcfd59c __std_exception_copy 17067->17072 17070 7ffc1fd156a8 std::_Facet_Register 3 API calls 17068->17070 17069->17065 17071 7ffc1fcfd53e 17070->17071 17073 7ffc1fcfd546 17071->17073 17074 7ffc1fcfd554 _invalid_parameter_noinfo_noreturn 17071->17074 17072->16828 17073->17065 17074->17064 17076 7ffc1fd1a9e6 17075->17076 17077 7ffc1fd1aa0f 17076->17077 17079 7ffc1fd1d940 4 API calls 17076->17079 17754 7ffc1fd1a950 17076->17754 17763 7ffc1fd1d900 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17076->17763 17078 7ffc1fd1aa23 17077->17078 17764 7ffc1fd1d9d0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17077->17764 17081 7ffc1fd1a950 24 API calls 17078->17081 17079->17076 17082 7ffc1fd1aa28 17081->17082 17765 7ffc1fd1fda0 TlsGetValue 17082->17765 17099 7ffc1fd0ef8f 17098->17099 17100 7ffc1fd1dc23 17098->17100 17099->16856 17099->16857 17101 7ffc1fd1dba0 290 API calls 17100->17101 17102 7ffc1fd1dc28 ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N ?exceptions@ios_base@std@@QEAAXH 17101->17102 17102->17099 17104 7ffc1fd19780 17103->17104 17105 7ffc1fd18280 2 API calls 17104->17105 17106 7ffc1fd197d0 free 17105->17106 17106->16839 17108 7ffc1fd0a29b 17107->17108 17808 7ffc1fd18070 17108->17808 17112 7ffc1fd16134 17111->17112 17114 7ffc1fd0d695 17111->17114 17113 7ffc1fd16139 malloc free 17112->17113 17112->17114 17113->17114 17114->16752 17116 7ffc1fd1a310 17115->17116 17117 7ffc1fd1a48a 17116->17117 17129 7ffc1fd1a32b shared_ptr 17116->17129 17131 7ffc1fd1d940 AcquireSRWLockExclusive 17116->17131 17120 7ffc1fd1a49e 17117->17120 17146 7ffc1fd1d9d0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17117->17146 17121 7ffc1fd0e9f1 17120->17121 17123 7ffc1fd15c04 shared_ptr 5 API calls 17120->17123 17121->16882 17122 7ffc1fd156a8 std::_Facet_Register 3 API calls 17122->17129 17124 7ffc1fd1a4ef shared_ptr 17123->17124 17124->17121 17147 7ffc1fd15ba4 EnterCriticalSection LeaveCriticalSection 17124->17147 17126 7ffc1fd177f0 59 API calls 17126->17129 17129->17116 17129->17122 17129->17126 17136 7ffc1fd1a4b0 17129->17136 17142 7ffc1fd1a240 17129->17142 17145 7ffc1fd1d900 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17129->17145 17132 7ffc1fd1d960 17131->17132 17133 7ffc1fd1d99b ReleaseSRWLockExclusive 17131->17133 17132->17133 17134 7ffc1fd1d9b0 ReleaseSRWLockExclusive 17132->17134 17135 7ffc1fd1d970 SleepConditionVariableSRW 17132->17135 17133->17116 17134->17116 17135->17132 17135->17135 17137 7ffc1fd1a4e3 17136->17137 17141 7ffc1fd1a4d7 17136->17141 17138 7ffc1fd15c04 shared_ptr 5 API calls 17137->17138 17139 7ffc1fd1a4ef shared_ptr 17138->17139 17140 7ffc1fd15ba4 shared_ptr 4 API calls 17139->17140 17139->17141 17140->17141 17141->17129 17143 7ffc1fd156a8 std::_Facet_Register 3 API calls 17142->17143 17144 7ffc1fd1a266 17143->17144 17144->17129 17145->17129 17146->17120 17148 7ffc1fd15c6c SetEvent ResetEvent 17147->17148 17151 7ffc1fcfe57b 17150->17151 17152 7ffc1fcfe54d 17150->17152 17151->16906 17153 7ffc1fcfe593 Concurrency::cancel_current_task 17152->17153 17154 7ffc1fd156a8 std::_Facet_Register 3 API calls 17152->17154 17155 7ffc1fcfe55b 17154->17155 17156 7ffc1fcfe574 _invalid_parameter_noinfo_noreturn 17155->17156 17157 7ffc1fcfe563 17155->17157 17156->17151 17157->16906 17165 7ffc1fd175f6 shared_ptr 17158->17165 17159 7ffc1fd1779f 17163 7ffc1fd15c04 shared_ptr 5 API calls 17159->17163 17171 7ffc1fd177fe AcquireSRWLockShared 17159->17171 17160 7ffc1fd1d940 4 API calls 17160->17165 17162 7ffc1fd1778b 17162->17159 17220 7ffc1fd1d9d0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17162->17220 17167 7ffc1fd17c8f shared_ptr 17163->17167 17165->17160 17165->17162 17166 7ffc1fd17640 shared_ptr 17165->17166 17210 7ffc1fd16a10 17165->17210 17166->17165 17168 7ffc1fd1764e InitializeSRWLock 17166->17168 17213 7ffc1fd17c50 17166->17213 17219 7ffc1fd1d900 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17166->17219 17169 7ffc1fd15ba4 shared_ptr 4 API calls 17167->17169 17167->17171 17170 7ffc1fd156a8 std::_Facet_Register 3 API calls 17168->17170 17169->17171 17170->17166 17171->16918 17171->16922 17176 7ffc1fd17320 17174->17176 17175 7ffc1fd174ae Concurrency::cancel_current_task 17221 7ffc1fd174c0 ?_Xlength_error@std@@YAXPEBD 17175->17221 17176->17175 17178 7ffc1fd1739c 17176->17178 17180 7ffc1fd156a8 std::_Facet_Register 3 API calls 17176->17180 17181 7ffc1fd156a8 std::_Facet_Register 3 API calls 17178->17181 17188 7ffc1fd17387 memmove 17178->17188 17179 7ffc1fd174bc 17183 7ffc1fd17382 17180->17183 17181->17188 17187 7ffc1fd17395 _invalid_parameter_noinfo_noreturn 17183->17187 17183->17188 17184 7ffc1fd1740c memmove memmove 17186 7ffc1fd1743d memset 17184->17186 17185 7ffc1fd173e7 memmove memset 17185->17186 17189 7ffc1fd1744d 17186->17189 17190 7ffc1fd1747f 17186->17190 17187->17178 17188->17184 17188->17185 17191 7ffc1fd17477 17189->17191 17192 7ffc1fd174a7 _invalid_parameter_noinfo_noreturn 17189->17192 17190->16937 17193 7ffc1fd156e4 ISource free 17191->17193 17192->17175 17193->17190 17195 7ffc1fcf8a73 17194->17195 17196 7ffc1fcf8a9f 17194->17196 17197 7ffc1fcf8ab8 _invalid_parameter_noinfo_noreturn 17195->17197 17198 7ffc1fcf8a97 17195->17198 17196->16950 17196->16952 17196->16953 17199 7ffc1fd156e4 ISource free 17198->17199 17199->17196 17201 7ffc1fd02b41 17200->17201 17201->17201 17202 7ffc1fcf9100 7 API calls 17201->17202 17203 7ffc1fd02b4f 17202->17203 17204 7ffc1fd1c140 17203->17204 17205 7ffc1fd1c153 17204->17205 17206 7ffc1fd1c156 __std_exception_copy 17204->17206 17205->17206 17206->16930 17228 7ffc1fd16ed0 __std_exception_copy 17207->17228 17209 7ffc1fd16df4 _CxxThrowException 17211 7ffc1fd156a8 std::_Facet_Register 3 API calls 17210->17211 17212 7ffc1fd16a31 17211->17212 17212->17165 17214 7ffc1fd17c83 17213->17214 17218 7ffc1fd17c77 17213->17218 17215 7ffc1fd15c04 shared_ptr 5 API calls 17214->17215 17216 7ffc1fd17c8f shared_ptr 17215->17216 17217 7ffc1fd15ba4 shared_ptr 4 API calls 17216->17217 17216->17218 17217->17218 17218->17166 17219->17166 17220->17159 17222 7ffc1fd156a8 std::_Facet_Register 3 API calls 17221->17222 17223 7ffc1fd174f7 17222->17223 17226 7ffc1fd16e10 __std_exception_copy 17223->17226 17225 7ffc1fd17507 17225->17179 17227 7ffc1fd16e7e 17226->17227 17227->17225 17228->17209 17229->16957 17231 7ffc1fd1a2f0 59 API calls 17230->17231 17232 7ffc1fd1a52e 17231->17232 17233 7ffc1fd18940 17232->17233 17234 7ffc1fd18974 17233->17234 17235 7ffc1fd1898e 17234->17235 17272 7ffc1fd189e0 17234->17272 17237 7ffc1fd1dba0 17235->17237 17238 7ffc1fd1dbb0 17237->17238 17239 7ffc1fd1dbdb 17237->17239 17238->17239 17276 7ffc1fd0c010 17238->17276 17239->16972 17241 7ffc1fd0e430 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2 ??0_Lockit@std@@QEAA@H ??Bid@locale@std@ 17239->17241 17242 7ffc1fd0e48b 17241->17242 17243 7ffc1fd0e505 ??1_Lockit@std@@QEAA ?length@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1_K 17242->17243 17245 7ffc1fd0e4a2 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12 17242->17245 17246 7ffc1fd0e4ad 17242->17246 17244 7ffc1fd0e544 17243->17244 17264 7ffc1fd10430 17244->17264 17245->17246 17246->17243 17247 7ffc1fd0e4c4 ?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@ 17246->17247 17248 7ffc1fd0e4de 17247->17248 17249 7ffc1fd0e578 17247->17249 17293 7ffc1fd15490 17248->17293 17296 7ffc1fd02c60 17249->17296 17265 7ffc1fd10441 17264->17265 17266 7ffc1fd10457 17264->17266 17265->16978 17267 7ffc1fd10471 memset 17266->17267 17268 7ffc1fd104a8 17266->17268 17267->16978 17300 7ffc1fd059f0 17268->17300 17273 7ffc1fd18a24 17272->17273 17275 7ffc1fd18a07 17272->17275 17274 7ffc1fd156a8 std::_Facet_Register 3 API calls 17273->17274 17274->17275 17275->17235 17277 7ffc1fd0c02e 17276->17277 17278 7ffc1fd0c0a1 17276->17278 17279 7ffc1fd0c04f 17277->17279 17280 7ffc1fd0c06a 17277->17280 17278->17239 17287 7ffc1fd03030 17279->17287 17282 7ffc1fd0e430 292 API calls 17280->17282 17283 7ffc1fd0c078 17282->17283 17285 7ffc1fd03030 10 API calls 17283->17285 17284 7ffc1fd0c057 17284->17239 17286 7ffc1fd0c08a 17285->17286 17286->17239 17288 7ffc1fd03053 memmove 17287->17288 17289 7ffc1fd03092 17287->17289 17288->17284 17291 7ffc1fcf2190 9 API calls 17289->17291 17292 7ffc1fd030a8 17291->17292 17292->17284 17294 7ffc1fd156a8 std::_Facet_Register 3 API calls 17293->17294 17295 7ffc1fd0e4f0 17294->17295 17295->17243 17299 7ffc1fd02be0 17296->17299 17298 7ffc1fd02c6e _CxxThrowException 17299->17298 17301 7ffc1fd05a1e 17300->17301 17308 7ffc1fd05b6c Concurrency::cancel_current_task 17300->17308 17302 7ffc1fd05a71 17301->17302 17303 7ffc1fd05aa6 17301->17303 17304 7ffc1fd156a8 std::_Facet_Register 3 API calls 17302->17304 17302->17308 17305 7ffc1fd05a8f 17303->17305 17307 7ffc1fd156a8 std::_Facet_Register 3 API calls 17303->17307 17304->17305 17306 7ffc1fd05b25 _invalid_parameter_noinfo_noreturn 17305->17306 17309 7ffc1fd05b2c memmove memset 17305->17309 17310 7ffc1fd05ad8 memmove memset 17305->17310 17306->17309 17307->17305 17313 7ffc1fd05b23 17309->17313 17311 7ffc1fd05b18 17310->17311 17312 7ffc1fd05b03 17310->17312 17314 7ffc1fd156e4 ISource free 17311->17314 17312->17306 17312->17311 17313->16978 17314->17313 17316 7ffc1fd0c133 17315->17316 17317 7ffc1fd0c0d6 17315->17317 17316->16991 17318 7ffc1fd0c114 17317->17318 17319 7ffc1fd0c0f9 17317->17319 17321 7ffc1fd0c140 10 API calls 17318->17321 17324 7ffc1fd0c140 17319->17324 17323 7ffc1fd0c11c 17321->17323 17322 7ffc1fd0c101 17322->16991 17323->16991 17325 7ffc1fd0c163 memset 17324->17325 17326 7ffc1fd0c1a6 17324->17326 17325->17322 17328 7ffc1fd059f0 9 API calls 17326->17328 17329 7ffc1fd0c1bc 17328->17329 17329->17322 17331 7ffc1fd0807e 17330->17331 17332 7ffc1fd080e6 17331->17332 17374 7ffc1fd06090 17331->17374 17332->17019 17339 7ffc1fd183b0 17338->17339 17341 7ffc1fd183b8 17338->17341 17544 7ffc1fd187c0 17339->17544 17342 7ffc1fd187c0 3 API calls 17341->17342 17344 7ffc1fd183d0 17341->17344 17342->17344 17343 7ffc1fd183e9 17343->16998 17344->17343 17345 7ffc1fd187c0 3 API calls 17344->17345 17345->17343 17347 7ffc1fd18631 17346->17347 17350 7ffc1fd18639 17346->17350 17348 7ffc1fd187c0 3 API calls 17347->17348 17348->17350 17349 7ffc1fd18651 17352 7ffc1fd1866a 17349->17352 17353 7ffc1fd187c0 3 API calls 17349->17353 17350->17349 17351 7ffc1fd187c0 3 API calls 17350->17351 17351->17349 17352->16998 17353->17352 17355 7ffc1fd26670 TlsGetValue 17354->17355 17356 7ffc1fd19b25 17355->17356 17357 7ffc1fd19c5c ReleaseSRWLockExclusive 17356->17357 17358 7ffc1fd156a8 std::_Facet_Register 3 API calls 17356->17358 17357->17019 17359 7ffc1fd19b36 17358->17359 17360 7ffc1fd18020 3 API calls 17359->17360 17361 7ffc1fd19b46 17360->17361 17548 7ffc1fd0c7c0 GetSystemTimeAsFileTime 17361->17548 17371 7ffc1fd19799 17370->17371 17705 7ffc1fd18280 17371->17705 17404 7ffc1fd26670 17374->17404 17377 7ffc1fd060d1 AcquireSRWLockShared 17379 7ffc1fd156a8 std::_Facet_Register 3 API calls 17377->17379 17378 7ffc1fd06145 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 17407 7ffc1fd1df50 17378->17407 17380 7ffc1fd060ee 17379->17380 17381 7ffc1fd0610b ReleaseSRWLockShared 17380->17381 17410 7ffc1fd09ad0 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA 17380->17410 17387 7ffc1fd26670 TlsGetValue 17381->17387 17389 7ffc1fd06124 17387->17389 17389->17378 17423 7ffc1fd26e20 17389->17423 17449 7ffc1fd26600 17404->17449 17408 7ffc1fd1df57 17407->17408 17409 7ffc1fd1df5a OutputDebugStringA 17407->17409 17408->17409 17411 7ffc1fd09b64 17410->17411 17412 7ffc1fd09b88 17410->17412 17411->17412 17414 7ffc1fd0c010 288 API calls 17411->17414 17413 7ffc1fd09bf4 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N 17412->17413 17416 7ffc1fd0e430 288 API calls 17412->17416 17452 7ffc1fd0e130 ?exceptions@ios_base@std@@QEAAXH ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N 17413->17452 17414->17412 17419 7ffc1fd09be1 17416->17419 17417 7ffc1fd09c16 ?exceptions@ios_base@std@@QEAAXH ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@ 17422 7ffc1fd09c7d 17417->17422 17420 7ffc1fd10430 10 API calls 17419->17420 17421 7ffc1fd09bf0 17420->17421 17421->17413 17422->17381 17424 7ffc1fd26600 TlsGetValue 17423->17424 17425 7ffc1fd26e4b 17424->17425 17426 7ffc1fd26eee 17425->17426 17429 7ffc1fd26e57 17425->17429 17427 7ffc1fd26f14 17426->17427 17428 7ffc1fd26f09 TlsGetValue 17426->17428 17446 7ffc1fd26ebd 17426->17446 17430 7ffc1fd26750 288 API calls 17427->17430 17428->17427 17436 7ffc1fd26f24 17428->17436 17431 7ffc1fd26e9d 17429->17431 17432 7ffc1fd26e8f TlsGetValue 17429->17432 17429->17446 17433 7ffc1fd26f19 17430->17433 17453 7ffc1fd26750 17431->17453 17432->17431 17434 7ffc1fd26ecb 17432->17434 17433->17436 17437 7ffc1fd26f29 TlsGetValue 17433->17437 17438 7ffc1fd263d0 free 17434->17438 17439 7ffc1fd26fa3 17436->17439 17440 7ffc1fd27016 17436->17440 17436->17446 17437->17436 17438->17446 17442 7ffc1fd156a8 std::_Facet_Register 3 API calls 17439->17442 17468 7ffc1fd03010 ?_Xlength_error@std@@YAXPEBD 17440->17468 17442->17446 17444 7ffc1fd26ead 17460 7ffc1fd263d0 17444->17460 17445 7ffc1fd26ec2 TlsGetValue 17445->17434 17446->17378 17450 7ffc1fd26614 TlsGetValue 17449->17450 17451 7ffc1fd060c0 17449->17451 17450->17451 17451->17377 17451->17378 17452->17417 17469 7ffc1fd24eb0 GetProcessHeap HeapAlloc 17453->17469 17458 7ffc1fd26781 TlsSetValue 17459 7ffc1fd2678b 17458->17459 17459->17444 17459->17445 17461 7ffc1fd26403 17460->17461 17464 7ffc1fd264cf 17461->17464 17466 7ffc1fd2651e 17461->17466 17462 7ffc1fd26506 17462->17446 17464->17462 17465 7ffc1fd156e4 ISource free 17464->17465 17514 7ffc1fd244c0 17464->17514 17465->17464 17466->17462 17467 7ffc1fd156e4 ISource free 17466->17467 17467->17466 17470 7ffc1fd24ed8 17469->17470 17471 7ffc1fd24efa std::bad_alloc::bad_alloc 17469->17471 17497 7ffc1fd25130 17470->17497 17508 7ffc1fd1a5c0 17471->17508 17476 7ffc1fd25fa0 17487 7ffc1fd25ff2 17476->17487 17477 7ffc1fd261a2 17480 7ffc1fd15e20 _Receive_impl 8 API calls 17477->17480 17478 7ffc1fd26198 CloseHandle 17478->17477 17479 7ffc1fd2605c ResetEvent 17479->17487 17483 7ffc1fd261b2 17480->17483 17481 7ffc1fd26028 OpenEventA 17482 7ffc1fd2604c CloseHandle 17481->17482 17481->17487 17482->17487 17483->17458 17483->17459 17484 7ffc1fd26173 WaitForSingleObjectEx 17484->17487 17486 7ffc1fd2613d CreateEventA 17486->17487 17493 7ffc1fd26163 CloseHandle 17486->17493 17487->17479 17487->17481 17487->17484 17487->17486 17489 7ffc1fd26078 17487->17489 17490 7ffc1fd26102 17487->17490 17491 7ffc1fd26940 GetCurrentProcessId 17487->17491 17511 7ffc1fd26940 17487->17511 17488 7ffc1fd260f4 SetEvent 17488->17490 17489->17488 17492 7ffc1fd260e3 17489->17492 17494 7ffc1fd260b7 CreateEventA 17489->17494 17496 7ffc1fd26940 GetCurrentProcessId 17489->17496 17490->17477 17490->17478 17491->17486 17492->17488 17492->17490 17493->17487 17494->17492 17495 7ffc1fd260dd CloseHandle 17494->17495 17495->17492 17496->17494 17498 7ffc1fd156a8 std::_Facet_Register malloc _CxxThrowException free 17497->17498 17499 7ffc1fd2518e CreateEventA 17498->17499 17500 7ffc1fd25200 17499->17500 17501 7ffc1fd251d0 17499->17501 17503 7ffc1fd09e90 _Receive_impl __std_exception_copy 17500->17503 17502 7ffc1fd15e20 _Receive_impl 8 API calls 17501->17502 17504 7ffc1fd24ee0 17502->17504 17505 7ffc1fd2520a 17503->17505 17504->17476 17506 7ffc1fd07f00 _Receive_impl 291 API calls 17505->17506 17507 7ffc1fd25213 17506->17507 17509 7ffc1fd1a6b0 __std_exception_copy 17508->17509 17510 7ffc1fd1a5d1 _CxxThrowException 17509->17510 17512 7ffc1fd26990 17511->17512 17512->17512 17513 7ffc1fd269a9 GetCurrentProcessId 17512->17513 17513->17481 17515 7ffc1fd24506 17514->17515 17517 7ffc1fd244df 17514->17517 17515->17464 17516 7ffc1fd244c0 _Receive_impl free 17516->17517 17517->17515 17517->17516 17518 7ffc1fd156e4 ISource free 17517->17518 17518->17517 17545 7ffc1fd18925 17544->17545 17546 7ffc1fd187ea 17544->17546 17545->17341 17546->17545 17547 7ffc1fd156a8 std::_Facet_Register 3 API calls 17546->17547 17547->17546 17549 7ffc1fd0c841 17548->17549 17550 7ffc1fd0c975 17549->17550 17551 7ffc1fd0c856 17549->17551 17610 7ffc1fd0f3f0 17550->17610 17552 7ffc1fd0c860 17551->17552 17553 7ffc1fd0c986 17551->17553 17556 7ffc1fd0c875 17552->17556 17557 7ffc1fd0c998 17552->17557 17555 7ffc1fd0f3f0 16 API calls 17553->17555 17555->17557 17558 7ffc1fd0c87f 17556->17558 17559 7ffc1fd0c9a6 17556->17559 17615 7ffc1fd0f410 17557->17615 17561 7ffc1fd0c9b4 17558->17561 17562 7ffc1fd0c89b 17558->17562 17563 7ffc1fd0f410 16 API calls 17559->17563 17620 7ffc1fd0f430 17561->17620 17564 7ffc1fd0c9c6 17562->17564 17565 7ffc1fd0c8aa 17562->17565 17563->17561 17568 7ffc1fd0f430 16 API calls 17564->17568 17593 7ffc1fd09890 17565->17593 17569 7ffc1fd0c9db 17568->17569 17570 7ffc1fd0c8bc 17571 7ffc1fd15e20 _Receive_impl 8 API calls 17570->17571 17572 7ffc1fd0c965 17571->17572 17573 7ffc1fd1f1e0 17572->17573 17582 7ffc1fd1f1f6 17573->17582 17574 7ffc1fd1f21f 17575 7ffc1fd1f233 17574->17575 17680 7ffc1fd1d9d0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17574->17680 17578 7ffc1fd1f290 24 API calls 17575->17578 17576 7ffc1fd1d940 4 API calls 17576->17582 17579 7ffc1fd1f238 17578->17579 17681 7ffc1fd1fda0 TlsGetValue 17579->17681 17582->17574 17582->17576 17670 7ffc1fd1f290 17582->17670 17679 7ffc1fd1d900 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17582->17679 17594 7ffc1fd09947 17593->17594 17595 7ffc1fd099af 17594->17595 17596 7ffc1fd099ca 17594->17596 17598 7ffc1fd15e20 _Receive_impl 8 API calls 17595->17598 17597 7ffc1fd02b20 7 API calls 17596->17597 17599 7ffc1fd099db 17597->17599 17600 7ffc1fd099bf 17598->17600 17625 7ffc1fd09440 17599->17625 17600->17570 17602 7ffc1fd099e9 17628 7ffc1fd07e40 17602->17628 17632 7ffc1fd094a0 17610->17632 17613 7ffc1fd07e40 2 API calls 17614 7ffc1fd0f407 17613->17614 17642 7ffc1fd095e0 17615->17642 17656 7ffc1fd09720 17620->17656 17626 7ffc1fd09453 17625->17626 17627 7ffc1fd09456 __std_exception_copy 17625->17627 17626->17627 17627->17602 17631 7ffc1fd08c70 __std_exception_copy 17628->17631 17630 7ffc1fd07e51 _CxxThrowException 17631->17630 17633 7ffc1fd156a8 std::_Facet_Register 3 API calls 17632->17633 17634 7ffc1fd094c7 __std_exception_copy 17633->17634 17635 7ffc1fd09541 17634->17635 17636 7ffc1fd09576 17634->17636 17638 7ffc1fd09571 17635->17638 17639 7ffc1fd0956a _invalid_parameter_noinfo_noreturn 17635->17639 17637 7ffc1fd15e20 _Receive_impl 8 API calls 17636->17637 17641 7ffc1fd09590 17637->17641 17640 7ffc1fd156e4 ISource free 17638->17640 17639->17638 17640->17636 17641->17613 17643 7ffc1fd156a8 std::_Facet_Register 3 API calls 17642->17643 17644 7ffc1fd09607 __std_exception_copy 17643->17644 17645 7ffc1fd09682 17644->17645 17646 7ffc1fd096b7 17644->17646 17648 7ffc1fd096b2 17645->17648 17651 7ffc1fd096ab _invalid_parameter_noinfo_noreturn 17645->17651 17647 7ffc1fd15e20 _Receive_impl 8 API calls 17646->17647 17650 7ffc1fd096d1 17647->17650 17649 7ffc1fd156e4 ISource free 17648->17649 17649->17646 17652 7ffc1fd07e70 17650->17652 17651->17648 17655 7ffc1fd08da0 __std_exception_copy 17652->17655 17654 7ffc1fd07e81 _CxxThrowException 17655->17654 17657 7ffc1fd156a8 std::_Facet_Register 3 API calls 17656->17657 17658 7ffc1fd09747 __std_exception_copy 17657->17658 17659 7ffc1fd09800 17658->17659 17660 7ffc1fd097cb 17658->17660 17661 7ffc1fd15e20 _Receive_impl 8 API calls 17659->17661 17662 7ffc1fd097fb 17660->17662 17664 7ffc1fd097f4 _invalid_parameter_noinfo_noreturn 17660->17664 17663 7ffc1fd0981a 17661->17663 17665 7ffc1fd156e4 ISource free 17662->17665 17666 7ffc1fd07ea0 17663->17666 17664->17662 17665->17659 17669 7ffc1fd08ed0 __std_exception_copy 17666->17669 17668 7ffc1fd07eb1 _CxxThrowException 17669->17668 17671 7ffc1fd1f2c6 17670->17671 17672 7ffc1fd1f2b9 17670->17672 17673 7ffc1fd15c04 shared_ptr 5 API calls 17671->17673 17672->17582 17674 7ffc1fd1f2d2 17673->17674 17674->17672 17682 7ffc1fd1fd40 TlsAlloc 17674->17682 17676 7ffc1fd1f2ea shared_ptr 17677 7ffc1fd15ba4 shared_ptr 4 API calls 17676->17677 17678 7ffc1fd1f303 17677->17678 17678->17582 17679->17582 17680->17575 17683 7ffc1fd1fd5f 17682->17683 17684 7ffc1fd1fd56 17682->17684 17687 7ffc1fd1d850 17683->17687 17684->17676 17688 7ffc1fd02b20 7 API calls 17687->17688 17689 7ffc1fd1d872 17688->17689 17696 7ffc1fd1c250 17689->17696 17691 7ffc1fd1d8a3 17699 7ffc1fd1b530 17691->17699 17693 7ffc1fd1d8b4 17702 7ffc1fd1b760 17693->17702 17697 7ffc1fd1c267 17696->17697 17698 7ffc1fd1c26a __std_exception_copy 17696->17698 17697->17698 17698->17691 17700 7ffc1fd1c1e0 7 API calls 17699->17700 17701 7ffc1fd1b53e 17700->17701 17701->17693 17703 7ffc1fd1bee0 7 API calls 17702->17703 17704 7ffc1fd1b774 _CxxThrowException 17703->17704 17706 7ffc1fd18373 free 17705->17706 17709 7ffc1fd182a1 17705->17709 17706->17011 17707 7ffc1fd1835c free 17707->17706 17708 7ffc1fd156e4 ISource free 17708->17709 17709->17707 17709->17708 17725 7ffc1fd19857 shared_ptr 17711->17725 17712 7ffc1fd19984 17714 7ffc1fd19998 17712->17714 17745 7ffc1fd1d9d0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17712->17745 17713 7ffc1fd1d940 4 API calls 17713->17725 17716 7ffc1fd0e9a1 17714->17716 17717 7ffc1fd15c04 shared_ptr 5 API calls 17714->17717 17716->17043 17719 7ffc1fd19a6f shared_ptr 17717->17719 17718 7ffc1fd156a8 malloc _CxxThrowException free std::_Facet_Register 17718->17725 17719->17716 17721 7ffc1fd15ba4 shared_ptr 4 API calls 17719->17721 17721->17716 17725->17712 17725->17713 17725->17718 17726 7ffc1fd19110 InitializeSRWLock 17725->17726 17735 7ffc1fd19a30 17725->17735 17741 7ffc1fd18b50 17725->17741 17744 7ffc1fd1d900 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 17725->17744 17746 7ffc1fd18af0 17726->17746 17728 7ffc1fd19156 shared_ptr 17749 7ffc1fd1f780 17728->17749 17730 7ffc1fd1918a shared_ptr 17731 7ffc1fd18020 3 API calls 17730->17731 17732 7ffc1fd19203 17731->17732 17733 7ffc1fd156a8 std::_Facet_Register 3 API calls 17732->17733 17734 7ffc1fd19226 17733->17734 17734->17725 17736 7ffc1fd19a63 17735->17736 17737 7ffc1fd19a57 17735->17737 17738 7ffc1fd15c04 shared_ptr 5 API calls 17736->17738 17737->17725 17739 7ffc1fd19a6f shared_ptr 17738->17739 17739->17737 17740 7ffc1fd15ba4 shared_ptr 4 API calls 17739->17740 17740->17737 17742 7ffc1fd156a8 std::_Facet_Register 3 API calls 17741->17742 17743 7ffc1fd18b76 17742->17743 17743->17725 17744->17725 17745->17714 17747 7ffc1fd156a8 std::_Facet_Register 3 API calls 17746->17747 17748 7ffc1fd18b11 17747->17748 17748->17728 17750 7ffc1fd1a540 59 API calls 17749->17750 17751 7ffc1fd1f7ad 17750->17751 17752 7ffc1fd1a520 59 API calls 17751->17752 17753 7ffc1fd1f7b6 17752->17753 17753->17730 17755 7ffc1fd1a986 17754->17755 17756 7ffc1fd1a979 17754->17756 17757 7ffc1fd15c04 shared_ptr 5 API calls 17755->17757 17756->17076 17758 7ffc1fd1a992 17757->17758 17758->17756 17759 7ffc1fd1fd40 15 API calls 17758->17759 17760 7ffc1fd1a9aa shared_ptr 17759->17760 17761 7ffc1fd15ba4 shared_ptr 4 API calls 17760->17761 17762 7ffc1fd1a9c3 17761->17762 17762->17076 17763->17076 17764->17078 17809 7ffc1fd0a2cd ReleaseSRWLockShared 17808->17809 17810 7ffc1fd18087 17808->17810 17809->16773 17816 7ffc1fd17ea0 17810->17816 17812 7ffc1fd180b9 17813 7ffc1fd156e4 ISource free 17812->17813 17813->17809 17814 7ffc1fd156e4 ISource free 17815 7ffc1fd18093 17814->17815 17815->17812 17815->17814 17817 7ffc1fd17f3f 17816->17817 17818 7ffc1fd17eca 17816->17818 17817->17815 17818->17817 17819 7ffc1fd156e4 ISource free 17818->17819 17819->17818 17821 7ffc1fd15ff2 RtlLookupFunctionEntry 17820->17821 17822 7ffc1fd15f2f 17821->17822 17823 7ffc1fd16008 RtlVirtualUnwind 17821->17823 17824 7ffc1fd15ed0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17822->17824 17823->17821 17823->17822 17825 7ffc1fcfa1f0 17826 7ffc1fd0d640 2 API calls 17825->17826 17827 7ffc1fcfa2a2 17826->17827 17828 7ffc1fcfa2cd 17827->17828 17830 7ffc1fcf9100 7 API calls 17827->17830 17862 7ffc1fd106f0 17828->17862 17830->17828 17832 7ffc1fcfa321 17865 7ffc1fd04280 17832->17865 17834 7ffc1fcfa31c 17836 7ffc1fd156e4 ISource free 17834->17836 17835 7ffc1fcfa315 _invalid_parameter_noinfo_noreturn 17835->17834 17836->17832 17840 7ffc1fcfa409 17908 7ffc1fcfe0d0 17840->17908 17841 7ffc1fcfa404 17844 7ffc1fd156e4 ISource free 17841->17844 17843 7ffc1fcfa3fd _invalid_parameter_noinfo_noreturn 17843->17841 17844->17840 17845 7ffc1fcfa40e 17846 7ffc1fd04280 13 API calls 17845->17846 17847 7ffc1fcfa424 17846->17847 17922 7ffc1fcff010 17847->17922 17850 7ffc1fcfa48d 17852 7ffc1fd106f0 2 API calls 17850->17852 17851 7ffc1fcfa488 17854 7ffc1fd156e4 ISource free 17851->17854 17856 7ffc1fcfa4a6 17852->17856 17853 7ffc1fcfa481 _invalid_parameter_noinfo_noreturn 17853->17851 17854->17850 17855 7ffc1fcfa4ec 17859 7ffc1fd15e20 _Receive_impl 8 API calls 17855->17859 17856->17855 17857 7ffc1fcfa4e7 17856->17857 17860 7ffc1fcfa4e0 _invalid_parameter_noinfo_noreturn 17856->17860 17858 7ffc1fd156e4 ISource free 17857->17858 17858->17855 17861 7ffc1fcfa609 17859->17861 17860->17857 17863 7ffc1fd0d640 2 API calls 17862->17863 17864 7ffc1fcfa2da 17863->17864 17864->17832 17864->17834 17864->17835 17866 7ffc1fcfa36a 17865->17866 17867 7ffc1fd042ae 17865->17867 17890 7ffc1fcf57c0 17866->17890 17867->17866 17868 7ffc1fd042d3 WideCharToMultiByte 17867->17868 17868->17866 17869 7ffc1fd04305 17868->17869 17870 7ffc1fd04359 17869->17870 17871 7ffc1fd0432f 17869->17871 17874 7ffc1fd0449b Concurrency::cancel_current_task 17869->17874 17873 7ffc1fd156a8 std::_Facet_Register 3 API calls 17870->17873 17871->17874 17875 7ffc1fd0433d 17871->17875 17879 7ffc1fd04342 17873->17879 17959 7ffc1fd03980 ?_Xlength_error@std@@YAXPEBD 17874->17959 17877 7ffc1fd156a8 std::_Facet_Register 3 API calls 17875->17877 17877->17879 17878 7ffc1fd04364 memset 17881 7ffc1fd04389 17878->17881 17879->17878 17880 7ffc1fd04461 _invalid_parameter_noinfo_noreturn 17879->17880 17880->17866 17882 7ffc1fd043a4 WideCharToMultiByte 17881->17882 17883 7ffc1fd04401 17881->17883 17882->17883 17884 7ffc1fd043d0 17882->17884 17886 7ffc1fcf9100 7 API calls 17883->17886 17884->17883 17885 7ffc1fd043d4 WideCharToMultiByte 17884->17885 17885->17883 17887 7ffc1fd0442a 17886->17887 17887->17866 17887->17880 17888 7ffc1fd04451 17887->17888 17889 7ffc1fd156e4 ISource free 17888->17889 17889->17866 17891 7ffc1fcf580c 17890->17891 17892 7ffc1fcf49b0 31 API calls 17891->17892 17893 7ffc1fcf58ec 17892->17893 17894 7ffc1fcf9100 7 API calls 17893->17894 17895 7ffc1fcf591e 17894->17895 17896 7ffc1fd0e5b0 292 API calls 17895->17896 17897 7ffc1fcf5936 17896->17897 17898 7ffc1fcf5977 17897->17898 17899 7ffc1fcf5972 17897->17899 17901 7ffc1fcf596b _invalid_parameter_noinfo_noreturn 17897->17901 17900 7ffc1fcf59be 17898->17900 17903 7ffc1fcf59b9 17898->17903 17906 7ffc1fcf59b2 _invalid_parameter_noinfo_noreturn 17898->17906 17902 7ffc1fd156e4 ISource free 17899->17902 17904 7ffc1fd15e20 _Receive_impl 8 API calls 17900->17904 17901->17899 17902->17898 17907 7ffc1fd156e4 ISource free 17903->17907 17905 7ffc1fcf59cf 17904->17905 17905->17840 17905->17841 17905->17843 17906->17903 17907->17900 17909 7ffc1fcfe0f9 17908->17909 17910 7ffc1fcfe133 17908->17910 17909->17845 17911 7ffc1fd15c04 shared_ptr 5 API calls 17910->17911 17912 7ffc1fcfe13f 17911->17912 17912->17909 17913 7ffc1fcfe148 17912->17913 17914 7ffc1fd156a8 std::_Facet_Register 3 API calls 17913->17914 17915 7ffc1fcfe152 17914->17915 17916 7ffc1fd156a8 std::_Facet_Register 3 API calls 17915->17916 17920 7ffc1fcfe106 shared_ptr 17915->17920 17917 7ffc1fcfe1a8 _Mtx_init_in_situ 17916->17917 17960 7ffc1fcffe60 17917->17960 17919 7ffc1fd15ba4 shared_ptr 4 API calls 17921 7ffc1fcfe126 17919->17921 17920->17919 17921->17845 17923 7ffc1fcff078 memset 17922->17923 17924 7ffc1fcff085 17922->17924 17923->17924 17925 7ffc1fcff091 _Mtx_lock 17924->17925 17926 7ffc1fcff66c 17924->17926 17927 7ffc1fcff6a1 ?_Throw_C_error@std@@YAXH 17925->17927 17935 7ffc1fcff0aa 17925->17935 18125 7ffc1fcfc8d0 17926->18125 17929 7ffc1fcff0ed 18018 7ffc1fcfcd20 17929->18018 17933 7ffc1fcff68f _CxxThrowException 17933->17927 17935->17929 18054 7ffc1fcffb10 17935->18054 17936 7ffc1fcff634 18116 7ffc1fcfca90 17936->18116 17938 7ffc1fcff5c7 _Mtx_unlock 17940 7ffc1fd15e20 _Receive_impl 8 API calls 17938->17940 17942 7ffc1fcfa445 17940->17942 17942->17850 17942->17851 17942->17853 17943 7ffc1fcfd4c0 std::bad_exception::bad_exception 6 API calls 17946 7ffc1fcff11a 17943->17946 17944 7ffc1fcff65a _CxxThrowException 17944->17926 17945 7ffc1fd03ff0 7 API calls 17945->17946 17946->17936 17946->17938 17946->17943 17946->17945 17947 7ffc1fcff5fc _invalid_parameter_noinfo_noreturn 17946->17947 17948 7ffc1fcff603 _invalid_parameter_noinfo_noreturn 17946->17948 17949 7ffc1fcff60a _invalid_parameter_noinfo_noreturn 17946->17949 17950 7ffc1fcff611 _invalid_parameter_noinfo_noreturn 17946->17950 17951 7ffc1fcff618 _invalid_parameter_noinfo_noreturn 17946->17951 17952 7ffc1fcff61f _invalid_parameter_noinfo_noreturn 17946->17952 17953 7ffc1fcff626 _invalid_parameter_noinfo_noreturn 17946->17953 17954 7ffc1fcff62d _invalid_parameter_noinfo_noreturn 17946->17954 17956 7ffc1fd04280 13 API calls 17946->17956 17958 7ffc1fd156e4 free ISource 17946->17958 18036 7ffc1fcf5600 17946->18036 18098 7ffc1fcfcec0 17946->18098 17947->17948 17948->17949 17949->17950 17950->17951 17951->17952 17952->17953 17953->17954 17954->17936 17956->17946 17958->17946 17979 7ffc1fd03d90 GetTempPathW 17960->17979 17963 7ffc1fd156a8 std::_Facet_Register 3 API calls 17964 7ffc1fcffe9c 17963->17964 17972 7ffc1fcfff58 17964->17972 17990 7ffc1fcfd640 17964->17990 17968 7ffc1fcfff53 17971 7ffc1fd156e4 ISource free 17968->17971 17969 7ffc1fcffff6 17973 7ffc1fd15e20 _Receive_impl 8 API calls 17969->17973 17970 7ffc1fcfff4c _invalid_parameter_noinfo_noreturn 17970->17968 17971->17972 17995 7ffc1fcfc830 17972->17995 17977 7ffc1fd00003 17973->17977 17975 7ffc1fcffff1 17976 7ffc1fd156e4 ISource free 17975->17976 17976->17969 17977->17920 17978 7ffc1fcfffea _invalid_parameter_noinfo_noreturn 17978->17975 17980 7ffc1fd03e14 17979->17980 17981 7ffc1fd03de4 GetLastError 17979->17981 17983 7ffc1fd03ea2 17980->17983 17984 7ffc1fd03e3e WideCharToMultiByte 17980->17984 18000 7ffc1fd035d0 17981->18000 17986 7ffc1fcf9100 7 API calls 17983->17986 17984->17983 17985 7ffc1fd03e6d WideCharToMultiByte 17984->17985 17985->17983 17987 7ffc1fd03ed9 17986->17987 17988 7ffc1fd15e20 _Receive_impl 8 API calls 17987->17988 17989 7ffc1fcffe8f 17988->17989 17989->17963 17991 7ffc1fcfd4c0 std::bad_exception::bad_exception 6 API calls 17990->17991 17992 7ffc1fcfd65a 17991->17992 17993 7ffc1fcfd4c0 std::bad_exception::bad_exception 6 API calls 17992->17993 17994 7ffc1fcfd667 17993->17994 17994->17968 17994->17970 17994->17972 17996 7ffc1fcfc8be ?_Xlength_error@std@@YAXPEBD 17995->17996 17997 7ffc1fcfc85d 17995->17997 17998 7ffc1fd156a8 std::_Facet_Register 3 API calls 17997->17998 17999 7ffc1fcfc871 17998->17999 17999->17969 17999->17975 17999->17978 18001 7ffc1fd03646 18000->18001 18001->18001 18002 7ffc1fcf49b0 31 API calls 18001->18002 18003 7ffc1fd0366c 18002->18003 18004 7ffc1fcf9100 7 API calls 18003->18004 18005 7ffc1fd036a8 18004->18005 18006 7ffc1fd0e5b0 290 API calls 18005->18006 18008 7ffc1fd036c0 18006->18008 18007 7ffc1fd03704 18010 7ffc1fd0374b 18007->18010 18011 7ffc1fd03746 18007->18011 18015 7ffc1fd0373f _invalid_parameter_noinfo_noreturn 18007->18015 18008->18007 18009 7ffc1fd036ff 18008->18009 18013 7ffc1fd036f8 _invalid_parameter_noinfo_noreturn 18008->18013 18014 7ffc1fd156e4 ISource free 18009->18014 18012 7ffc1fd15e20 _Receive_impl 8 API calls 18010->18012 18016 7ffc1fd156e4 ISource free 18011->18016 18017 7ffc1fd0375c 18012->18017 18013->18009 18014->18007 18015->18011 18016->18010 18017->17980 18019 7ffc1fcfcd96 18018->18019 18019->18019 18020 7ffc1fcf49b0 31 API calls 18019->18020 18021 7ffc1fcfcdbc 18020->18021 18022 7ffc1fcf9100 7 API calls 18021->18022 18023 7ffc1fcfcdf8 18022->18023 18024 7ffc1fd0e5b0 290 API calls 18023->18024 18025 7ffc1fcfce10 18024->18025 18026 7ffc1fcfce54 18025->18026 18028 7ffc1fcfce4f 18025->18028 18032 7ffc1fcfce48 _invalid_parameter_noinfo_noreturn 18025->18032 18027 7ffc1fcfce9b 18026->18027 18030 7ffc1fcfce96 18026->18030 18033 7ffc1fcfce8f _invalid_parameter_noinfo_noreturn 18026->18033 18031 7ffc1fd15e20 _Receive_impl 8 API calls 18027->18031 18029 7ffc1fd156e4 ISource free 18028->18029 18029->18026 18034 7ffc1fd156e4 ISource free 18030->18034 18035 7ffc1fcfceac 18031->18035 18032->18028 18033->18030 18034->18027 18035->17946 18037 7ffc1fcf564c 18036->18037 18038 7ffc1fcf49b0 31 API calls 18037->18038 18039 7ffc1fcf56cc 18038->18039 18040 7ffc1fcf9100 7 API calls 18039->18040 18041 7ffc1fcf56fe 18040->18041 18042 7ffc1fd0e5b0 290 API calls 18041->18042 18043 7ffc1fcf5716 18042->18043 18044 7ffc1fcf5757 18043->18044 18045 7ffc1fcf5752 18043->18045 18048 7ffc1fcf574b _invalid_parameter_noinfo_noreturn 18043->18048 18046 7ffc1fcf579e 18044->18046 18050 7ffc1fcf5799 18044->18050 18053 7ffc1fcf5792 _invalid_parameter_noinfo_noreturn 18044->18053 18049 7ffc1fd156e4 ISource free 18045->18049 18047 7ffc1fd15e20 _Receive_impl 8 API calls 18046->18047 18052 7ffc1fcf57af 18047->18052 18048->18045 18049->18044 18051 7ffc1fd156e4 ISource free 18050->18051 18051->18046 18052->17946 18053->18050 18055 7ffc1fcffb43 18054->18055 18056 7ffc1fcffced 18054->18056 18057 7ffc1fcffdc3 18055->18057 18058 7ffc1fcffb4d 18055->18058 18059 7ffc1fcfd4c0 std::bad_exception::bad_exception 6 API calls 18056->18059 18062 7ffc1fcfc8d0 31 API calls 18057->18062 18060 7ffc1fcfd4c0 std::bad_exception::bad_exception 6 API calls 18058->18060 18061 7ffc1fcffcf5 18059->18061 18063 7ffc1fcffb55 18060->18063 18064 7ffc1fd03ff0 7 API calls 18061->18064 18065 7ffc1fcffdd3 18062->18065 18134 7ffc1fd03ff0 18063->18134 18067 7ffc1fcffd0d 18064->18067 18068 7ffc1fcfd750 __std_exception_copy 18065->18068 18070 7ffc1fcffd5a 18067->18070 18073 7ffc1fcffd55 18067->18073 18077 7ffc1fcffd4e _invalid_parameter_noinfo_noreturn 18067->18077 18071 7ffc1fcffde0 _CxxThrowException 18068->18071 18072 7ffc1fcffdaa 18070->18072 18074 7ffc1fcffda5 18070->18074 18079 7ffc1fcffd9e _invalid_parameter_noinfo_noreturn 18070->18079 18075 7ffc1fd15e20 _Receive_impl 8 API calls 18072->18075 18078 7ffc1fd156e4 ISource free 18073->18078 18080 7ffc1fd156e4 ISource free 18074->18080 18081 7ffc1fcffdb8 18075->18081 18076 7ffc1fd03ff0 7 API calls 18082 7ffc1fcffb85 18076->18082 18077->18073 18078->18070 18079->18074 18080->18072 18081->17935 18083 7ffc1fd03ff0 7 API calls 18082->18083 18084 7ffc1fcffb9d 18083->18084 18085 7ffc1fcffbf0 18084->18085 18086 7ffc1fcffbeb 18084->18086 18087 7ffc1fcffbe4 _invalid_parameter_noinfo_noreturn 18084->18087 18089 7ffc1fcffc40 18085->18089 18090 7ffc1fcffc39 _invalid_parameter_noinfo_noreturn 18085->18090 18092 7ffc1fcffc45 18085->18092 18088 7ffc1fd156e4 ISource free 18086->18088 18087->18086 18088->18085 18091 7ffc1fd156e4 ISource free 18089->18091 18090->18089 18091->18092 18093 7ffc1fcffc93 18092->18093 18095 7ffc1fcffc98 18092->18095 18096 7ffc1fcffc8c _invalid_parameter_noinfo_noreturn 18092->18096 18094 7ffc1fd156e4 ISource free 18093->18094 18094->18095 18095->18072 18095->18074 18097 7ffc1fcffce6 _invalid_parameter_noinfo_noreturn 18095->18097 18096->18093 18097->18056 18099 7ffc1fcfcf0c 18098->18099 18099->18099 18100 7ffc1fcf49b0 31 API calls 18099->18100 18101 7ffc1fcfcfdd 18100->18101 18102 7ffc1fcf9100 7 API calls 18101->18102 18103 7ffc1fcfd00f 18102->18103 18104 7ffc1fd0e5b0 292 API calls 18103->18104 18105 7ffc1fcfd027 18104->18105 18106 7ffc1fcfd068 18105->18106 18107 7ffc1fcfd063 18105->18107 18110 7ffc1fcfd05c _invalid_parameter_noinfo_noreturn 18105->18110 18108 7ffc1fcfd0af 18106->18108 18112 7ffc1fcfd0aa 18106->18112 18114 7ffc1fcfd0a3 _invalid_parameter_noinfo_noreturn 18106->18114 18111 7ffc1fd156e4 ISource free 18107->18111 18109 7ffc1fd15e20 _Receive_impl 8 API calls 18108->18109 18113 7ffc1fcfd0c0 18109->18113 18110->18107 18111->18106 18115 7ffc1fd156e4 ISource free 18112->18115 18113->17946 18114->18112 18115->18108 18117 7ffc1fcfcae5 18116->18117 18117->18117 18118 7ffc1fcf49b0 31 API calls 18117->18118 18119 7ffc1fcfcb05 18118->18119 18120 7ffc1fd15e20 _Receive_impl 8 API calls 18119->18120 18121 7ffc1fcfcb15 18120->18121 18122 7ffc1fcfd5e0 18121->18122 18123 7ffc1fcfd5f6 __std_exception_copy 18122->18123 18124 7ffc1fcfd5f3 18122->18124 18123->17944 18124->18123 18126 7ffc1fcfc920 18125->18126 18126->18126 18127 7ffc1fcf49b0 31 API calls 18126->18127 18128 7ffc1fcfc940 18127->18128 18129 7ffc1fd15e20 _Receive_impl 8 API calls 18128->18129 18130 7ffc1fcfc950 18129->18130 18131 7ffc1fcfd750 18130->18131 18132 7ffc1fcfd766 __std_exception_copy 18131->18132 18133 7ffc1fcfd763 18131->18133 18132->17933 18133->18132 18135 7ffc1fd0401d 18134->18135 18151 7ffc1fcffb6d 18134->18151 18136 7ffc1fd04039 MultiByteToWideChar 18135->18136 18135->18151 18137 7ffc1fd04060 18136->18137 18136->18151 18138 7ffc1fd04081 18137->18138 18139 7ffc1fd041c0 18137->18139 18141 7ffc1fd0408e memset 18138->18141 18152 7ffc1fd03980 ?_Xlength_error@std@@YAXPEBD 18139->18152 18143 7ffc1fd040bb 18141->18143 18144 7ffc1fd040d4 MultiByteToWideChar 18143->18144 18147 7ffc1fd0411d 18143->18147 18145 7ffc1fd040f5 18144->18145 18144->18147 18146 7ffc1fd040f9 MultiByteToWideChar 18145->18146 18145->18147 18146->18147 18148 7ffc1fd0417f 18147->18148 18149 7ffc1fd04178 _invalid_parameter_noinfo_noreturn 18147->18149 18147->18151 18150 7ffc1fd156e4 ISource free 18148->18150 18149->18148 18150->18151 18151->18076 18153 7ffc1fcfbf60 OutputDebugStringA 18154 7ffc1fd0d640 2 API calls 18153->18154 18155 7ffc1fcfc001 18154->18155 18156 7ffc1fcfc02c 18155->18156 18158 7ffc1fcf9100 7 API calls 18155->18158 18157 7ffc1fd106f0 2 API calls 18156->18157 18159 7ffc1fcfc039 18157->18159 18158->18156 18160 7ffc1fcfc080 18159->18160 18162 7ffc1fcfc07b 18159->18162 18164 7ffc1fcfc074 _invalid_parameter_noinfo_noreturn 18159->18164 18161 7ffc1fd04280 13 API calls 18160->18161 18163 7ffc1fcfc0b0 18161->18163 18165 7ffc1fd156e4 ISource free 18162->18165 18166 7ffc1fcf5600 292 API calls 18163->18166 18164->18162 18165->18160 18167 7ffc1fcfc0d4 18166->18167 18168 7ffc1fcfc11b 18167->18168 18169 7ffc1fcfc116 18167->18169 18171 7ffc1fcfc10f _invalid_parameter_noinfo_noreturn 18167->18171 18170 7ffc1fcfe0d0 296 API calls 18168->18170 18172 7ffc1fd156e4 ISource free 18169->18172 18173 7ffc1fcfc120 18170->18173 18171->18169 18172->18168 18174 7ffc1fd04280 13 API calls 18173->18174 18175 7ffc1fcfc133 18174->18175 18200 7ffc1fcffe00 18175->18200 18178 7ffc1fcfc186 18180 7ffc1fcfc1ae 18178->18180 18183 7ffc1fd15c04 shared_ptr 5 API calls 18178->18183 18179 7ffc1fcfc181 18182 7ffc1fd156e4 ISource free 18179->18182 18205 7ffc1fcf5db0 18180->18205 18181 7ffc1fcfc17a _invalid_parameter_noinfo_noreturn 18181->18179 18182->18178 18185 7ffc1fcfc404 18183->18185 18185->18180 18187 7ffc1fcfc411 18185->18187 18189 7ffc1fd156a8 std::_Facet_Register 3 API calls 18187->18189 18188 7ffc1fd106f0 2 API calls 18190 7ffc1fcfc335 18188->18190 18197 7ffc1fcfc41b shared_ptr 18189->18197 18191 7ffc1fcfc37b 18190->18191 18192 7ffc1fcfc376 18190->18192 18195 7ffc1fcfc36f _invalid_parameter_noinfo_noreturn 18190->18195 18194 7ffc1fd15e20 _Receive_impl 8 API calls 18191->18194 18193 7ffc1fd156e4 ISource free 18192->18193 18193->18191 18196 7ffc1fcfc3e7 18194->18196 18195->18192 18198 7ffc1fd15ba4 shared_ptr 4 API calls 18197->18198 18199 7ffc1fcfc469 18198->18199 18199->18180 18201 7ffc1fcf5600 292 API calls 18200->18201 18202 7ffc1fcffe33 18201->18202 18203 7ffc1fcfc13f 18202->18203 18204 7ffc1fcf9100 7 API calls 18202->18204 18203->18178 18203->18179 18203->18181 18204->18203 18206 7ffc1fcf5e30 18205->18206 18206->18206 18207 7ffc1fcf49b0 31 API calls 18206->18207 18208 7ffc1fcf5e56 18207->18208 18209 7ffc1fcf9100 7 API calls 18208->18209 18210 7ffc1fcf5e8e 18209->18210 18211 7ffc1fd0e5b0 292 API calls 18210->18211 18212 7ffc1fcf5ea6 18211->18212 18213 7ffc1fcf5eea 18212->18213 18214 7ffc1fcf5ee5 18212->18214 18217 7ffc1fcf5ede _invalid_parameter_noinfo_noreturn 18212->18217 18215 7ffc1fcf5f31 18213->18215 18219 7ffc1fcf5f2c 18213->18219 18222 7ffc1fcf5f25 _invalid_parameter_noinfo_noreturn 18213->18222 18218 7ffc1fd156e4 ISource free 18214->18218 18216 7ffc1fd15e20 _Receive_impl 8 API calls 18215->18216 18221 7ffc1fcf5f42 18216->18221 18217->18214 18218->18213 18220 7ffc1fd156e4 ISource free 18219->18220 18220->18215 18221->18188 18222->18219 18223 7ffc1fcfa620 18224 7ffc1fd0d640 2 API calls 18223->18224 18225 7ffc1fcfa699 18224->18225 18226 7ffc1fcfa6be 18225->18226 18228 7ffc1fcf9100 7 API calls 18225->18228 18227 7ffc1fd106f0 2 API calls 18226->18227 18229 7ffc1fcfa6c8 18227->18229 18228->18226 18230 7ffc1fcfa709 18229->18230 18232 7ffc1fcfa704 18229->18232 18233 7ffc1fcfa6fd _invalid_parameter_noinfo_noreturn 18229->18233 18231 7ffc1fd04280 13 API calls 18230->18231 18235 7ffc1fcfa731 18231->18235 18234 7ffc1fd156e4 ISource free 18232->18234 18233->18232 18234->18230 18260 7ffc1fcf59e0 18235->18260 18238 7ffc1fcfa7a5 18240 7ffc1fcfe0d0 296 API calls 18238->18240 18239 7ffc1fcfa7a0 18242 7ffc1fd156e4 ISource free 18239->18242 18243 7ffc1fcfa7aa 18240->18243 18241 7ffc1fcfa799 _invalid_parameter_noinfo_noreturn 18241->18239 18242->18238 18244 7ffc1fd04280 13 API calls 18243->18244 18245 7ffc1fcfa7bd 18244->18245 18278 7ffc1fd003f0 _Mtx_lock 18245->18278 18247 7ffc1fcfa7cc 18248 7ffc1fcfa813 18247->18248 18249 7ffc1fcfa80e 18247->18249 18251 7ffc1fcfa807 _invalid_parameter_noinfo_noreturn 18247->18251 18250 7ffc1fd106f0 2 API calls 18248->18250 18252 7ffc1fd156e4 ISource free 18249->18252 18253 7ffc1fcfa81e 18250->18253 18251->18249 18252->18248 18254 7ffc1fcfa85e 18253->18254 18255 7ffc1fcfa859 18253->18255 18258 7ffc1fcfa852 _invalid_parameter_noinfo_noreturn 18253->18258 18257 7ffc1fd15e20 _Receive_impl 8 API calls 18254->18257 18256 7ffc1fd156e4 ISource free 18255->18256 18256->18254 18259 7ffc1fcfa8c3 18257->18259 18258->18255 18261 7ffc1fcf5a2c 18260->18261 18261->18261 18262 7ffc1fcf49b0 31 API calls 18261->18262 18263 7ffc1fcf5abe 18262->18263 18264 7ffc1fcf9100 7 API calls 18263->18264 18265 7ffc1fcf5af0 18264->18265 18266 7ffc1fd0e5b0 292 API calls 18265->18266 18267 7ffc1fcf5b08 18266->18267 18268 7ffc1fcf5b49 18267->18268 18269 7ffc1fcf5b44 18267->18269 18272 7ffc1fcf5b3d _invalid_parameter_noinfo_noreturn 18267->18272 18270 7ffc1fcf5b90 18268->18270 18274 7ffc1fcf5b8b 18268->18274 18277 7ffc1fcf5b84 _invalid_parameter_noinfo_noreturn 18268->18277 18273 7ffc1fd156e4 ISource free 18269->18273 18271 7ffc1fd15e20 _Receive_impl 8 API calls 18270->18271 18276 7ffc1fcf5ba1 18271->18276 18272->18269 18273->18268 18275 7ffc1fd156e4 ISource free 18274->18275 18275->18270 18276->18238 18276->18239 18276->18241 18277->18274 18279 7ffc1fd005a3 ?_Throw_C_error@std@@YAXH 18278->18279 18280 7ffc1fd00441 18278->18280 18281 7ffc1fd0073f 18279->18281 18282 7ffc1fd005cf 18279->18282 18283 7ffc1fcfd4c0 std::bad_exception::bad_exception 6 API calls 18280->18283 18281->18247 18284 7ffc1fd005d4 18282->18284 18285 7ffc1fd00602 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 18282->18285 18286 7ffc1fd00626 18282->18286 18300 7ffc1fd0044e 18283->18300 18284->18247 18285->18247 18286->18281 18290 7ffc1fcfe540 4 API calls 18286->18290 18287 7ffc1fd00548 _Mtx_unlock 18291 7ffc1fd15e20 _Receive_impl 8 API calls 18287->18291 18288 7ffc1fd00508 18288->18287 18292 7ffc1fd00543 18288->18292 18297 7ffc1fd0053c _invalid_parameter_noinfo_noreturn 18288->18297 18289 7ffc1fcfd4c0 std::bad_exception::bad_exception 6 API calls 18289->18300 18295 7ffc1fd00679 memmove 18290->18295 18296 7ffc1fd00587 18291->18296 18293 7ffc1fd156e4 ISource free 18292->18293 18293->18287 18294 7ffc1fd004aa memcmp 18294->18300 18298 7ffc1fd006b7 18295->18298 18296->18247 18297->18292 18299 7ffc1fd00715 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 18298->18299 18305 7ffc1fcfe680 18298->18305 18299->18247 18300->18288 18300->18289 18300->18294 18302 7ffc1fd00501 _invalid_parameter_noinfo_noreturn 18300->18302 18303 7ffc1fd156e4 ISource free 18300->18303 18302->18288 18303->18300 18306 7ffc1fcfe690 _invalid_parameter_noinfo_noreturn 18305->18306

                                                                                                                                                Executed Functions

                                                                                                                                                Function 00007FFC1FD19CA0 Relevance: 4.9, APIs: 3, Instructions: 353COMMONCrypto
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 827 7ffc1fd19ca0-7ffc1fd19cc2 828 7ffc1fd19d62 827->828 829 7ffc1fd19cc8-7ffc1fd19cef call 7ffc1fd18390 call 7ffc1fd18580 827->829 831 7ffc1fd19d68-7ffc1fd19d8d 828->831 846 7ffc1fd19cf0-7ffc1fd19cf5 829->846 833 7ffc1fd19d93-7ffc1fd19da0 831->833 834 7ffc1fd19e24 831->834 837 7ffc1fd19dd0-7ffc1fd19dd3 833->837 838 7ffc1fd19da2-7ffc1fd19da9 833->838 836 7ffc1fd19e29-7ffc1fd19e4d 834->836 840 7ffc1fd19ee0-7ffc1fd19efd 836->840 841 7ffc1fd19e53-7ffc1fd19e5b 836->841 844 7ffc1fd19ddf 837->844 845 7ffc1fd19dd5-7ffc1fd19ddd call 7ffc1fd156a8 837->845 842 7ffc1fd19daf-7ffc1fd19dba call 7ffc1fd156a8 838->842 843 7ffc1fd1a1c3-7ffc1fd1a1c9 call 7ffc1fcf8ea0 838->843 849 7ffc1fd19f05 840->849 847 7ffc1fd19e60-7ffc1fd19e6a 841->847 865 7ffc1fd19dbc-7ffc1fd19dc8 842->865 866 7ffc1fd19dca _invalid_parameter_noinfo_noreturn 842->866 852 7ffc1fd19de1-7ffc1fd19df6 844->852 845->852 846->831 854 7ffc1fd19cf7-7ffc1fd19cfe 846->854 855 7ffc1fd19e6c 847->855 856 7ffc1fd19e84-7ffc1fd19e92 847->856 858 7ffc1fd19f08-7ffc1fd19f0b 849->858 853 7ffc1fd19e00-7ffc1fd19e17 852->853 853->853 861 7ffc1fd19e19-7ffc1fd19e22 853->861 862 7ffc1fd19d00-7ffc1fd19d21 854->862 863 7ffc1fd19d48-7ffc1fd19d60 call 7ffc1fd18620 854->863 864 7ffc1fd19e6f-7ffc1fd19e71 855->864 869 7ffc1fd19ec0-7ffc1fd19ec4 856->869 870 7ffc1fd19e94-7ffc1fd19e9f 856->870 867 7ffc1fd19f0d-7ffc1fd19f18 call 7ffc1fd08050 858->867 868 7ffc1fd19f5a-7ffc1fd19f68 858->868 861->836 862->863 894 7ffc1fd19d23-7ffc1fd19d31 862->894 863->846 873 7ffc1fd19e73-7ffc1fd19e7b 864->873 874 7ffc1fd19e82 864->874 865->852 866->837 887 7ffc1fd19f1b-7ffc1fd19f1d 867->887 877 7ffc1fd19f6e-7ffc1fd19f71 868->877 878 7ffc1fd1a101-7ffc1fd1a104 868->878 871 7ffc1fd19ed2-7ffc1fd19ed9 869->871 872 7ffc1fd19ec6-7ffc1fd19eca 869->872 870->869 875 7ffc1fd19ea1-7ffc1fd19eb5 870->875 871->847 884 7ffc1fd19edb 871->884 872->871 873->864 886 7ffc1fd19e7d-7ffc1fd19e80 873->886 874->856 875->869 898 7ffc1fd19eb7-7ffc1fd19eba 875->898 880 7ffc1fd1a0ce 877->880 881 7ffc1fd19f77-7ffc1fd19f7a 877->881 882 7ffc1fd1a193-7ffc1fd1a19b 878->882 883 7ffc1fd1a10a-7ffc1fd1a10f 878->883 880->849 888 7ffc1fd19f80-7ffc1fd19f9a call 7ffc1fd26670 881->888 889 7ffc1fd1a098-7ffc1fd1a0ca 881->889 890 7ffc1fd1a19d-7ffc1fd1a1a8 882->890 891 7ffc1fd1a1b0-7ffc1fd1a1c2 882->891 892 7ffc1fd1a111-7ffc1fd1a118 883->892 893 7ffc1fd1a156-7ffc1fd1a16c 883->893 884->840 886->856 895 7ffc1fd19f4c-7ffc1fd19f58 887->895 896 7ffc1fd19f1f-7ffc1fd19f4a 887->896 915 7ffc1fd19f9c-7ffc1fd19fad call 7ffc1fd19b00 call 7ffc1fd26670 888->915 916 7ffc1fd19fb0-7ffc1fd19fb7 888->916 889->880 890->891 900 7ffc1fd1a1aa-7ffc1fd1a1af call 7ffc1fd19780 890->900 901 7ffc1fd1a146-7ffc1fd1a14f 892->901 902 7ffc1fd1a11a-7ffc1fd1a125 892->902 904 7ffc1fd1a16e-7ffc1fd1a181 893->904 905 7ffc1fd1a18a-7ffc1fd1a192 call 7ffc1fd156e4 893->905 894->863 903 7ffc1fd19d33-7ffc1fd19d36 894->903 895->858 896->858 898->869 900->891 901->892 913 7ffc1fd1a151 901->913 902->901 911 7ffc1fd1a127-7ffc1fd1a13b 902->911 903->863 912 7ffc1fd19d38-7ffc1fd19d3c 903->912 904->905 906 7ffc1fd1a183-7ffc1fd1a189 _invalid_parameter_noinfo_noreturn 904->906 905->882 906->905 911->901 924 7ffc1fd1a13d-7ffc1fd1a140 911->924 912->863 918 7ffc1fd19d3e-7ffc1fd19d41 912->918 913->893 915->916 921 7ffc1fd1a08d-7ffc1fd1a090 916->921 922 7ffc1fd19fbd-7ffc1fd19fc7 916->922 918->863 921->889 925 7ffc1fd19fd0-7ffc1fd1a062 922->925 924->901 927 7ffc1fd1a080-7ffc1fd1a087 925->927 928 7ffc1fd1a064-7ffc1fd1a07c 925->928 927->921 927->925 928->927
                                                                                                                                                C-Code - Quality: 48%
                                                                                                                                                			E00007FFC7FFC1FD19CA0(void* __rax, long long __rcx, signed long long __rdx, void* __r9, void* _a8, signed char _a16, long long _a24, long long _a32) {
				char _v72;
				long long _v96;
				intOrPtr _v104;
				intOrPtr _v112;
				long long _v120;
				long long _v128;
				long long _v136;
				signed long long _v144;
				void* _v152;
				void* __rbx;
				void* __rsi;
				void* _t97;
				void* _t102;
				void* _t103;
				signed int _t140;
				signed int _t143;
				void* _t156;
				signed long long _t161;
				intOrPtr _t164;
				intOrPtr* _t191;
				intOrPtr _t192;
				long long _t194;
				signed long long _t196;
				intOrPtr* _t206;
				void* _t219;
				long long _t220;
				long long _t221;
				long long* _t223;
				long long _t224;
				intOrPtr* _t225;
				intOrPtr* _t226;
				intOrPtr* _t228;
				intOrPtr* _t232;
				void* _t234;
				long long _t267;
				intOrPtr* _t270;
				signed long long _t276;
				signed long long _t277;
				intOrPtr* _t278;
				long long* _t279;
				void* _t283;
				long long* _t285;
				long long _t286;
				signed long long _t287;
				signed long long _t289;
				long long* _t296;
				intOrPtr* _t299;
				signed long long _t300;
				void* _t302;
				void* _t303;
				long long* _t304;
				intOrPtr _t306;
				intOrPtr* _t307;

				_a8 = __rcx;
				_t276 = __rdx;
				_t306 =  *((intOrPtr*)(__rdx));
				if ( *((char*)(_t306 + 0x18)) == 0) goto 0x1fd19d62;
				_t4 = _t306 + 8; // -64
				_t97 = E00007FFC7FFC1FD18390(_t219, _t4,  &_v120, _t283);
				_t6 = _t306 + 8; // -64
				E00007FFC7FFC1FD18580(_t97, _t6,  &_v72);
				r13d = 0xffffffff;
				_t220 = _v120;
				if (_t220 == _v72) goto 0x1fd19d68;
				_t232 =  *((intOrPtr*)(_t220 + 0x18));
				if (_t232 == 0) goto 0x1fd19d48;
				_t191 =  *_t232;
				 *((intOrPtr*)(_t191 + 0x18))();
				 *_t191 =  *((intOrPtr*)(_t220 + 0x18));
				 *((long long*)(_t220 + 0x18)) =  *_t191;
				_t192 = _v104;
				if (_t192 == 0) goto 0x1fd19d48;
				_t234 = _t192 + 8;
				asm("lock xadd [ecx], eax");
				if (r13d != 1) goto 0x1fd19d48;
				_t156 = _t234;
				if (_t156 == 0) goto 0x1fd19d48;
				if (_t156 == 0) goto 0x1fd19d48;
				 *((intOrPtr*)( *((intOrPtr*)(_t234 + 0xfffffff8))))();
				_t102 = E00007FFC7FFC1FD18620(_v112);
				_t194 = _v120;
				_t221 =  *((intOrPtr*)(_t194 + 8));
				_v120 = _t221;
				goto 0x1fd19cf0;
				r13d = 0xffffffff;
				 *_t276 = 0;
				_v152 = _t306;
				asm("xorps xmm0, xmm0");
				asm("movdqu [esp+0x28], xmm0");
				_v128 = 0;
				if (_t221 == 0) goto 0x1fd19e24;
				_t277 = _t276 << 4;
				if (_t277 - 0x1000 < 0) goto 0x1fd19dd0;
				if (_t277 + 0x27 - _t277 <= 0) goto 0x1fd1a1c3;
				_t103 = E00007FFC7FFC1FD156A8(_t102, _t194, _t277 + 0x27);
				if (_t194 == 0) goto 0x1fd19dca;
				_t196 = _t194 + 0x00000027 & 0xffffffe0;
				 *((long long*)(_t196 - 8)) = _t194;
				goto 0x1fd19de1;
				__imp___invalid_parameter_noinfo_noreturn();
				_t161 = _t277;
				if (_t161 == 0) goto 0x1fd19ddf;
				E00007FFC7FFC1FD156A8(_t103, _t196, _t277);
				goto 0x1fd19de1;
				_v144 = _t196;
				_v128 = _t196 + _t277;
				asm("o16 nop [eax+eax]");
				 *_t196 = 0;
				 *((long long*)(_t196 + 8)) = 0;
				if (_t161 != 0) goto 0x1fd19e00;
				_v136 = _t196 + 0x10;
				goto 0x1fd19e29;
				_t285 = _v144;
				_t304 = _t285;
				_v96 = _t285;
				_t307 = _t306 + 0x20;
				r12d =  *(_t306 + 0x10);
				_t302 = (_t300 << 4) + _t307;
				_t223 = _t285;
				_a24 = _t223;
				if (_t307 == _t302) goto 0x1fd19ee0;
				_a24 = _t223;
				r8d = 0;
				_t267 =  *((intOrPtr*)(_t307 + 8));
				if (_t267 == 0) goto 0x1fd19e84;
				_t164 =  *((intOrPtr*)(_t267 + 8));
				if (_t164 == 0) goto 0x1fd19e82;
				asm("lock cmpxchg [edx+0x8], ecx");
				if (_t164 != 0) goto 0x1fd19e6f;
				goto 0x1fd19e84;
				 *_t223 =  *_t307;
				_t278 =  *((intOrPtr*)(_t223 + 8));
				 *((long long*)(_t223 + 8)) = _t267;
				if (_t278 == 0) goto 0x1fd19ec0;
				asm("lock xadd [edi+0x8], eax");
				if (r13d != 1) goto 0x1fd19ec0;
				 *((intOrPtr*)( *_t278 + 8))();
				asm("lock xadd [edi+0xc], eax");
				if (r13d != 1) goto 0x1fd19ec0;
				 *((intOrPtr*)( *_t278 + 0x10))();
				if ( *_t223 == 0) goto 0x1fd19ed2;
				_t224 = _t223 + 0x10;
				_a24 = _t224;
				if (_t307 + 0x10 != _t302) goto 0x1fd19e60;
				_t286 = _v144;
				r12b = (_t224 - _t286 & 0xfffffff0) - 0x10 <= 0;
				_a16 = r12b;
				_t279 = _t286;
				_a32 = _t286;
				r15b = 1;
				if (_t279 == _t224) goto 0x1fd19f5a;
				if ( *((intOrPtr*)( *((intOrPtr*)( *_t279)) + 0x18))() == 0) goto 0x1fd19f4c;
				_t225 = _t224 - 0x10;
				_a24 = _t225;
				 *_t225 =  *_t279;
				 *_t279 =  *_t225;
				 *((long long*)(_t279 + 8)) =  *((intOrPtr*)(_t225 + 8));
				 *((long long*)(_t225 + 8)) =  *((intOrPtr*)(_t279 + 8));
				r15b = 0;
				goto 0x1fd19f08;
				_a32 = _t279 + 0x10;
				goto 0x1fd19f08;
				_a32 = _t304;
				if (_t304 == _t225) goto 0x1fd1a101;
				if (r15b == 0) goto 0x1fd1a0ce;
				if (r12b != 0) goto 0x1fd1a098;
				_t206 = _a8;
				E00007FFC7FFC1FD26670(_t206);
				if (_t206 != 0) goto 0x1fd19fb0;
				E00007FFC7FFC1FD19B00( *(_t306 + 0x10), _t206, _t225,  *_t206,  *_t307, __r9);
				E00007FFC7FFC1FD26670(_t206);
				_t299 = _t206;
				_t296 = _t304 + 0x10;
				if (_t296 == _t225) goto 0x1fd1a08d;
				asm("o16 nop [eax+eax]");
				_t140 =  *(_t299 + 8);
				r9d = _t140;
				r9d = r9d >> 0xd;
				r9d = r9d ^ _t140 & 0x0007ffc0;
				r9d = r9d >> 6;
				r9d = r9d ^ (_t140 & 0xfffffffe) << 0x0000000c;
				 *(_t299 + 8) = r9d;
				_t143 =  *(_t299 + 0xc);
				r8d = _t143;
				r8d = r8d & 0x3f800000;
				r8d = r8d ^ _t143 >> 0x00000002;
				r8d = r8d >> 0x17;
				r8d = r8d ^ (_t143 & 0xfffffff8) << 0x00000004;
				 *(_t299 + 0xc) = r8d;
				 *(_t299 + 0x10) = ( *(_t299 + 0x10) >> 0x00000003 ^  *(_t299 + 0x10) & 0x1fffff00) >> 0x00000008 ^ ( *(_t299 + 0x10) & 0xfffffff0) << 0x00000011;
				asm("dec eax");
				_t270 = ( &_v152 << 4) + _t304;
				if (_t270 == _t296) goto 0x1fd1a080;
				 *_t270 =  *_t296;
				 *_t296 =  *_t270;
				 *((long long*)(_t296 + 8)) =  *((intOrPtr*)(_t270 + 8));
				 *((long long*)(_t270 + 8)) =  *((intOrPtr*)(_t296 + 8));
				if (_t296 + 0x10 != _t225) goto 0x1fd19fd0;
				r12b = 1;
				_a16 = r12b;
				 *((intOrPtr*)( *((intOrPtr*)( *_t304)) + 0x10))();
				_t226 = _t225 - 0x10;
				_a24 = _t226;
				 *_t226 =  *_t304;
				 *_t304 =  *_t226;
				 *((long long*)(_t304 + 8)) =  *((intOrPtr*)(_t226 + 8));
				 *((long long*)(_t226 + 8)) =  *((intOrPtr*)(_t304 + 8));
				r13d = 0xffffffff;
				_t287 = _v144;
				r12d = _a16 & 0x000000ff;
				goto 0x1fd19f05;
				if (_t287 == 0) goto 0x1fd1a193;
				if (_t287 == _v136) goto 0x1fd1a156;
				_t228 =  *((intOrPtr*)(_t287 + 8));
				if (_t228 == 0) goto 0x1fd1a146;
				asm("lock xadd [ebx+0x8], eax");
				if (r13d != 1) goto 0x1fd1a146;
				 *((intOrPtr*)( *_t228 + 8))();
				asm("lock xadd [ebx+0xc], eax");
				if (r13d != 1) goto 0x1fd1a146;
				 *((intOrPtr*)( *_t228 + 0x10))();
				if (_t287 + 0x10 != _v136) goto 0x1fd1a111;
				_t289 = _v144;
				if ((_v128 - _t289 & 0xfffffff0) - 0x1000 < 0) goto 0x1fd1a18a;
				if (_t289 -  *((intOrPtr*)(_t289 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fd1a18a;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				if (_v152 == 0) goto 0x1fd1a1b0;
				asm("lock inc esp");
				if (_t303 - 1 != 0) goto 0x1fd1a1b0;
				return E00007FFC7FFC1FD19780(_t228, _v152,  *((intOrPtr*)(_t289 - 8)));
			}
























































                                                                                                                                                0x7ffc1fd19ca0
                                                                                                                                                0x7ffc1fd19cb7
                                                                                                                                                0x7ffc1fd19cba
                                                                                                                                                0x7ffc1fd19cc2
                                                                                                                                                0x7ffc1fd19ccd
                                                                                                                                                0x7ffc1fd19cd1
                                                                                                                                                0x7ffc1fd19cdb
                                                                                                                                                0x7ffc1fd19cdf
                                                                                                                                                0x7ffc1fd19ce4
                                                                                                                                                0x7ffc1fd19cea
                                                                                                                                                0x7ffc1fd19cf5
                                                                                                                                                0x7ffc1fd19cf7
                                                                                                                                                0x7ffc1fd19cfe
                                                                                                                                                0x7ffc1fd19d00
                                                                                                                                                0x7ffc1fd19d08
                                                                                                                                                0x7ffc1fd19d12
                                                                                                                                                0x7ffc1fd19d15
                                                                                                                                                0x7ffc1fd19d19
                                                                                                                                                0x7ffc1fd19d21
                                                                                                                                                0x7ffc1fd19d23
                                                                                                                                                0x7ffc1fd19d2a
                                                                                                                                                0x7ffc1fd19d31
                                                                                                                                                0x7ffc1fd19d33
                                                                                                                                                0x7ffc1fd19d36
                                                                                                                                                0x7ffc1fd19d3c
                                                                                                                                                0x7ffc1fd19d46
                                                                                                                                                0x7ffc1fd19d4d
                                                                                                                                                0x7ffc1fd19d52
                                                                                                                                                0x7ffc1fd19d57
                                                                                                                                                0x7ffc1fd19d5b
                                                                                                                                                0x7ffc1fd19d60
                                                                                                                                                0x7ffc1fd19d62
                                                                                                                                                0x7ffc1fd19d68
                                                                                                                                                0x7ffc1fd19d6f
                                                                                                                                                0x7ffc1fd19d78
                                                                                                                                                0x7ffc1fd19d7b
                                                                                                                                                0x7ffc1fd19d81
                                                                                                                                                0x7ffc1fd19d8d
                                                                                                                                                0x7ffc1fd19d95
                                                                                                                                                0x7ffc1fd19da0
                                                                                                                                                0x7ffc1fd19da9
                                                                                                                                                0x7ffc1fd19daf
                                                                                                                                                0x7ffc1fd19dba
                                                                                                                                                0x7ffc1fd19dc0
                                                                                                                                                0x7ffc1fd19dc4
                                                                                                                                                0x7ffc1fd19dc8
                                                                                                                                                0x7ffc1fd19dca
                                                                                                                                                0x7ffc1fd19dd0
                                                                                                                                                0x7ffc1fd19dd3
                                                                                                                                                0x7ffc1fd19dd8
                                                                                                                                                0x7ffc1fd19ddd
                                                                                                                                                0x7ffc1fd19de8
                                                                                                                                                0x7ffc1fd19ded
                                                                                                                                                0x7ffc1fd19df6
                                                                                                                                                0x7ffc1fd19e00
                                                                                                                                                0x7ffc1fd19e07
                                                                                                                                                0x7ffc1fd19e17
                                                                                                                                                0x7ffc1fd19e19
                                                                                                                                                0x7ffc1fd19e22
                                                                                                                                                0x7ffc1fd19e24
                                                                                                                                                0x7ffc1fd19e29
                                                                                                                                                0x7ffc1fd19e2c
                                                                                                                                                0x7ffc1fd19e31
                                                                                                                                                0x7ffc1fd19e35
                                                                                                                                                0x7ffc1fd19e3c
                                                                                                                                                0x7ffc1fd19e3f
                                                                                                                                                0x7ffc1fd19e42
                                                                                                                                                0x7ffc1fd19e4d
                                                                                                                                                0x7ffc1fd19e53
                                                                                                                                                0x7ffc1fd19e60
                                                                                                                                                0x7ffc1fd19e63
                                                                                                                                                0x7ffc1fd19e6a
                                                                                                                                                0x7ffc1fd19e6f
                                                                                                                                                0x7ffc1fd19e71
                                                                                                                                                0x7ffc1fd19e76
                                                                                                                                                0x7ffc1fd19e7b
                                                                                                                                                0x7ffc1fd19e80
                                                                                                                                                0x7ffc1fd19e84
                                                                                                                                                0x7ffc1fd19e87
                                                                                                                                                0x7ffc1fd19e8b
                                                                                                                                                0x7ffc1fd19e92
                                                                                                                                                0x7ffc1fd19e97
                                                                                                                                                0x7ffc1fd19e9f
                                                                                                                                                0x7ffc1fd19ea7
                                                                                                                                                0x7ffc1fd19ead
                                                                                                                                                0x7ffc1fd19eb5
                                                                                                                                                0x7ffc1fd19ebd
                                                                                                                                                0x7ffc1fd19ec4
                                                                                                                                                0x7ffc1fd19ec6
                                                                                                                                                0x7ffc1fd19eca
                                                                                                                                                0x7ffc1fd19ed9
                                                                                                                                                0x7ffc1fd19edb
                                                                                                                                                0x7ffc1fd19eee
                                                                                                                                                0x7ffc1fd19ef2
                                                                                                                                                0x7ffc1fd19efa
                                                                                                                                                0x7ffc1fd19efd
                                                                                                                                                0x7ffc1fd19f05
                                                                                                                                                0x7ffc1fd19f0b
                                                                                                                                                0x7ffc1fd19f1d
                                                                                                                                                0x7ffc1fd19f1f
                                                                                                                                                0x7ffc1fd19f23
                                                                                                                                                0x7ffc1fd19f31
                                                                                                                                                0x7ffc1fd19f34
                                                                                                                                                0x7ffc1fd19f3f
                                                                                                                                                0x7ffc1fd19f43
                                                                                                                                                0x7ffc1fd19f47
                                                                                                                                                0x7ffc1fd19f4a
                                                                                                                                                0x7ffc1fd19f50
                                                                                                                                                0x7ffc1fd19f58
                                                                                                                                                0x7ffc1fd19f5d
                                                                                                                                                0x7ffc1fd19f68
                                                                                                                                                0x7ffc1fd19f71
                                                                                                                                                0x7ffc1fd19f7a
                                                                                                                                                0x7ffc1fd19f80
                                                                                                                                                0x7ffc1fd19f8f
                                                                                                                                                0x7ffc1fd19f9a
                                                                                                                                                0x7ffc1fd19f9f
                                                                                                                                                0x7ffc1fd19fa8
                                                                                                                                                0x7ffc1fd19fad
                                                                                                                                                0x7ffc1fd19fb0
                                                                                                                                                0x7ffc1fd19fb7
                                                                                                                                                0x7ffc1fd19fc7
                                                                                                                                                0x7ffc1fd19fd0
                                                                                                                                                0x7ffc1fd19fd4
                                                                                                                                                0x7ffc1fd19fd7
                                                                                                                                                0x7ffc1fd19fe2
                                                                                                                                                0x7ffc1fd19fe5
                                                                                                                                                0x7ffc1fd19fef
                                                                                                                                                0x7ffc1fd19ff2
                                                                                                                                                0x7ffc1fd19ff6
                                                                                                                                                0x7ffc1fd19ffa
                                                                                                                                                0x7ffc1fd19ffd
                                                                                                                                                0x7ffc1fd1a009
                                                                                                                                                0x7ffc1fd1a00c
                                                                                                                                                0x7ffc1fd1a016
                                                                                                                                                0x7ffc1fd1a019
                                                                                                                                                0x7ffc1fd1a03b
                                                                                                                                                0x7ffc1fd1a053
                                                                                                                                                0x7ffc1fd1a05c
                                                                                                                                                0x7ffc1fd1a062
                                                                                                                                                0x7ffc1fd1a06a
                                                                                                                                                0x7ffc1fd1a06d
                                                                                                                                                0x7ffc1fd1a078
                                                                                                                                                0x7ffc1fd1a07c
                                                                                                                                                0x7ffc1fd1a087
                                                                                                                                                0x7ffc1fd1a08d
                                                                                                                                                0x7ffc1fd1a090
                                                                                                                                                0x7ffc1fd1a0a3
                                                                                                                                                0x7ffc1fd1a0a6
                                                                                                                                                0x7ffc1fd1a0aa
                                                                                                                                                0x7ffc1fd1a0b8
                                                                                                                                                0x7ffc1fd1a0bb
                                                                                                                                                0x7ffc1fd1a0c6
                                                                                                                                                0x7ffc1fd1a0ca
                                                                                                                                                0x7ffc1fd1a0d3
                                                                                                                                                0x7ffc1fd1a0d9
                                                                                                                                                0x7ffc1fd1a0eb
                                                                                                                                                0x7ffc1fd1a0fc
                                                                                                                                                0x7ffc1fd1a104
                                                                                                                                                0x7ffc1fd1a10f
                                                                                                                                                0x7ffc1fd1a111
                                                                                                                                                0x7ffc1fd1a118
                                                                                                                                                0x7ffc1fd1a11d
                                                                                                                                                0x7ffc1fd1a125
                                                                                                                                                0x7ffc1fd1a12d
                                                                                                                                                0x7ffc1fd1a133
                                                                                                                                                0x7ffc1fd1a13b
                                                                                                                                                0x7ffc1fd1a143
                                                                                                                                                0x7ffc1fd1a14f
                                                                                                                                                0x7ffc1fd1a151
                                                                                                                                                0x7ffc1fd1a16c
                                                                                                                                                0x7ffc1fd1a181
                                                                                                                                                0x7ffc1fd1a183
                                                                                                                                                0x7ffc1fd1a189
                                                                                                                                                0x7ffc1fd1a18d
                                                                                                                                                0x7ffc1fd1a19b
                                                                                                                                                0x7ffc1fd1a19d
                                                                                                                                                0x7ffc1fd1a1a8
                                                                                                                                                0x7ffc1fd1a1c2

                                                                                                                                                APIs
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,-00000048,?,?,?,00000000), ref: 00007FFC1FD19DCA
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3668304517-0
                                                                                                                                                • Opcode ID: f9f3f1f0bf61b3e3777ae63e9082cabff50ef6bf8633eb60f008c8dbe202ed4d
                                                                                                                                                • Instruction ID: 78ac2d2a48937dd4a2b08fe363cd337d55661b1fa52aca165bb300d5366f57e2
                                                                                                                                                • Opcode Fuzzy Hash: f9f3f1f0bf61b3e3777ae63e9082cabff50ef6bf8633eb60f008c8dbe202ed4d
                                                                                                                                                • Instruction Fuzzy Hash: 06E1BE32A09E6982EB58DF25D48037D73A0FB85BB4F188231DA6E47794DF38D861C790
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD0E600 Relevance: 46.1, APIs: 17, Strings: 9, Instructions: 637stringCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 0 7ffc1fd0e600-7ffc1fd0e65a call 7ffc1fd15430 3 7ffc1fd0e660-7ffc1fd0e6d7 call 7ffc1fd11790 call 7ffc1fd0d640 call 7ffc1fd117c0 0->3 4 7ffc1fd0f013-7ffc1fd0f05a call 7ffc1fd1543c strerror 0->4 17 7ffc1fd0e6dc-7ffc1fd0e6fd 3->17 18 7ffc1fd0e6d9 3->18 10 7ffc1fd0f060-7ffc1fd0f067 4->10 10->10 11 7ffc1fd0f069-7ffc1fd0f079 call 7ffc1fcf9100 10->11 19 7ffc1fd0e6ff 17->19 20 7ffc1fd0e702-7ffc1fd0e71c 17->20 18->17 19->20 21 7ffc1fd0e71e 20->21 22 7ffc1fd0e721-7ffc1fd0e78c call 7ffc1fcf49b0 20->22 21->22 25 7ffc1fd0e7ad-7ffc1fd0e7db 22->25 26 7ffc1fd0e78e-7ffc1fd0e7a6 call 7ffc1fd0bd30 22->26 28 7ffc1fd0e7dd-7ffc1fd0e7f2 call 7ffc1fd156a8 25->28 29 7ffc1fd0e7f9-7ffc1fd0e824 25->29 26->25 28->29 30 7ffc1fd0e85d-7ffc1fd0e880 29->30 31 7ffc1fd0e826-7ffc1fd0e83a 29->31 36 7ffc1fd0e882-7ffc1fd0e893 30->36 37 7ffc1fd0e8b6-7ffc1fd0e8c1 30->37 34 7ffc1fd0e83c-7ffc1fd0e84f 31->34 35 7ffc1fd0e858 call 7ffc1fd156e4 31->35 34->35 39 7ffc1fd0e851-7ffc1fd0e857 _invalid_parameter_noinfo_noreturn 34->39 35->30 41 7ffc1fd0e8b1 call 7ffc1fd156e4 36->41 42 7ffc1fd0e895-7ffc1fd0e8a8 36->42 43 7ffc1fd0e967-7ffc1fd0e97c _Mtx_unlock 37->43 44 7ffc1fd0e8c7-7ffc1fd0e8ce 37->44 39->35 41->37 42->41 45 7ffc1fd0e8aa-7ffc1fd0e8b0 _invalid_parameter_noinfo_noreturn 42->45 46 7ffc1fd0e982-7ffc1fd0e9be AcquireSRWLockShared call 7ffc1fd199b0 call 7ffc1fd18020 call 7ffc1fd180e0 43->46 47 7ffc1fd0efe9-7ffc1fd0f012 call 7ffc1fd15e20 43->47 49 7ffc1fd0e8d0-7ffc1fd0e8f0 44->49 45->41 65 7ffc1fd0e9e1 46->65 71 7ffc1fd0e9c0-7ffc1fd0e9d8 46->71 52 7ffc1fd0e922-7ffc1fd0e943 49->52 53 7ffc1fd0e8f2-7ffc1fd0e8ff 49->53 56 7ffc1fd0e945-7ffc1fd0e948 52->56 57 7ffc1fd0e94a-7ffc1fd0e951 52->57 54 7ffc1fd0e91d call 7ffc1fd156e4 53->54 55 7ffc1fd0e901-7ffc1fd0e914 53->55 54->52 60 7ffc1fd0e9da-7ffc1fd0e9e0 _invalid_parameter_noinfo_noreturn 55->60 61 7ffc1fd0e91a 55->61 63 7ffc1fd0e954-7ffc1fd0e961 56->63 57->63 60->65 61->54 63->43 63->49 67 7ffc1fd0e9e4-7ffc1fd0ea3f call 7ffc1fd1a540 call 7ffc1fd18120 call 7ffc1fd11260 call 7ffc1fd02ca0 65->67 79 7ffc1fd0ea5d-7ffc1fd0ea7c call 7ffc1fcf2190 67->79 80 7ffc1fd0ea41-7ffc1fd0ea50 67->80 71->67 85 7ffc1fd0ea7f-7ffc1fd0ead6 call 7ffc1fd08800 call 7ffc1fd180e0 79->85 82 7ffc1fd0ea52 80->82 83 7ffc1fd0ea55-7ffc1fd0ea5b 80->83 82->83 83->85 90 7ffc1fd0ead8-7ffc1fd0eb08 85->90 91 7ffc1fd0eb0a 85->91 92 7ffc1fd0eb0d-7ffc1fd0eb42 call 7ffc1fd177f0 call 7ffc1fd18120 90->92 91->92 97 7ffc1fd0eb6c-7ffc1fd0eb74 92->97 98 7ffc1fd0eb44-7ffc1fd0eb51 92->98 99 7ffc1fd0eb76-7ffc1fd0eb87 97->99 100 7ffc1fd0ebab-7ffc1fd0ebb6 97->100 98->97 101 7ffc1fd0eb53-7ffc1fd0eb61 98->101 103 7ffc1fd0eba5-7ffc1fd0ebaa call 7ffc1fd156e4 99->103 104 7ffc1fd0eb89-7ffc1fd0eb9c 99->104 105 7ffc1fd0ebf0-7ffc1fd0ebfb 100->105 106 7ffc1fd0ebb8-7ffc1fd0ebcc 100->106 101->97 102 7ffc1fd0eb63-7ffc1fd0eb6b 101->102 102->97 103->100 104->103 109 7ffc1fd0eb9e-7ffc1fd0eba4 _invalid_parameter_noinfo_noreturn 104->109 107 7ffc1fd0ebfd-7ffc1fd0ec11 105->107 108 7ffc1fd0ec34-7ffc1fd0ec58 105->108 111 7ffc1fd0ebce-7ffc1fd0ebe1 106->111 112 7ffc1fd0ebea-7ffc1fd0ebef call 7ffc1fd156e4 106->112 114 7ffc1fd0ec2f call 7ffc1fd156e4 107->114 115 7ffc1fd0ec13-7ffc1fd0ec26 107->115 116 7ffc1fd0ec91-7ffc1fd0ecb3 108->116 117 7ffc1fd0ec5a-7ffc1fd0ec6e 108->117 109->103 111->112 119 7ffc1fd0ebe3-7ffc1fd0ebe9 _invalid_parameter_noinfo_noreturn 111->119 112->105 114->108 115->114 122 7ffc1fd0ec28-7ffc1fd0ec2e _invalid_parameter_noinfo_noreturn 115->122 126 7ffc1fd0eccd-7ffc1fd0ecde call 7ffc1fd180e0 116->126 127 7ffc1fd0ecb5-7ffc1fd0ecc9 116->127 124 7ffc1fd0ec8c call 7ffc1fd156e4 117->124 125 7ffc1fd0ec70-7ffc1fd0ec83 117->125 119->112 122->114 124->116 125->124 129 7ffc1fd0ec85-7ffc1fd0ec8b _invalid_parameter_noinfo_noreturn 125->129 132 7ffc1fd0ecfd 126->132 133 7ffc1fd0ece0-7ffc1fd0ecfb 126->133 127->126 129->124 134 7ffc1fd0ed00-7ffc1fd0ed30 call 7ffc1fd177f0 call 7ffc1fd18120 132->134 133->134 139 7ffc1fd0ed32-7ffc1fd0ed3f 134->139 140 7ffc1fd0ed5b-7ffc1fd0ed78 call 7ffc1fd0d640 call 7ffc1fd180e0 134->140 139->140 141 7ffc1fd0ed41-7ffc1fd0ed4f 139->141 147 7ffc1fd0ed9c-7ffc1fd0ed9e 140->147 148 7ffc1fd0ed7a-7ffc1fd0ed9a call 7ffc1fcfd4c0 140->148 141->140 143 7ffc1fd0ed51-7ffc1fd0ed54 141->143 143->140 150 7ffc1fd0eda0-7ffc1fd0eda3 147->150 148->150 152 7ffc1fd0edaf-7ffc1fd0eddf call 7ffc1fd177f0 call 7ffc1fd18120 150->152 153 7ffc1fd0eda5-7ffc1fd0edaa 150->153 158 7ffc1fd0ede1-7ffc1fd0edee 152->158 159 7ffc1fd0ee0a-7ffc1fd0ee16 call 7ffc1fd19ac0 152->159 153->152 158->159 161 7ffc1fd0edf0-7ffc1fd0edfe 158->161 164 7ffc1fd0ee18-7ffc1fd0ee39 call 7ffc1fd1a9d0 call 7ffc1fd19c80 159->164 165 7ffc1fd0ee3b-7ffc1fd0ee3e 159->165 161->159 163 7ffc1fd0ee00-7ffc1fd0ee03 161->163 163->159 167 7ffc1fd0ee43-7ffc1fd0ee46 164->167 165->167 169 7ffc1fd0ee4c-7ffc1fd0ef05 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z call 7ffc1fd0e130 call 7ffc1fd1dc80 167->169 170 7ffc1fd0efc7-7ffc1fd0efca 167->170 183 7ffc1fd0ef30-7ffc1fd0ef36 169->183 184 7ffc1fd0ef07-7ffc1fd0ef0b 169->184 171 7ffc1fd0efcc-7ffc1fd0efd1 call 7ffc1fd197f0 170->171 172 7ffc1fd0efd6-7ffc1fd0efe4 call 7ffc1fd0a280 ReleaseSRWLockShared 170->172 171->172 172->47 187 7ffc1fd0ef3d-7ffc1fd0ef44 call 7ffc1fd0d2c0 183->187 185 7ffc1fd0ef0d-7ffc1fd0ef11 184->185 186 7ffc1fd0ef21-7ffc1fd0ef2e 184->186 188 7ffc1fd0ef13-7ffc1fd0ef1f 185->188 189 7ffc1fd0ef49-7ffc1fd0ef52 185->189 186->187 187->189 188->187 191 7ffc1fd0ef54 189->191 192 7ffc1fd0ef57-7ffc1fd0ef7d call 7ffc1fd0d2c0 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ call 7ffc1fd19ca0 189->192 191->192 196 7ffc1fd0ef82-7ffc1fd0ef98 call 7ffc1fd1dc10 192->196 199 7ffc1fd0efa7-7ffc1fd0efc2 ??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ 196->199 200 7ffc1fd0ef9a-7ffc1fd0efa1 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ 196->200 199->170 200->199
                                                                                                                                                C-Code - Quality: 33%
                                                                                                                                                			E00007FFC7FFC1FD0E600(void* __eax, void* __ecx, intOrPtr __edx, long long __rbx, void* __rcx, signed int __rdx, void* __r8, long long __r9) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* __r13;
				void* __r14;
				void* __r15;
				void* _t191;
				signed int _t215;
				void* _t234;
				void* _t242;
				void* _t269;
				void* _t286;
				long long _t322;
				signed long long _t328;
				signed long long _t338;
				signed long long _t339;
				long long _t341;
				intOrPtr _t350;
				long long _t352;
				long long* _t353;
				long long* _t357;
				intOrPtr _t358;
				long long* _t372;
				intOrPtr _t374;
				long long _t375;
				intOrPtr _t377;
				intOrPtr* _t378;
				signed int _t389;
				char* _t390;
				long long _t393;
				intOrPtr _t409;
				intOrPtr _t411;
				signed long long _t412;
				intOrPtr _t414;
				intOrPtr _t419;
				intOrPtr* _t443;
				intOrPtr _t450;
				signed long long _t451;
				intOrPtr* _t456;
				intOrPtr* _t461;
				long long _t465;
				long long _t488;
				long long _t489;
				intOrPtr _t490;
				intOrPtr _t493;
				signed long long _t496;
				intOrPtr _t497;
				signed long long _t501;
				intOrPtr _t506;
				intOrPtr _t509;
				intOrPtr _t512;
				intOrPtr _t515;
				intOrPtr _t518;
				intOrPtr _t521;
				void* _t534;
				long long _t536;
				void* _t538;
				long long _t540;
				void* _t542;
				void* _t543;
				void* _t545;
				signed long long _t546;
				intOrPtr _t552;
				char* _t564;
				void* _t565;
				void* _t567;
				void* _t568;
				void* _t571;
				intOrPtr* _t572;
				void* _t575;
				void* _t576;

				 *((long long*)(_t545 + 0x10)) = __rbx;
				_t543 = _t545 - 0x280;
				_t546 = _t545 - 0x380;
				_t328 =  *0x1fd3ec78; // 0x18cf064c5a8d
				 *(_t543 + 0x270) = _t328 ^ _t546;
				 *((long long*)(_t546 + 0x48)) = __r9;
				_t568 = __r8;
				r12d = __edx;
				_t576 = __rcx;
				_t572 =  *((intOrPtr*)(_t543 + 0x2e0));
				 *((long long*)(_t543 - 0x50)) = 0x1fd41b20;
				0x1fd15430();
				if (__eax != 0) goto 0x1fd0f013;
				E00007FFC7FFC1FD11790(__eax, 0x1fd41b20, __rdx);
				_t388 = (__rdx >> 7) + (__rdx >> 7 >> 0x3f);
				_t540 = 0x1fd41b20 - ((__rdx >> 7) + (__rdx >> 7 >> 0x3f)) * 0x3e8;
				E00007FFC7FFC1FD0D640((__rdx >> 7) + (__rdx >> 7 >> 0x3f), ((__rdx >> 7) + (__rdx >> 7 >> 0x3f)) * 0x3e8, __r8);
				 *((long long*)(_t543 + 0x40)) = 0xe353f7cf;
				 *((long long*)(_t543 + 0x58)) = 0xf;
				 *((long long*)(_t543 + 0x50)) = 2;
				 *((short*)(_t543 + 0x40)) = 0x5425;
				 *((char*)(_t543 + 0x42)) = 0;
				E00007FFC7FFC1FD117C0(_t388, _t543 + 0x80, _t388, _t543 + 0x40); // executed
				if ( *((long long*)(0x20c49ba5e353f7e7)) - 0x10 < 0) goto 0x1fd0e6dc;
				 *((long long*)(_t543 + 0xe0)) =  *0xe353f7cf;
				 *((long long*)(_t543 + 0xe8)) =  *((intOrPtr*)(0x20c49ba5e353f7df));
				 *((long long*)(_t543 + 0xf0)) = _t540;
				if ( *((long long*)(0x20c49ba5e353f7e7)) - 0x10 < 0) goto 0x1fd0e702;
				 *((long long*)(_t543 + 0x100)) =  *0xe353f7cf;
				 *((long long*)(_t543 + 0x108)) =  *((intOrPtr*)(0x20c49ba5e353f7df));
				if ( *((long long*)(_t572 + 0x18)) - 0x10 < 0) goto 0x1fd0e721;
				 *((long long*)(_t543 + 0x110)) =  *_t572;
				 *((long long*)(_t543 + 0x118)) =  *((intOrPtr*)(_t572 + 0x10));
				 *((long long*)(_t543 - 0x70)) = 0x7388e;
				 *((long long*)(_t543 - 0x68)) = _t543 + 0xe0;
				asm("movaps xmm0, [ebp-0x70]");
				asm("movdqa [ebp-0x20], xmm0");
				 *((long long*)(_t543 - 0x60)) = "{}.{:03d} | {:<15} {}";
				 *((long long*)(_t543 - 0x58)) = 0x15;
				E00007FFC7FFC1FCF49B0(_t388, _t543 + 0x230, 0xe353f7cf, _t540);
				_t488 =  *0x1fd41b18; // 0xb
				_t39 = _t488 + 1; // 0xc
				_t409 =  *0x1fd41b08; // 0x10
				if (_t409 - _t39 > 0) goto 0x1fd0e7ad;
				_t191 = E00007FFC7FFC1FD0BD30(_t39, _t388, 0x1fd41af8, _t488, 0xe353f7cf, _t565, _t572, _t576);
				_t489 =  *0x1fd41b18; // 0xb
				_t411 =  *0x1fd41b08; // 0x10
				_t412 = _t411 - 1;
				_t338 =  *0x1fd41b10; // 0x0
				_t339 = _t338 & _t412;
				 *0x1fd41b10 = _t339;
				_t389 = (_t412 & _t339 + _t489) * 8;
				_t341 =  *0x1fd41b00; // 0x6b34c0
				if ( *((long long*)(_t341 + _t389)) != 0) goto 0x1fd0e7f9;
				E00007FFC7FFC1FD156A8(_t191, _t341, _t412 & _t339 + _t489);
				_t414 =  *0x1fd41b00; // 0x6b34c0
				 *((long long*)(_t414 + _t389)) = _t341;
				asm("movups xmm0, [ebp+0x230]");
				asm("movups [eax], xmm0");
				asm("movups xmm1, [ebp+0x240]");
				asm("movups [eax+0x10], xmm1");
				 *0x1fd41b18 =  *0x1fd41b18 + 1;
				_t490 =  *((intOrPtr*)(_t543 + 0x98));
				if (_t490 - 0x10 < 0) goto 0x1fd0e85d;
				if (_t490 + 1 - 0x1000 < 0) goto 0x1fd0e858;
				if ( *((intOrPtr*)(_t543 + 0x80)) -  *((intOrPtr*)( *((intOrPtr*)(_t543 + 0x80)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fd0e858;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				 *((long long*)(_t543 + 0x90)) = 0xe353f7cf;
				 *((long long*)(_t543 + 0x98)) = 0xf;
				 *((intOrPtr*)(_t543 + 0x80)) = dil;
				_t493 =  *((intOrPtr*)(_t543 + 0x58));
				if (_t493 - 0x10 < 0) goto 0x1fd0e8b6;
				if (_t493 + 1 - 0x1000 < 0) goto 0x1fd0e8b1;
				if ( *((intOrPtr*)(_t543 + 0x40)) -  *((intOrPtr*)( *((intOrPtr*)(_t543 + 0x40)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fd0e8b1;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				if ( *0x1fd41b18 - 0xc8 <= 0) goto 0x1fd0e967;
				_t496 =  *0x1fd41b10; // 0x0
				_t419 =  *0x1fd41b08; // 0x10
				_t350 =  *0x1fd41b00; // 0x6b34c0
				_t390 =  *((intOrPtr*)(_t350 + (_t419 - 0x00000001 & _t496) * 8));
				_t497 =  *((intOrPtr*)(_t390 + 0x18));
				if (_t497 - 0x10 < 0) goto 0x1fd0e922;
				if (_t497 + 1 - 0x1000 < 0) goto 0x1fd0e91d;
				_t57 =  *_t390 -  *((intOrPtr*)( *_t390 - 8)) - 8; // 0x7
				_t286 = _t57 - 0x1f;
				if (_t286 > 0) goto 0x1fd0e9da;
				E00007FFC7FFC1FD156E4();
				 *((long long*)(_t390 + 0x10)) = 0xe353f7cf;
				 *((long long*)(_t390 + 0x18)) = 0xf;
				 *_t390 = 0;
				_t352 =  *0x1fd41b18; // 0xb
				_t353 = _t352 - 1;
				 *0x1fd41b18 = _t353;
				if (_t286 != 0) goto 0x1fd0e94a;
				goto 0x1fd0e954;
				_t501 =  *0x1fd41b10; // 0x0
				 *0x1fd41b10 = _t501 + 1;
				if (_t353 - 0xc8 > 0) goto 0x1fd0e8d0;
				0x1fd15436();
				if ( *((intOrPtr*)(_t576 + 0x50)) != 0x3a875d21) goto 0x1fd0efe9;
				 *((long long*)(_t543 - 0x10)) = _t576 + 0x48;
				 *((char*)(_t543 - 8)) = 1;
				0x1fd154e8();
				E00007FFC7FFC1FD199B0(_t353, _t546 + 0x60, _t501 + 1);
				E00007FFC7FFC1FD18020(_t353, _t390, _t546 + 0x70, _t575);
				 *((intOrPtr*)(_t546 + 0x78)) = 0;
				E00007FFC7FFC1FD180E0(_t353);
				if (_t353 == 0) goto 0x1fd0e9e1;
				 *((long long*)(_t353 + 8)) = 0xe353f7cf;
				 *_t353 = 0x1fd2d580;
				asm("lock xadd [eax+0x8], ecx");
				goto 0x1fd0e9e4;
				__imp___invalid_parameter_noinfo_noreturn();
				 *((long long*)(_t543 - 0x80)) = 0xe353f7cf;
				E00007FFC7FFC1FD1A540(0xe353f7cf, _t543 - 0x78, _t501 + 1);
				r8d =  *0xe353f7cf;
				E00007FFC7FFC1FD11260(E00007FFC7FFC1FD18120(_t390, _t546 + 0x70, _t543, _t540, _t543 - 0x80), _t543 + 0x250,  *((intOrPtr*)(_t546 + 0x48)));
				0x1fd02ca0();
				_t506 =  *((intOrPtr*)(0x20c49ba5e353f7df));
				_t552 =  *((intOrPtr*)(0x20c49ba5e353f7e7));
				if (_t552 - _t506 - 1 < 0) goto 0x1fd0ea5d;
				 *((long long*)(0x20c49ba5e353f7df)) = _t506 + 1;
				if (_t552 - 0x10 < 0) goto 0x1fd0ea55;
				_t357 =  *0xe353f7cf;
				 *((short*)(_t357 + _t506)) = 0x3a;
				goto 0x1fd0ea7f;
				 *((long long*)(_t546 + 0x20)) = 1;
				r8d = 0;
				E00007FFC7FFC1FCF2190(0xe353f7cf, _t506, 0xe353f7cf, _t543, ":", _t568, _t576 + 0x48, _t571, _t567);
				_t564 = _t357;
				asm("inc ecx");
				asm("movups [ebp+0xc0], xmm0");
				asm("inc ecx");
				asm("movups [ebp+0xd0], xmm1");
				 *((long long*)(_t564 + 0x10)) = 0xe353f7cf;
				 *((long long*)(_t564 + 0x18)) = 0xf;
				 *_t564 = 0;
				E00007FFC7FFC1FD08800(0xe353f7cf, _t543 + 0x60, _t543, _t543 + 0xc0, 0xe353f7cf, _t565);
				E00007FFC7FFC1FD180E0(_t357);
				if (_t357 == 0) goto 0x1fd0eb0a;
				 *((intOrPtr*)(_t357 + 8)) = 0;
				asm("movups xmm0, [ebp+0x60]");
				asm("movups [eax+0x10], xmm0");
				asm("movups xmm1, [ebp+0x70]");
				asm("movups [eax+0x20], xmm1");
				 *((long long*)(_t543 + 0x70)) = 0xe353f7cf;
				 *((long long*)(_t543 + 0x78)) = 0xf;
				 *((char*)(_t543 + 0x60)) = 0;
				 *_t357 = 0x1fd2d508;
				asm("lock xadd [ecx+0x8], eax");
				goto 0x1fd0eb0d;
				 *((long long*)(_t546 + 0x50)) = 0xe353f7cf;
				r8d = E00007FFC7FFC1FD177F0(_t269, _t357, _t357, 0xe353f7cf, "FileName", _t506, _t543 + 0xc0, 0xe353f7cf);
				E00007FFC7FFC1FD18120(0xe353f7cf, _t546 + 0x70, _t543 + 0x10, _t540, _t546 + 0x50);
				_t358 =  *((intOrPtr*)(_t546 + 0x50));
				if (_t358 == 0) goto 0x1fd0eb6c;
				asm("lock xadd [edx], eax");
				if (0xffffffff != 1) goto 0x1fd0eb6c;
				_t443 =  ==  ? 0xe353f7cf : _t358 + 8 - 8;
				if (_t443 == 0) goto 0x1fd0eb6c;
				 *((intOrPtr*)( *_t443))();
				_t509 =  *((intOrPtr*)(_t543 + 0x78));
				if (_t509 - 0x10 < 0) goto 0x1fd0ebab;
				if (_t509 + 1 - 0x1000 < 0) goto 0x1fd0eba5;
				if ( *((intOrPtr*)(_t543 + 0x60)) -  *((intOrPtr*)( *((intOrPtr*)(_t543 + 0x60)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fd0eba5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_t512 =  *((intOrPtr*)(_t543 + 0xd8));
				if (_t512 - 0x10 < 0) goto 0x1fd0ebf0;
				if (_t512 + 1 - 0x1000 < 0) goto 0x1fd0ebea;
				if ( *((intOrPtr*)(_t543 + 0xc0)) -  *((intOrPtr*)( *((intOrPtr*)(_t543 + 0xc0)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fd0ebea;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_t515 =  *((intOrPtr*)(_t543 + 0xb8));
				if (_t515 - 0x10 < 0) goto 0x1fd0ec34;
				if (_t515 + 1 - 0x1000 < 0) goto 0x1fd0ec2f;
				if ( *((intOrPtr*)(_t543 + 0xa0)) -  *((intOrPtr*)( *((intOrPtr*)(_t543 + 0xa0)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fd0ec2f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				 *((long long*)(_t543 + 0xb0)) = 0xe353f7cf;
				 *((long long*)(_t543 + 0xb8)) = 0xf;
				 *((char*)(_t543 + 0xa0)) = 0;
				_t518 =  *((intOrPtr*)(_t543 + 0x268));
				if (_t518 - 0x10 < 0) goto 0x1fd0ec91;
				_t450 =  *((intOrPtr*)(_t543 + 0x250));
				if (_t518 + 1 - 0x1000 < 0) goto 0x1fd0ec8c;
				_t451 =  *((intOrPtr*)(_t450 - 8));
				if (_t450 - _t451 + 0xfffffff8 - 0x1f <= 0) goto 0x1fd0ec8c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_t372 =  *[gs:0x58];
				_t521 =  *((intOrPtr*)(_t372 + _t451 * 8));
				_t215 =  *(_t451 + _t521);
				if ((_t215 & 0x00000001) != 0) goto 0x1fd0eccd;
				 *(_t451 + _t521) = _t215 | 0x00000001;
				asm("lock dec eax");
				 *((long long*)(_t521 + 0xe353f7cf)) = _t372;
				E00007FFC7FFC1FD180E0(_t372);
				if (_t372 == 0) goto 0x1fd0ecfd;
				 *((intOrPtr*)(_t372 + 8)) = 0;
				 *((long long*)(_t372 + 0x10)) =  *((intOrPtr*)(_t521 + 0xe353f7cf));
				 *_t372 = 0x1fd2d4a8;
				asm("lock xadd [eax+0x8], ecx");
				goto 0x1fd0ed00;
				 *((long long*)(_t546 + 0x58)) = 0xe353f7cf;
				r8d = E00007FFC7FFC1FD177F0(0xffffffff, _t372, 0xe353f7cf,  *((intOrPtr*)(_t521 + 0xe353f7cf)), "ThreadId", _t521, _t543 + 0xc0, _t546 + 0x50);
				E00007FFC7FFC1FD18120( *((intOrPtr*)(_t521 + 0xe353f7cf)), _t546 + 0x70, _t543 + 0x20, _t540, _t546 + 0x58);
				_t374 =  *((intOrPtr*)(_t546 + 0x58));
				if (_t374 == 0) goto 0x1fd0ed5b;
				asm("lock xadd [edx], eax");
				if (0xffffffff != 1) goto 0x1fd0ed5b;
				_t456 =  ==  ? 0xe353f7cf : _t374 + 8 - 8;
				if (_t456 == 0) goto 0x1fd0ed5b;
				_t375 =  *_t456;
				 *_t375();
				E00007FFC7FFC1FD0D640( *((intOrPtr*)(_t521 + 0xe353f7cf)), _t456, _t543 + 0xc0);
				_t536 = _t375;
				E00007FFC7FFC1FD180E0(_t375);
				_t393 = _t375;
				 *((long long*)(_t546 + 0x40)) = _t375;
				if (_t375 == 0) goto 0x1fd0ed9c;
				 *((intOrPtr*)(_t393 + 8)) = 0;
				 *_t393 = 0x1fd2d4d8;
				_t132 = _t393 + 0x10; // 0x10
				E00007FFC7FFC1FCFD4C0(0x1fd2d4d8, _t393, _t132, _t536, _t540);
				 *_t393 = 0x1fd2d508;
				goto 0x1fd0eda0;
				if (_t393 == 0) goto 0x1fd0edaf;
				asm("lock xadd [ebx+0x8], eax");
				 *((long long*)(_t546 + 0x48)) = _t393;
				r8d = E00007FFC7FFC1FD177F0(0xffffffff, _t393, 0x1fd2d4d8, _t393, "Scope", _t536, _t543 + 0xc0, _t546 + 0x58);
				E00007FFC7FFC1FD18120(_t393, _t546 + 0x70, _t543 + 0x30, _t540, _t546 + 0x48);
				_t377 =  *((intOrPtr*)(_t546 + 0x48));
				if (_t377 == 0) goto 0x1fd0ee0a;
				asm("lock xadd [edx], esi");
				_t139 = _t540 - 1; // 0xfffffffe
				if (_t139 != 0) goto 0x1fd0ee0a;
				_t461 =  ==  ? _t536 : _t377 + 8 - 8;
				if (_t461 == 0) goto 0x1fd0ee0a;
				_t378 =  *_t461;
				 *_t378();
				if (E00007FFC7FFC1FD19AC0( *((intOrPtr*)(_t546 + 0x60))) == 0) goto 0x1fd0ee3b;
				E00007FFC7FFC1FD1A9D0(0x30, 1, _t393, _t377 + 8);
				 *_t378 = r12d;
				_t234 = E00007FFC7FFC1FD19C80(_t378,  *((intOrPtr*)(_t546 + 0x60)), _t546 + 0x38);
				goto 0x1fd0ee43;
				_t465 = _t536;
				 *((long long*)(_t546 + 0x38)) = _t465;
				_t322 = _t465;
				if (_t322 == 0) goto 0x1fd0efc7;
				__imp__??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ();
				 *((long long*)(_t543 + 0x120)) = 0x1fd2d350;
				 *((long long*)(_t543 + 0x188)) = _t536;
				 *((long long*)(_t543 + 0x190)) = _t536;
				 *((char*)(_t543 + 0x198)) = 0;
				 *((long long*)( *((intOrPtr*)(_t543 + 0x140)))) = _t543 + 0x1a0;
				 *((long long*)( *((intOrPtr*)(_t543 + 0x160)))) = _t543 + 0x1a0;
				 *((intOrPtr*)( *((intOrPtr*)(_t543 + 0x178)))) = 0 - _t234 + 0x90;
				r9d = 1;
				r8d = 0;
				__imp__??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z();
				E00007FFC7FFC1FD0E130(_t234, _t543 + 0x120, _t543 + 0x120);
				 *((long long*)(_t543 + 0x220)) = _t546 + 0x38;
				E00007FFC7FFC1FD1DC80(0 - _t234 + 0x90, 0, 0xffffffff, _t322, _t543 + 0x120, _t543 + 0x120, _t540, _t564);
				r12d = r12d - 3;
				if (_t322 == 0) goto 0x1fd0ef30;
				r12d = r12d - 1;
				if (_t322 == 0) goto 0x1fd0ef21;
				if (r12d != 1) goto 0x1fd0ef49;
				r8d = _t565 + 0xb;
				goto 0x1fd0ef3d;
				r8d = 0xc;
				goto 0x1fd0ef3d;
				r8d = 0xa;
				E00007FFC7FFC1FD0D2C0(_t543 + 0x120, _t543 + 0x120, "!WARNING! ", _t536, _t540, _t543, _t546 + 0x70, _t565, _t534);
				if ( *((long long*)(_t572 + 0x18)) - 0x10 < 0) goto 0x1fd0ef57;
				E00007FFC7FFC1FD0D2C0(_t543 + 0x120, _t543 + 0x120,  *_t572, _t536, _t540, _t543,  *((intOrPtr*)(_t572 + 0x10)), _t538, _t542);
				__imp__?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ();
				E00007FFC7FFC1FD19CA0(_t546 + 0x38,  *((intOrPtr*)(_t546 + 0x60)), _t546 + 0x38, _t546 + 0x48); // executed
				E00007FFC7FFC1FD1DC10(_t543 + 0x120, _t546 + 0x38,  *((intOrPtr*)(_t572 + 0x10)));
				if ( *((long long*)(_t543 + 0x188)) == 0) goto 0x1fd0efa7;
				__imp__?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ();
				__imp__??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ();
				__imp__??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ();
				if ( *((intOrPtr*)(_t546 + 0x38)) == 0) goto 0x1fd0efd6;
				E00007FFC7FFC1FD197F0( *((intOrPtr*)(_t546 + 0x38)));
				 *((long long*)(_t546 + 0x38)) = _t536;
				_t242 = E00007FFC7FFC1FD0A280(_t546 + 0x38, _t543 + 0x120, _t546 + 0x60);
				0x1fd154f8();
				return E00007FFC7FFC1FD15E20(_t242, 0x30,  *(_t543 + 0x270) ^ _t546);
			}











































































                                                                                                                                                0x7ffc1fd0e600
                                                                                                                                                0x7ffc1fd0e610
                                                                                                                                                0x7ffc1fd0e618
                                                                                                                                                0x7ffc1fd0e61f
                                                                                                                                                0x7ffc1fd0e629
                                                                                                                                                0x7ffc1fd0e630
                                                                                                                                                0x7ffc1fd0e635
                                                                                                                                                0x7ffc1fd0e638
                                                                                                                                                0x7ffc1fd0e63b
                                                                                                                                                0x7ffc1fd0e63e
                                                                                                                                                0x7ffc1fd0e64c
                                                                                                                                                0x7ffc1fd0e653
                                                                                                                                                0x7ffc1fd0e65a
                                                                                                                                                0x7ffc1fd0e660
                                                                                                                                                0x7ffc1fd0e683
                                                                                                                                                0x7ffc1fd0e68d
                                                                                                                                                0x7ffc1fd0e690
                                                                                                                                                0x7ffc1fd0e69a
                                                                                                                                                0x7ffc1fd0e69e
                                                                                                                                                0x7ffc1fd0e6a6
                                                                                                                                                0x7ffc1fd0e6b3
                                                                                                                                                0x7ffc1fd0e6b7
                                                                                                                                                0x7ffc1fd0e6c9
                                                                                                                                                0x7ffc1fd0e6d7
                                                                                                                                                0x7ffc1fd0e6e0
                                                                                                                                                0x7ffc1fd0e6e7
                                                                                                                                                0x7ffc1fd0e6ee
                                                                                                                                                0x7ffc1fd0e6fd
                                                                                                                                                0x7ffc1fd0e706
                                                                                                                                                0x7ffc1fd0e70d
                                                                                                                                                0x7ffc1fd0e71c
                                                                                                                                                0x7ffc1fd0e725
                                                                                                                                                0x7ffc1fd0e72c
                                                                                                                                                0x7ffc1fd0e733
                                                                                                                                                0x7ffc1fd0e742
                                                                                                                                                0x7ffc1fd0e746
                                                                                                                                                0x7ffc1fd0e74a
                                                                                                                                                0x7ffc1fd0e756
                                                                                                                                                0x7ffc1fd0e75a
                                                                                                                                                0x7ffc1fd0e771
                                                                                                                                                0x7ffc1fd0e777
                                                                                                                                                0x7ffc1fd0e77e
                                                                                                                                                0x7ffc1fd0e782
                                                                                                                                                0x7ffc1fd0e78c
                                                                                                                                                0x7ffc1fd0e79a
                                                                                                                                                0x7ffc1fd0e79f
                                                                                                                                                0x7ffc1fd0e7a6
                                                                                                                                                0x7ffc1fd0e7ad
                                                                                                                                                0x7ffc1fd0e7b0
                                                                                                                                                0x7ffc1fd0e7b7
                                                                                                                                                0x7ffc1fd0e7ba
                                                                                                                                                0x7ffc1fd0e7c7
                                                                                                                                                0x7ffc1fd0e7cf
                                                                                                                                                0x7ffc1fd0e7db
                                                                                                                                                0x7ffc1fd0e7e2
                                                                                                                                                0x7ffc1fd0e7e7
                                                                                                                                                0x7ffc1fd0e7ee
                                                                                                                                                0x7ffc1fd0e7fd
                                                                                                                                                0x7ffc1fd0e804
                                                                                                                                                0x7ffc1fd0e807
                                                                                                                                                0x7ffc1fd0e80e
                                                                                                                                                0x7ffc1fd0e812
                                                                                                                                                0x7ffc1fd0e819
                                                                                                                                                0x7ffc1fd0e824
                                                                                                                                                0x7ffc1fd0e83a
                                                                                                                                                0x7ffc1fd0e84f
                                                                                                                                                0x7ffc1fd0e851
                                                                                                                                                0x7ffc1fd0e857
                                                                                                                                                0x7ffc1fd0e858
                                                                                                                                                0x7ffc1fd0e85f
                                                                                                                                                0x7ffc1fd0e866
                                                                                                                                                0x7ffc1fd0e871
                                                                                                                                                0x7ffc1fd0e878
                                                                                                                                                0x7ffc1fd0e880
                                                                                                                                                0x7ffc1fd0e893
                                                                                                                                                0x7ffc1fd0e8a8
                                                                                                                                                0x7ffc1fd0e8aa
                                                                                                                                                0x7ffc1fd0e8b0
                                                                                                                                                0x7ffc1fd0e8b1
                                                                                                                                                0x7ffc1fd0e8c1
                                                                                                                                                0x7ffc1fd0e8c7
                                                                                                                                                0x7ffc1fd0e8d0
                                                                                                                                                0x7ffc1fd0e8dd
                                                                                                                                                0x7ffc1fd0e8e4
                                                                                                                                                0x7ffc1fd0e8e8
                                                                                                                                                0x7ffc1fd0e8f0
                                                                                                                                                0x7ffc1fd0e8ff
                                                                                                                                                0x7ffc1fd0e90c
                                                                                                                                                0x7ffc1fd0e910
                                                                                                                                                0x7ffc1fd0e914
                                                                                                                                                0x7ffc1fd0e91d
                                                                                                                                                0x7ffc1fd0e922
                                                                                                                                                0x7ffc1fd0e926
                                                                                                                                                0x7ffc1fd0e92e
                                                                                                                                                0x7ffc1fd0e931
                                                                                                                                                0x7ffc1fd0e938
                                                                                                                                                0x7ffc1fd0e93c
                                                                                                                                                0x7ffc1fd0e943
                                                                                                                                                0x7ffc1fd0e948
                                                                                                                                                0x7ffc1fd0e94a
                                                                                                                                                0x7ffc1fd0e954
                                                                                                                                                0x7ffc1fd0e961
                                                                                                                                                0x7ffc1fd0e96e
                                                                                                                                                0x7ffc1fd0e97c
                                                                                                                                                0x7ffc1fd0e986
                                                                                                                                                0x7ffc1fd0e98a
                                                                                                                                                0x7ffc1fd0e991
                                                                                                                                                0x7ffc1fd0e99c
                                                                                                                                                0x7ffc1fd0e9a7
                                                                                                                                                0x7ffc1fd0e9ad
                                                                                                                                                0x7ffc1fd0e9b6
                                                                                                                                                0x7ffc1fd0e9be
                                                                                                                                                0x7ffc1fd0e9c0
                                                                                                                                                0x7ffc1fd0e9cb
                                                                                                                                                0x7ffc1fd0e9d3
                                                                                                                                                0x7ffc1fd0e9d8
                                                                                                                                                0x7ffc1fd0e9da
                                                                                                                                                0x7ffc1fd0e9e4
                                                                                                                                                0x7ffc1fd0e9ec
                                                                                                                                                0x7ffc1fd0e9f5
                                                                                                                                                0x7ffc1fd0ea13
                                                                                                                                                0x7ffc1fd0ea25
                                                                                                                                                0x7ffc1fd0ea2d
                                                                                                                                                0x7ffc1fd0ea31
                                                                                                                                                0x7ffc1fd0ea3f
                                                                                                                                                0x7ffc1fd0ea45
                                                                                                                                                0x7ffc1fd0ea50
                                                                                                                                                0x7ffc1fd0ea52
                                                                                                                                                0x7ffc1fd0ea55
                                                                                                                                                0x7ffc1fd0ea5b
                                                                                                                                                0x7ffc1fd0ea5d
                                                                                                                                                0x7ffc1fd0ea6d
                                                                                                                                                0x7ffc1fd0ea77
                                                                                                                                                0x7ffc1fd0ea7c
                                                                                                                                                0x7ffc1fd0ea7f
                                                                                                                                                0x7ffc1fd0ea83
                                                                                                                                                0x7ffc1fd0ea8a
                                                                                                                                                0x7ffc1fd0ea8f
                                                                                                                                                0x7ffc1fd0ea96
                                                                                                                                                0x7ffc1fd0ea9a
                                                                                                                                                0x7ffc1fd0eaa2
                                                                                                                                                0x7ffc1fd0eab9
                                                                                                                                                0x7ffc1fd0eac4
                                                                                                                                                0x7ffc1fd0ead6
                                                                                                                                                0x7ffc1fd0ead8
                                                                                                                                                0x7ffc1fd0eadb
                                                                                                                                                0x7ffc1fd0eadf
                                                                                                                                                0x7ffc1fd0eae3
                                                                                                                                                0x7ffc1fd0eae7
                                                                                                                                                0x7ffc1fd0eaeb
                                                                                                                                                0x7ffc1fd0eaef
                                                                                                                                                0x7ffc1fd0eaf7
                                                                                                                                                0x7ffc1fd0eafb
                                                                                                                                                0x7ffc1fd0eb03
                                                                                                                                                0x7ffc1fd0eb08
                                                                                                                                                0x7ffc1fd0eb0d
                                                                                                                                                0x7ffc1fd0eb23
                                                                                                                                                0x7ffc1fd0eb2f
                                                                                                                                                0x7ffc1fd0eb3a
                                                                                                                                                0x7ffc1fd0eb42
                                                                                                                                                0x7ffc1fd0eb4a
                                                                                                                                                0x7ffc1fd0eb51
                                                                                                                                                0x7ffc1fd0eb5a
                                                                                                                                                0x7ffc1fd0eb61
                                                                                                                                                0x7ffc1fd0eb69
                                                                                                                                                0x7ffc1fd0eb6c
                                                                                                                                                0x7ffc1fd0eb74
                                                                                                                                                0x7ffc1fd0eb87
                                                                                                                                                0x7ffc1fd0eb9c
                                                                                                                                                0x7ffc1fd0eb9e
                                                                                                                                                0x7ffc1fd0eba4
                                                                                                                                                0x7ffc1fd0eba5
                                                                                                                                                0x7ffc1fd0ebab
                                                                                                                                                0x7ffc1fd0ebb6
                                                                                                                                                0x7ffc1fd0ebcc
                                                                                                                                                0x7ffc1fd0ebe1
                                                                                                                                                0x7ffc1fd0ebe3
                                                                                                                                                0x7ffc1fd0ebe9
                                                                                                                                                0x7ffc1fd0ebea
                                                                                                                                                0x7ffc1fd0ebf0
                                                                                                                                                0x7ffc1fd0ebfb
                                                                                                                                                0x7ffc1fd0ec11
                                                                                                                                                0x7ffc1fd0ec26
                                                                                                                                                0x7ffc1fd0ec28
                                                                                                                                                0x7ffc1fd0ec2e
                                                                                                                                                0x7ffc1fd0ec2f
                                                                                                                                                0x7ffc1fd0ec34
                                                                                                                                                0x7ffc1fd0ec3b
                                                                                                                                                0x7ffc1fd0ec46
                                                                                                                                                0x7ffc1fd0ec4d
                                                                                                                                                0x7ffc1fd0ec58
                                                                                                                                                0x7ffc1fd0ec5d
                                                                                                                                                0x7ffc1fd0ec6e
                                                                                                                                                0x7ffc1fd0ec74
                                                                                                                                                0x7ffc1fd0ec83
                                                                                                                                                0x7ffc1fd0ec85
                                                                                                                                                0x7ffc1fd0ec8b
                                                                                                                                                0x7ffc1fd0ec8c
                                                                                                                                                0x7ffc1fd0ec97
                                                                                                                                                0x7ffc1fd0eca0
                                                                                                                                                0x7ffc1fd0eca9
                                                                                                                                                0x7ffc1fd0ecb3
                                                                                                                                                0x7ffc1fd0ecb8
                                                                                                                                                0x7ffc1fd0ecc0
                                                                                                                                                0x7ffc1fd0ecc9
                                                                                                                                                0x7ffc1fd0ecd6
                                                                                                                                                0x7ffc1fd0ecde
                                                                                                                                                0x7ffc1fd0ece0
                                                                                                                                                0x7ffc1fd0ece3
                                                                                                                                                0x7ffc1fd0ecee
                                                                                                                                                0x7ffc1fd0ecf6
                                                                                                                                                0x7ffc1fd0ecfb
                                                                                                                                                0x7ffc1fd0ed00
                                                                                                                                                0x7ffc1fd0ed16
                                                                                                                                                0x7ffc1fd0ed22
                                                                                                                                                0x7ffc1fd0ed28
                                                                                                                                                0x7ffc1fd0ed30
                                                                                                                                                0x7ffc1fd0ed38
                                                                                                                                                0x7ffc1fd0ed3f
                                                                                                                                                0x7ffc1fd0ed48
                                                                                                                                                0x7ffc1fd0ed4f
                                                                                                                                                0x7ffc1fd0ed51
                                                                                                                                                0x7ffc1fd0ed59
                                                                                                                                                0x7ffc1fd0ed5b
                                                                                                                                                0x7ffc1fd0ed60
                                                                                                                                                0x7ffc1fd0ed68
                                                                                                                                                0x7ffc1fd0ed6d
                                                                                                                                                0x7ffc1fd0ed70
                                                                                                                                                0x7ffc1fd0ed78
                                                                                                                                                0x7ffc1fd0ed7c
                                                                                                                                                0x7ffc1fd0ed86
                                                                                                                                                0x7ffc1fd0ed89
                                                                                                                                                0x7ffc1fd0ed90
                                                                                                                                                0x7ffc1fd0ed95
                                                                                                                                                0x7ffc1fd0ed9a
                                                                                                                                                0x7ffc1fd0eda3
                                                                                                                                                0x7ffc1fd0edaa
                                                                                                                                                0x7ffc1fd0edaf
                                                                                                                                                0x7ffc1fd0edc5
                                                                                                                                                0x7ffc1fd0edd1
                                                                                                                                                0x7ffc1fd0edd7
                                                                                                                                                0x7ffc1fd0eddf
                                                                                                                                                0x7ffc1fd0ede5
                                                                                                                                                0x7ffc1fd0ede9
                                                                                                                                                0x7ffc1fd0edee
                                                                                                                                                0x7ffc1fd0edf7
                                                                                                                                                0x7ffc1fd0edfe
                                                                                                                                                0x7ffc1fd0ee00
                                                                                                                                                0x7ffc1fd0ee08
                                                                                                                                                0x7ffc1fd0ee16
                                                                                                                                                0x7ffc1fd0ee18
                                                                                                                                                0x7ffc1fd0ee1d
                                                                                                                                                0x7ffc1fd0ee2f
                                                                                                                                                0x7ffc1fd0ee39
                                                                                                                                                0x7ffc1fd0ee3b
                                                                                                                                                0x7ffc1fd0ee3e
                                                                                                                                                0x7ffc1fd0ee43
                                                                                                                                                0x7ffc1fd0ee46
                                                                                                                                                0x7ffc1fd0ee5a
                                                                                                                                                0x7ffc1fd0ee67
                                                                                                                                                0x7ffc1fd0ee6e
                                                                                                                                                0x7ffc1fd0ee75
                                                                                                                                                0x7ffc1fd0ee7c
                                                                                                                                                0x7ffc1fd0ee91
                                                                                                                                                0x7ffc1fd0eea2
                                                                                                                                                0x7ffc1fd0eebb
                                                                                                                                                0x7ffc1fd0eebd
                                                                                                                                                0x7ffc1fd0eec3
                                                                                                                                                0x7ffc1fd0eed4
                                                                                                                                                0x7ffc1fd0eee2
                                                                                                                                                0x7ffc1fd0eeed
                                                                                                                                                0x7ffc1fd0eefb
                                                                                                                                                0x7ffc1fd0ef01
                                                                                                                                                0x7ffc1fd0ef05
                                                                                                                                                0x7ffc1fd0ef07
                                                                                                                                                0x7ffc1fd0ef0b
                                                                                                                                                0x7ffc1fd0ef11
                                                                                                                                                0x7ffc1fd0ef13
                                                                                                                                                0x7ffc1fd0ef1f
                                                                                                                                                0x7ffc1fd0ef21
                                                                                                                                                0x7ffc1fd0ef2e
                                                                                                                                                0x7ffc1fd0ef30
                                                                                                                                                0x7ffc1fd0ef44
                                                                                                                                                0x7ffc1fd0ef52
                                                                                                                                                0x7ffc1fd0ef61
                                                                                                                                                0x7ffc1fd0ef6d
                                                                                                                                                0x7ffc1fd0ef7d
                                                                                                                                                0x7ffc1fd0ef8a
                                                                                                                                                0x7ffc1fd0ef98
                                                                                                                                                0x7ffc1fd0efa1
                                                                                                                                                0x7ffc1fd0efae
                                                                                                                                                0x7ffc1fd0efbb
                                                                                                                                                0x7ffc1fd0efca
                                                                                                                                                0x7ffc1fd0efcc
                                                                                                                                                0x7ffc1fd0efd1
                                                                                                                                                0x7ffc1fd0efdb
                                                                                                                                                0x7ffc1fd0efe4
                                                                                                                                                0x7ffc1fd0f012

                                                                                                                                                APIs
                                                                                                                                                • strerror.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD0F02C
                                                                                                                                                  • Part of subcall function 00007FFC1FD0D640: __tlregdtor.LIBCMT ref: 00007FFC1FD0D690
                                                                                                                                                  • Part of subcall function 00007FFC1FD117C0: _localtime64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFC1FD117F4
                                                                                                                                                  • Part of subcall function 00007FFC1FD117C0: strftime.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFC1FD1182E
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD0E851
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD0E8AA
                                                                                                                                                • _Mtx_unlock.MSVCP140 ref: 00007FFC1FD0E96E
                                                                                                                                                • AcquireSRWLockShared.KERNEL32 ref: 00007FFC1FD0E991
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD0E9DA
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD0EB9E
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD0EBE3
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD0EC28
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD0EC85
                                                                                                                                                • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FFC1FD0EE5A
                                                                                                                                                • ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FFC1FD0EED4
                                                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FFC1FD0EF6D
                                                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FFC1FD0EFA1
                                                                                                                                                • ??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FFC1FD0EFAE
                                                                                                                                                • ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FFC1FD0EFBB
                                                                                                                                                • ReleaseSRWLockShared.KERNEL32 ref: 00007FFC1FD0EFE4
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: U?$char_traits@_invalid_parameter_noinfo_noreturn$D@std@@@std@@$?flush@?$basic_ostream@LockSharedV12@$??0?$basic_ostream@??0?$basic_streambuf@??1?$basic_streambuf@AcquireD?$basic_ostream@D@std@@@1@_Mtx_unlockReleaseV?$basic_streambuf@__tlregdtor_localtime64strerrorstrftime
                                                                                                                                                • String ID: !!!ERROR!!! $!!!FATAL!!! $!WARNING! $FileName$Scope$ThreadId$Unknown error$pe${}.{:03d} | {:<15} {}
                                                                                                                                                • API String ID: 1873823629-1766503865
                                                                                                                                                • Opcode ID: d6b5294e0b4a771fc1879de6181a7980b9e4594efd536c7ad5e602cac746ba68
                                                                                                                                                • Instruction ID: 142faa3480aace41d21e6c638c313fe59debfebec8f8c02164f05db78a63286f
                                                                                                                                                • Opcode Fuzzy Hash: d6b5294e0b4a771fc1879de6181a7980b9e4594efd536c7ad5e602cac746ba68
                                                                                                                                                • Instruction Fuzzy Hash: 00527C32A09F9E85EB18EF24D8543B82361FB857A4F404132DA5D47BA5DF7CE5A4C3A0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCFF010 Relevance: 35.4, APIs: 14, Strings: 6, Instructions: 426COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 201 7ffc1fcff010-7ffc1fcff076 202 7ffc1fcff078-7ffc1fcff080 memset 201->202 203 7ffc1fcff085-7ffc1fcff08b 201->203 202->203 204 7ffc1fcff091-7ffc1fcff0a4 _Mtx_lock 203->204 205 7ffc1fcff66c-7ffc1fcff6a0 call 7ffc1fcfc8d0 call 7ffc1fcfd750 _CxxThrowException 203->205 206 7ffc1fcff0aa-7ffc1fcff0b8 204->206 207 7ffc1fcff6a1-7ffc1fcff6a8 ?_Throw_C_error@std@@YAXH@Z 204->207 205->207 209 7ffc1fcff0ba-7ffc1fcff0c7 206->209 210 7ffc1fcff0f7-7ffc1fcff11d call 7ffc1fcfcd20 206->210 212 7ffc1fcff0d0-7ffc1fcff0eb call 7ffc1fcffb10 209->212 219 7ffc1fcff634-7ffc1fcff66b call 7ffc1fcfca90 call 7ffc1fcfd5e0 _CxxThrowException 210->219 220 7ffc1fcff123-7ffc1fcff137 210->220 221 7ffc1fcff0ed-7ffc1fcff0f2 212->221 219->205 223 7ffc1fcff5c7-7ffc1fcff5fb _Mtx_unlock call 7ffc1fd15e20 220->223 224 7ffc1fcff13d 220->224 221->210 227 7ffc1fcff140-7ffc1fcff16f call 7ffc1fcfd4c0 call 7ffc1fd03ff0 224->227 235 7ffc1fcff1a2-7ffc1fcff1c7 227->235 236 7ffc1fcff171-7ffc1fcff182 227->236 239 7ffc1fcff1c9 235->239 240 7ffc1fcff1cc-7ffc1fcff1ea call 7ffc1fd03ff0 235->240 237 7ffc1fcff184-7ffc1fcff197 236->237 238 7ffc1fcff19d call 7ffc1fd156e4 236->238 237->238 241 7ffc1fcff5fc-7ffc1fcff602 _invalid_parameter_noinfo_noreturn 237->241 238->235 239->240 247 7ffc1fcff1ef-7ffc1fcff20b call 7ffc1fd03ff0 240->247 248 7ffc1fcff1ec 240->248 244 7ffc1fcff603-7ffc1fcff609 _invalid_parameter_noinfo_noreturn 241->244 246 7ffc1fcff60a-7ffc1fcff610 _invalid_parameter_noinfo_noreturn 244->246 249 7ffc1fcff611-7ffc1fcff617 _invalid_parameter_noinfo_noreturn 246->249 253 7ffc1fcff414-7ffc1fcff435 247->253 254 7ffc1fcff211-7ffc1fcff214 247->254 248->247 251 7ffc1fcff618-7ffc1fcff61e _invalid_parameter_noinfo_noreturn 249->251 255 7ffc1fcff61f-7ffc1fcff625 _invalid_parameter_noinfo_noreturn 251->255 256 7ffc1fcff440-7ffc1fcff44e 253->256 257 7ffc1fcff21a-7ffc1fcff23d 254->257 258 7ffc1fcff4d4 254->258 259 7ffc1fcff626-7ffc1fcff62c _invalid_parameter_noinfo_noreturn 255->259 256->256 260 7ffc1fcff450-7ffc1fcff48f call 7ffc1fd04280 call 7ffc1fcf5600 256->260 261 7ffc1fcff240-7ffc1fcff24e 257->261 263 7ffc1fcff4d7-7ffc1fcff4df 258->263 262 7ffc1fcff62d-7ffc1fcff633 _invalid_parameter_noinfo_noreturn 259->262 282 7ffc1fcff494-7ffc1fcff49d 260->282 261->261 265 7ffc1fcff250-7ffc1fcff26e 261->265 262->219 266 7ffc1fcff517-7ffc1fcff530 263->266 267 7ffc1fcff4e1-7ffc1fcff4f7 263->267 271 7ffc1fcff270-7ffc1fcff27e 265->271 268 7ffc1fcff568-7ffc1fcff581 266->268 269 7ffc1fcff532-7ffc1fcff548 266->269 272 7ffc1fcff4f9-7ffc1fcff50c 267->272 273 7ffc1fcff512 call 7ffc1fd156e4 267->273 279 7ffc1fcff5b6-7ffc1fcff5c1 268->279 280 7ffc1fcff583-7ffc1fcff59a 268->280 275 7ffc1fcff54a-7ffc1fcff55d 269->275 276 7ffc1fcff563 call 7ffc1fd156e4 269->276 271->271 278 7ffc1fcff280-7ffc1fcff29d 271->278 272->255 272->273 273->266 275->259 275->276 276->268 283 7ffc1fcff2a0-7ffc1fcff2ae 278->283 279->223 279->227 284 7ffc1fcff5b1 call 7ffc1fd156e4 280->284 285 7ffc1fcff59c-7ffc1fcff5af 280->285 286 7ffc1fcff4d0 282->286 287 7ffc1fcff49f-7ffc1fcff4b0 282->287 283->283 288 7ffc1fcff2b0-7ffc1fcff33f call 7ffc1fd04280 * 3 call 7ffc1fcfcec0 283->288 284->279 285->262 285->284 286->258 290 7ffc1fcff4cb call 7ffc1fd156e4 287->290 291 7ffc1fcff4b2-7ffc1fcff4c5 287->291 301 7ffc1fcff372-7ffc1fcff38d 288->301 302 7ffc1fcff341-7ffc1fcff352 288->302 290->286 291->251 291->290 305 7ffc1fcff3c0-7ffc1fcff3d8 301->305 306 7ffc1fcff38f-7ffc1fcff3a0 301->306 303 7ffc1fcff354-7ffc1fcff367 302->303 304 7ffc1fcff36d call 7ffc1fd156e4 302->304 303->244 303->304 304->301 310 7ffc1fcff40b-7ffc1fcff40f 305->310 311 7ffc1fcff3da-7ffc1fcff3eb 305->311 308 7ffc1fcff3bb call 7ffc1fd156e4 306->308 309 7ffc1fcff3a2-7ffc1fcff3b5 306->309 308->305 309->246 309->308 310->263 313 7ffc1fcff406 call 7ffc1fd156e4 311->313 314 7ffc1fcff3ed-7ffc1fcff400 311->314 313->310 314->249 314->313
                                                                                                                                                C-Code - Quality: 50%
                                                                                                                                                			E00007FFC7FFC1FCFF010(intOrPtr __esi, long long __rbx, long long __rcx, long long __r9) {
				void* __rsi;
				void* __rbp;
				void* _t141;
				signed int _t152;
				signed int _t153;
				signed int _t162;
				intOrPtr _t171;
				signed int _t176;
				void* _t180;
				void* _t195;
				signed long long _t232;
				intOrPtr* _t235;
				signed long long _t238;
				signed short* _t243;
				long long _t256;
				intOrPtr* _t273;
				intOrPtr* _t275;
				signed short* _t289;
				signed short* _t292;
				signed short* _t304;
				intOrPtr _t323;
				intOrPtr _t343;
				intOrPtr _t346;
				intOrPtr _t349;
				intOrPtr _t357;
				signed long long _t360;
				signed long long _t363;
				signed long long _t366;
				void* _t369;
				void* _t372;
				intOrPtr _t374;
				long long _t375;
				long long _t376;
				long long _t377;
				long long _t378;
				void* _t380;
				intOrPtr* _t381;
				void* _t383;
				signed long long _t384;
				void* _t391;
				int _t393;
				intOrPtr* _t395;
				intOrPtr _t396;
				int _t398;
				long long _t399;
				void* _t401;
				long long* _t404;
				long long* _t405;

				 *((long long*)(_t383 + 0x10)) = __rbx;
				_t381 = _t383 - 0x30;
				_t384 = _t383 - 0x130;
				_t232 =  *0x1fd3ec78; // 0x18cf064c5a8d
				 *(_t381 + 0x28) = _t232 ^ _t384;
				 *((long long*)(_t384 + 0x48)) = __r9;
				_t171 = r8d;
				 *((intOrPtr*)(_t384 + 0x40)) = _t171;
				 *((long long*)(_t384 + 0x58)) = __rcx;
				 *((intOrPtr*)(_t384 + 0x50)) = _t171;
				 *((long long*)(_t384 + 0x60)) =  *((intOrPtr*)(_t381 + 0x90));
				_t399 =  *((intOrPtr*)(_t381 + 0x98));
				r12d = __esi;
				r12d = r12d - r9d;
				 *((intOrPtr*)(_t384 + 0x44)) = r12d;
				if (r12d <= 0) goto 0x1fcff085;
				memset(_t401, _t398, _t393);
				_t141 = __rbx - 1;
				if (_t141 - 1 > 0) goto 0x1fcff66c;
				 *((long long*)(_t384 + 0x50)) = __rcx + 0x70;
				0x1fd15430(_t391, _t369, _t372, _t380);
				if (_t141 != 0) goto 0x1fcff6a1;
				 *_t399 = _t141;
				_t395 =  *((intOrPtr*)(__rcx + 0x60));
				_t273 =  *_t395;
				if (_t273 == _t395) goto 0x1fcff0f7;
				asm("o16 nop [eax+eax]");
				r8d =  *((intOrPtr*)(_t384 + 0x40));
				 *_t399 =  *_t399 + E00007FFC7FFC1FCFFB10(_t273 - _t395,  *((intOrPtr*)(_t384 + 0x58)), _t273 + 0x10);
				if ( *_t273 != _t395) goto 0x1fcff0d0;
				_t374 =  *((intOrPtr*)(_t384 + 0x60));
				_t404 =  *((intOrPtr*)(_t384 + 0x48));
				 *((long long*)(_t384 + 0x20)) = _t399;
				r8d = 0x122;
				E00007FFC7FFC1FCFCD20(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", _t381, "size needed is {}"); // executed
				if (r12d -  *_t399 < 0) goto 0x1fcff634;
				_t396 =  *((intOrPtr*)(_t384 + 0x58));
				_t235 =  *((intOrPtr*)(_t396 + 0x60));
				 *((long long*)(_t384 + 0x48)) = _t235;
				_t275 =  *_t235;
				if (_t275 == _t235) goto 0x1fcff5c7;
				r14d = 0;
				E00007FFC7FFC1FCFD4C0(_t235, _t275, _t381 - 0x78,  *((intOrPtr*)(_t275 + 0x10)), _t374);
				_t322 =  >=  ?  *((void*)(_t381 - 0x78)) : _t381 - 0x78;
				E00007FFC7FFC1FD03FF0(_t171, _t275, _t384 + 0x68,  >=  ?  *((void*)(_t381 - 0x78)) : _t381 - 0x78, _t374, _t381);
				_t323 =  *((intOrPtr*)(_t381 - 0x60));
				if (_t323 - 0x10 < 0) goto 0x1fcff1a2;
				if (_t323 + 1 - 0x1000 < 0) goto 0x1fcff19d;
				_t238 =  *((intOrPtr*)(_t381 - 0x78)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x78)) - 8)) + 0xfffffff8;
				if (_t238 - 0x1f > 0) goto 0x1fcff5fc;
				E00007FFC7FFC1FD156E4();
				 *((long long*)(_t381 - 0x68)) = _t399;
				 *((long long*)(_t381 - 0x60)) = 0xf;
				 *((char*)(_t381 - 0x78)) = 0;
				r12d = 2 + _t238 * 2;
				if ( *((long long*)(_t396 + 0x38)) - 0x10 < 0) goto 0x1fcff1cc;
				E00007FFC7FFC1FD03FF0(_t171, _t275, _t381 - 0x38,  *((intOrPtr*)(_t396 + 0x20)), _t374, _t381);
				r14d = 2 + _t238 * 2;
				_t195 =  *((long long*)(_t396 + 0x58)) - 0x10;
				if (_t195 < 0) goto 0x1fcff1ef;
				E00007FFC7FFC1FD03FF0(_t171, _t275, _t381 - 0x58,  *((intOrPtr*)(_t396 + 0x40)), _t374, _t381);
				r8d = 2 + _t238 * 2;
				if (_t195 == 0) goto 0x1fcff414;
				if ( *((intOrPtr*)(_t384 + 0x40)) - 1 != 1) goto 0x1fcff4d4;
				asm("xorps xmm0, xmm0");
				asm("inc ecx");
				asm("inc ecx");
				_t375 = _t374 - r14d;
				_t289 =  >=  ?  *((void*)(_t381 - 0x38)) : _t381 - 0x38;
				_t152 =  *_t289 & 0x0000ffff;
				 *(_t289 + _t375 - _t289) = _t152;
				if (_t152 != 0) goto 0x1fcff240;
				 *((long long*)(_t404 + 8)) = _t375;
				_t376 = _t375 - r8d;
				_t292 =  >=  ?  *((void*)(_t381 - 0x58)) : _t381 - 0x58;
				_t153 =  *_t292 & 0x0000ffff;
				 *(_t292 + _t376 - _t292) = _t153;
				if (_t153 != 0) goto 0x1fcff270;
				 *((long long*)(_t404 + 0x10)) = _t376;
				_t377 = _t376 - r12d;
				_t243 =  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68;
				_t176 =  *_t243 & 0x0000ffff;
				 *(_t243 + _t377 - _t243) = _t176;
				if (_t176 != 0) goto 0x1fcff2a0;
				 *_t404 = _t377;
				_t337 =  >=  ?  *((void*)(_t381 - 0x58)) : _t381 - 0x58;
				E00007FFC7FFC1FD04280(_t180, _t275, _t381 - 0x18,  >=  ?  *((void*)(_t381 - 0x58)) : _t381 - 0x58, _t377, _t381);
				_t339 =  >=  ?  *((void*)(_t381 - 0x38)) : _t381 - 0x38;
				E00007FFC7FFC1FD04280(_t180, _t275, _t381 + 8,  >=  ?  *((void*)(_t381 - 0x38)) : _t381 - 0x38, _t377, _t381);
				_t341 =  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68;
				E00007FFC7FFC1FD04280(_t180, _t275, _t381 - 0x78,  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68, _t377, _t381);
				 *((long long*)(_t384 + 0x30)) = _t381 - 0x18;
				 *((long long*)(_t384 + 0x28)) = _t381 + 8;
				 *((long long*)(_t384 + 0x20)) = _t381 - 0x78;
				r8d = 0x145;
				E00007FFC7FFC1FCFCEC0(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", _t381, "copy port \'{}\', \'{}\', \'{}\'");
				_t343 =  *((intOrPtr*)(_t381 - 0x60));
				if (_t343 - 0x10 < 0) goto 0x1fcff372;
				if (_t343 + 1 - 0x1000 < 0) goto 0x1fcff36d;
				if ( *((intOrPtr*)(_t381 - 0x78)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x78)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x1fcff603;
				E00007FFC7FFC1FD156E4();
				r14d = 0;
				 *((long long*)(_t381 - 0x68)) = _t399;
				 *((long long*)(_t381 - 0x60)) = 0xf;
				 *((intOrPtr*)(_t381 - 0x78)) = r14b;
				_t346 =  *((intOrPtr*)(_t381 + 0x20));
				if (_t346 - 0x10 < 0) goto 0x1fcff3c0;
				if (_t346 + 1 - 0x1000 < 0) goto 0x1fcff3bb;
				if ( *((intOrPtr*)(_t381 + 8)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 + 8)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x1fcff60a;
				E00007FFC7FFC1FD156E4();
				 *((long long*)(_t381 + 0x18)) = _t399;
				 *((long long*)(_t381 + 0x20)) = 0xf;
				 *((char*)(_t381 + 8)) = 0;
				_t349 =  *_t381;
				if (_t349 - 0x10 < 0) goto 0x1fcff40b;
				if (_t349 + 1 - 0x1000 < 0) goto 0x1fcff406;
				_t256 =  *((intOrPtr*)(_t381 - 0x18)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x18)) - 8)) + 0xfffffff8;
				if (_t256 - 0x1f > 0) goto 0x1fcff611;
				E00007FFC7FFC1FD156E4();
				_t405 = _t404 + 0x20;
				goto 0x1fcff4d7;
				 *_t405 = _t256;
				_t378 = _t377 - r12d;
				_t304 =  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68;
				asm("o16 nop [eax+eax]");
				_t162 =  *_t304 & 0x0000ffff;
				 *(_t378 - _t304 + _t304) = _t162;
				if (_t162 != 0) goto 0x1fcff440;
				 *_t405 = _t378;
				_t355 =  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68;
				E00007FFC7FFC1FD04280(_t180, _t275, _t381 - 0x18,  >=  ?  *((void*)(_t384 + 0x68)) : _t384 + 0x68, _t378, _t381);
				 *((long long*)(_t384 + 0x20)) = _t381 - 0x18;
				r8d = 0x134;
				E00007FFC7FFC1FCF5600(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "copy port \'{}\'"); // executed
				_t357 =  *_t381;
				if (_t357 - 0x10 < 0) goto 0x1fcff4d0;
				if (_t357 + 1 - 0x1000 < 0) goto 0x1fcff4cb;
				if ( *((intOrPtr*)(_t381 - 0x18)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x18)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x1fcff618;
				E00007FFC7FFC1FD156E4();
				r14d = 0;
				_t360 =  *((intOrPtr*)(_t381 - 0x40));
				if (_t360 - 8 < 0) goto 0x1fcff517;
				if (2 + _t360 * 2 - 0x1000 < 0) goto 0x1fcff512;
				if ( *((intOrPtr*)(_t381 - 0x58)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x58)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x1fcff61f;
				E00007FFC7FFC1FD156E4();
				 *((long long*)(_t381 - 0x48)) = _t399;
				 *((long long*)(_t381 - 0x40)) = 7;
				 *((intOrPtr*)(_t381 - 0x58)) = r14w;
				_t363 =  *((intOrPtr*)(_t381 - 0x20));
				if (_t363 - 8 < 0) goto 0x1fcff568;
				if (2 + _t363 * 2 - 0x1000 < 0) goto 0x1fcff563;
				if ( *((intOrPtr*)(_t381 - 0x38)) -  *((intOrPtr*)( *((intOrPtr*)(_t381 - 0x38)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x1fcff626;
				E00007FFC7FFC1FD156E4();
				 *((long long*)(_t381 - 0x28)) = _t399;
				 *((long long*)(_t381 - 0x20)) = 7;
				 *((intOrPtr*)(_t381 - 0x38)) = r14w;
				_t366 =  *((intOrPtr*)(_t381 - 0x80));
				if (_t366 - 8 < 0) goto 0x1fcff5b6;
				if (2 + _t366 * 2 - 0x1000 < 0) goto 0x1fcff5b1;
				if ( *((intOrPtr*)(_t384 + 0x68)) -  *((intOrPtr*)( *((intOrPtr*)(_t384 + 0x68)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x1fcff62d;
				E00007FFC7FFC1FD156E4();
				if ( *_t275 !=  *((intOrPtr*)(_t384 + 0x48))) goto 0x1fcff140;
				0x1fd15436();
				return E00007FFC7FFC1FD15E20( *((intOrPtr*)(_t396 + 0x68)), 1,  *(_t381 + 0x28) ^ _t384);
			}



















































                                                                                                                                                0x7ffc1fcff010
                                                                                                                                                0x7ffc1fcff020
                                                                                                                                                0x7ffc1fcff025
                                                                                                                                                0x7ffc1fcff02c
                                                                                                                                                0x7ffc1fcff036
                                                                                                                                                0x7ffc1fcff03d
                                                                                                                                                0x7ffc1fcff042
                                                                                                                                                0x7ffc1fcff045
                                                                                                                                                0x7ffc1fcff04c
                                                                                                                                                0x7ffc1fcff051
                                                                                                                                                0x7ffc1fcff05c
                                                                                                                                                0x7ffc1fcff061
                                                                                                                                                0x7ffc1fcff068
                                                                                                                                                0x7ffc1fcff06b
                                                                                                                                                0x7ffc1fcff06e
                                                                                                                                                0x7ffc1fcff076
                                                                                                                                                0x7ffc1fcff080
                                                                                                                                                0x7ffc1fcff085
                                                                                                                                                0x7ffc1fcff08b
                                                                                                                                                0x7ffc1fcff095
                                                                                                                                                0x7ffc1fcff09d
                                                                                                                                                0x7ffc1fcff0a4
                                                                                                                                                0x7ffc1fcff0aa
                                                                                                                                                0x7ffc1fcff0ad
                                                                                                                                                0x7ffc1fcff0b1
                                                                                                                                                0x7ffc1fcff0b8
                                                                                                                                                0x7ffc1fcff0c7
                                                                                                                                                0x7ffc1fcff0d4
                                                                                                                                                0x7ffc1fcff0df
                                                                                                                                                0x7ffc1fcff0eb
                                                                                                                                                0x7ffc1fcff0ed
                                                                                                                                                0x7ffc1fcff0f2
                                                                                                                                                0x7ffc1fcff0f7
                                                                                                                                                0x7ffc1fcff103
                                                                                                                                                0x7ffc1fcff115
                                                                                                                                                0x7ffc1fcff11d
                                                                                                                                                0x7ffc1fcff123
                                                                                                                                                0x7ffc1fcff128
                                                                                                                                                0x7ffc1fcff12c
                                                                                                                                                0x7ffc1fcff131
                                                                                                                                                0x7ffc1fcff137
                                                                                                                                                0x7ffc1fcff13d
                                                                                                                                                0x7ffc1fcff148
                                                                                                                                                0x7ffc1fcff157
                                                                                                                                                0x7ffc1fcff161
                                                                                                                                                0x7ffc1fcff167
                                                                                                                                                0x7ffc1fcff16f
                                                                                                                                                0x7ffc1fcff182
                                                                                                                                                0x7ffc1fcff18f
                                                                                                                                                0x7ffc1fcff197
                                                                                                                                                0x7ffc1fcff19d
                                                                                                                                                0x7ffc1fcff1a2
                                                                                                                                                0x7ffc1fcff1a6
                                                                                                                                                0x7ffc1fcff1ae
                                                                                                                                                0x7ffc1fcff1b6
                                                                                                                                                0x7ffc1fcff1c7
                                                                                                                                                0x7ffc1fcff1d0
                                                                                                                                                0x7ffc1fcff1d9
                                                                                                                                                0x7ffc1fcff1e5
                                                                                                                                                0x7ffc1fcff1ea
                                                                                                                                                0x7ffc1fcff1f3
                                                                                                                                                0x7ffc1fcff1fc
                                                                                                                                                0x7ffc1fcff20b
                                                                                                                                                0x7ffc1fcff214
                                                                                                                                                0x7ffc1fcff21a
                                                                                                                                                0x7ffc1fcff21d
                                                                                                                                                0x7ffc1fcff221
                                                                                                                                                0x7ffc1fcff229
                                                                                                                                                0x7ffc1fcff235
                                                                                                                                                0x7ffc1fcff240
                                                                                                                                                0x7ffc1fcff243
                                                                                                                                                0x7ffc1fcff24e
                                                                                                                                                0x7ffc1fcff250
                                                                                                                                                0x7ffc1fcff257
                                                                                                                                                0x7ffc1fcff263
                                                                                                                                                0x7ffc1fcff270
                                                                                                                                                0x7ffc1fcff273
                                                                                                                                                0x7ffc1fcff27e
                                                                                                                                                0x7ffc1fcff280
                                                                                                                                                0x7ffc1fcff287
                                                                                                                                                0x7ffc1fcff294
                                                                                                                                                0x7ffc1fcff2a0
                                                                                                                                                0x7ffc1fcff2a3
                                                                                                                                                0x7ffc1fcff2ae
                                                                                                                                                0x7ffc1fcff2b0
                                                                                                                                                0x7ffc1fcff2bc
                                                                                                                                                0x7ffc1fcff2c5
                                                                                                                                                0x7ffc1fcff2d4
                                                                                                                                                0x7ffc1fcff2dd
                                                                                                                                                0x7ffc1fcff2ed
                                                                                                                                                0x7ffc1fcff2f7
                                                                                                                                                0x7ffc1fcff301
                                                                                                                                                0x7ffc1fcff30a
                                                                                                                                                0x7ffc1fcff313
                                                                                                                                                0x7ffc1fcff31f
                                                                                                                                                0x7ffc1fcff331
                                                                                                                                                0x7ffc1fcff337
                                                                                                                                                0x7ffc1fcff33f
                                                                                                                                                0x7ffc1fcff352
                                                                                                                                                0x7ffc1fcff367
                                                                                                                                                0x7ffc1fcff36d
                                                                                                                                                0x7ffc1fcff372
                                                                                                                                                0x7ffc1fcff375
                                                                                                                                                0x7ffc1fcff379
                                                                                                                                                0x7ffc1fcff381
                                                                                                                                                0x7ffc1fcff385
                                                                                                                                                0x7ffc1fcff38d
                                                                                                                                                0x7ffc1fcff3a0
                                                                                                                                                0x7ffc1fcff3b5
                                                                                                                                                0x7ffc1fcff3bb
                                                                                                                                                0x7ffc1fcff3c0
                                                                                                                                                0x7ffc1fcff3c4
                                                                                                                                                0x7ffc1fcff3cc
                                                                                                                                                0x7ffc1fcff3d0
                                                                                                                                                0x7ffc1fcff3d8
                                                                                                                                                0x7ffc1fcff3eb
                                                                                                                                                0x7ffc1fcff3f8
                                                                                                                                                0x7ffc1fcff400
                                                                                                                                                0x7ffc1fcff406
                                                                                                                                                0x7ffc1fcff40b
                                                                                                                                                0x7ffc1fcff40f
                                                                                                                                                0x7ffc1fcff416
                                                                                                                                                0x7ffc1fcff41c
                                                                                                                                                0x7ffc1fcff429
                                                                                                                                                0x7ffc1fcff435
                                                                                                                                                0x7ffc1fcff440
                                                                                                                                                0x7ffc1fcff443
                                                                                                                                                0x7ffc1fcff44e
                                                                                                                                                0x7ffc1fcff450
                                                                                                                                                0x7ffc1fcff45d
                                                                                                                                                0x7ffc1fcff467
                                                                                                                                                0x7ffc1fcff471
                                                                                                                                                0x7ffc1fcff47d
                                                                                                                                                0x7ffc1fcff48f
                                                                                                                                                0x7ffc1fcff495
                                                                                                                                                0x7ffc1fcff49d
                                                                                                                                                0x7ffc1fcff4b0
                                                                                                                                                0x7ffc1fcff4c5
                                                                                                                                                0x7ffc1fcff4cb
                                                                                                                                                0x7ffc1fcff4d4
                                                                                                                                                0x7ffc1fcff4d7
                                                                                                                                                0x7ffc1fcff4df
                                                                                                                                                0x7ffc1fcff4f7
                                                                                                                                                0x7ffc1fcff50c
                                                                                                                                                0x7ffc1fcff512
                                                                                                                                                0x7ffc1fcff517
                                                                                                                                                0x7ffc1fcff51b
                                                                                                                                                0x7ffc1fcff523
                                                                                                                                                0x7ffc1fcff528
                                                                                                                                                0x7ffc1fcff530
                                                                                                                                                0x7ffc1fcff548
                                                                                                                                                0x7ffc1fcff55d
                                                                                                                                                0x7ffc1fcff563
                                                                                                                                                0x7ffc1fcff568
                                                                                                                                                0x7ffc1fcff56c
                                                                                                                                                0x7ffc1fcff574
                                                                                                                                                0x7ffc1fcff579
                                                                                                                                                0x7ffc1fcff581
                                                                                                                                                0x7ffc1fcff59a
                                                                                                                                                0x7ffc1fcff5af
                                                                                                                                                0x7ffc1fcff5b1
                                                                                                                                                0x7ffc1fcff5c1
                                                                                                                                                0x7ffc1fcff5ce
                                                                                                                                                0x7ffc1fcff5fb

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$ExceptionThrow$C_error@std@@Mtx_lockMtx_unlockThrow_memset
                                                                                                                                                • String ID: buffer has capacity of {}, while {} is needed$c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$copy port '{}'$copy port '{}', '{}', '{}'$port level {} is not valid$size needed is {}
                                                                                                                                                • API String ID: 2180992759-3307107698
                                                                                                                                                • Opcode ID: 30a5cb5a9781a34cb23ddfb8e2b527e1a4ddccc004ef493ea859a10adfdb2c1f
                                                                                                                                                • Instruction ID: 57d8fd346172ac9da0bb0c7564e90f47f9c38861a7d1a71e78a30ee50e7cebb8
                                                                                                                                                • Opcode Fuzzy Hash: 30a5cb5a9781a34cb23ddfb8e2b527e1a4ddccc004ef493ea859a10adfdb2c1f
                                                                                                                                                • Instruction Fuzzy Hash: D702BE62B08F5A85FB10DF64E4543BD6761FB457A8F404232DA5D07AE9DF38E095C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD15A7C Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61libraryloaderCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                C-Code - Quality: 23%
                                                                                                                                                			E00007FFC7FFC1FD15A7C(long long __rax, struct _CRITICAL_SECTION* __rbx, void* __r9, void* _a8) {

				InitializeCriticalSectionAndSpinCount(__rbx);
				GetModuleHandleW(??); // executed
				if (__rax != 0) goto 0x1fd15ac2;
				GetModuleHandleW(??);
				if (__rax == 0) goto 0x1fd15b41;
				GetProcAddress(??, ??);
				GetProcAddress(??, ??);
				if (__rax == 0) goto 0x1fd15aff;
				if (__rax == 0) goto 0x1fd15aff;
				 *0x1fd41cf8 = __rax;
				 *0x1fd41d00 = __rax;
				goto 0x1fd15b1d;
				r9d = 0;
				r8d = 0;
				CreateEventW(??, ??, ??, ??);
				 *0x1fd41cc8 = __rax;
				if (__rax == 0) goto 0x1fd15b41;
				if (E00007FFC7FFC1FD158B4(0, __rax) == 0) goto 0x1fd15b41;
				E00007FFC7FFC1FD15A64(E00007FFC7FFC1FD158B4(0, __rax), __rax);
				return 0;
			}



                                                                                                                                                0x7ffc1fd15a92
                                                                                                                                                0x7ffc1fd15a9f
                                                                                                                                                0x7ffc1fd15aab
                                                                                                                                                0x7ffc1fd15ab4
                                                                                                                                                0x7ffc1fd15ac0
                                                                                                                                                0x7ffc1fd15acc
                                                                                                                                                0x7ffc1fd15adf
                                                                                                                                                0x7ffc1fd15ae8
                                                                                                                                                0x7ffc1fd15aed
                                                                                                                                                0x7ffc1fd15aef
                                                                                                                                                0x7ffc1fd15af6
                                                                                                                                                0x7ffc1fd15afd
                                                                                                                                                0x7ffc1fd15aff
                                                                                                                                                0x7ffc1fd15b02
                                                                                                                                                0x7ffc1fd15b0b
                                                                                                                                                0x7ffc1fd15b11
                                                                                                                                                0x7ffc1fd15b1b
                                                                                                                                                0x7ffc1fd15b26
                                                                                                                                                0x7ffc1fd15b2f
                                                                                                                                                0x7ffc1fd15b40

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                • API String ID: 2565136772-3242537097
                                                                                                                                                • Opcode ID: d861e4b9320158ff47eb84d8279c67ef2caac247e81ead71abf6a798d57e674a
                                                                                                                                                • Instruction ID: 267c31e33f72ac45c4cca959014432c7a6c7ffe777c2ac02db851576a4977860
                                                                                                                                                • Opcode Fuzzy Hash: d861e4b9320158ff47eb84d8279c67ef2caac247e81ead71abf6a798d57e674a
                                                                                                                                                • Instruction Fuzzy Hash: 2D212C20F0DE6F81FB5DBF25E99527862A0AF85760F9C0135C81E026A1EF2CB465C3E0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD0E430 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 122COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                APIs
                                                                                                                                                • ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FFC1FD0C078,?,?,?,00007FFC1FD0D3C7), ref: 00007FFC1FD0E44F
                                                                                                                                                • ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FFC1FD0C078,?,?,?,00007FFC1FD0D3C7), ref: 00007FFC1FD0E45D
                                                                                                                                                • ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FFC1FD0C078,?,?,?,00007FFC1FD0D3C7), ref: 00007FFC1FD0E477
                                                                                                                                                • ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FFC1FD0C078,?,?,?,00007FFC1FD0D3C7), ref: 00007FFC1FD0E4A2
                                                                                                                                                • ?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FFC1FD0C078,?,?,?,00007FFC1FD0D3C7), ref: 00007FFC1FD0E4CE
                                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 00007FFC1FD0E4EB
                                                                                                                                                • ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,00007FFC1FD0C078,?,?,?,00007FFC1FD0D3C7), ref: 00007FFC1FD0E50A
                                                                                                                                                • ?length@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1_K@Z.MSVCP140 ref: 00007FFC1FD0E531
                                                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFC1FD0E578
                                                                                                                                                • _localtime64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFC1FD0E584
                                                                                                                                                  • Part of subcall function 00007FFC1FCFD810: __std_exception_copy.VCRUNTIME140 ref: 00007FFC1FCFD83F
                                                                                                                                                  • Part of subcall function 00007FFC1FD07ED0: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFC1FD0E5AE), ref: 00007FFC1FD07EED
                                                                                                                                                  • Part of subcall function 00007FFC1FD07ED0: _CxxThrowException.VCRUNTIME140 ref: 00007FFC1FD07F20
                                                                                                                                                  • Part of subcall function 00007FFC1FD07ED0: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(?,?,?,?,?,00000000), ref: 00007FFC1FD0D34F
                                                                                                                                                  • Part of subcall function 00007FFC1FD07ED0: ?uncaught_exception@std@@YA_NXZ.MSVCP140(?,?,?,?,?,00000000), ref: 00007FFC1FD0D3DA
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: D@std@@@std@@ExceptionLockit@std@@Mbstatet@@@std@@ThrowU?$char_traits@$??0_??1_?flush@?$basic_ostream@?getloc@?$basic_streambuf@?length@?$codecvt@_?uncaught_exception@std@@Bid@locale@std@@Concurrency::cancel_current_taskFacet_Getcat@?$codecvt@_Getgloballocale@locale@std@@Locimp@12@Mbstatet@@RegisterV12@V42@@Vfacet@locale@2@Vlocale@2@__std_exception_copy_localtime64std::_
                                                                                                                                                • String ID: could not convert calendar time to local time
                                                                                                                                                • API String ID: 566687407-4174379530
                                                                                                                                                • Opcode ID: 7730723aa5f217de64bff47fb819d92a538bb737153a0366e2201d2edec3ae85
                                                                                                                                                • Instruction ID: 8fc6a40c20ef58dfeea6a04ad0c433de2dd726fcc1510ecf7b9075632936e9ea
                                                                                                                                                • Opcode Fuzzy Hash: 7730723aa5f217de64bff47fb819d92a538bb737153a0366e2201d2edec3ae85
                                                                                                                                                • Instruction Fuzzy Hash: 7D51AE22A08F5E81EB18AF15E45417EA360FF85FA0F480635EA9D07BA9DF7CD460C790
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCFBF60 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 241COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 366 7ffc1fcfbf60-7ffc1fcfc00c OutputDebugStringA call 7ffc1fd0d640 369 7ffc1fcfc00e-7ffc1fcfc017 366->369 370 7ffc1fcfc02c-7ffc1fcfc046 call 7ffc1fd106f0 366->370 371 7ffc1fcfc019 369->371 372 7ffc1fcfc01c-7ffc1fcfc027 call 7ffc1fcf9100 369->372 376 7ffc1fcfc048-7ffc1fcfc05d 370->376 377 7ffc1fcfc080-7ffc1fcfc0e1 call 7ffc1fd04280 call 7ffc1fcf5600 370->377 371->372 372->370 379 7ffc1fcfc07b call 7ffc1fd156e4 376->379 380 7ffc1fcfc05f-7ffc1fcfc072 376->380 386 7ffc1fcfc11b-7ffc1fcfc14c call 7ffc1fcfe0d0 call 7ffc1fd04280 call 7ffc1fcffe00 377->386 387 7ffc1fcfc0e3-7ffc1fcfc0f8 377->387 379->377 380->379 382 7ffc1fcfc074-7ffc1fcfc07a _invalid_parameter_noinfo_noreturn 380->382 382->379 398 7ffc1fcfc187-7ffc1fcfc1a8 386->398 399 7ffc1fcfc14e-7ffc1fcfc163 386->399 388 7ffc1fcfc0fa-7ffc1fcfc10d 387->388 389 7ffc1fcfc116 call 7ffc1fd156e4 387->389 388->389 391 7ffc1fcfc10f-7ffc1fcfc115 _invalid_parameter_noinfo_noreturn 388->391 389->386 391->389 402 7ffc1fcfc3f8-7ffc1fcfc40b call 7ffc1fd15c04 398->402 403 7ffc1fcfc1ae-7ffc1fcfc31c call 7ffc1fcf5db0 398->403 400 7ffc1fcfc165-7ffc1fcfc178 399->400 401 7ffc1fcfc181-7ffc1fcfc186 call 7ffc1fd156e4 399->401 400->401 404 7ffc1fcfc17a-7ffc1fcfc180 _invalid_parameter_noinfo_noreturn 400->404 401->398 402->403 411 7ffc1fcfc411-7ffc1fcfc41e call 7ffc1fd156a8 402->411 410 7ffc1fcfc321-7ffc1fcfc341 call 7ffc1fd106f0 403->410 404->401 416 7ffc1fcfc343-7ffc1fcfc358 410->416 417 7ffc1fcfc37c-7ffc1fcfc3f7 call 7ffc1fd15e20 410->417 419 7ffc1fcfc449-7ffc1fcfc46a call 7ffc1fd15a64 call 7ffc1fd15ba4 411->419 420 7ffc1fcfc420-7ffc1fcfc442 411->420 421 7ffc1fcfc35a-7ffc1fcfc36d 416->421 422 7ffc1fcfc376-7ffc1fcfc37b call 7ffc1fd156e4 416->422 419->403 420->419 421->422 426 7ffc1fcfc36f-7ffc1fcfc375 _invalid_parameter_noinfo_noreturn 421->426 422->417 426->422
                                                                                                                                                C-Code - Quality: 20%
                                                                                                                                                			E00007FFC7FFC1FCFBF60(long long __rbx, void* __rcx, void* __rbp, void* __r14, long long _a16) {
				signed int _v16;
				intOrPtr _v24;
				char _v48;
				intOrPtr _v56;
				char _v80;
				long long _v88;
				long long _v96;
				char _v106;
				short _v108;
				char _v112;
				long long _v128;
				long long _v168;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				long long _v208;
				long long _v216;
				long long _v224;
				long long _v232;
				long long _v240;
				long long _v248;
				long long _v256;
				char _v264;
				long long _v280;
				char _t73;
				void* _t100;
				void* _t112;
				signed long long _t120;
				signed long long _t121;
				long long _t125;
				intOrPtr _t134;
				intOrPtr* _t135;
				long long _t149;
				intOrPtr _t154;
				void* _t159;
				intOrPtr _t160;
				intOrPtr _t174;
				signed long long _t175;
				char _t177;
				long long _t185;
				intOrPtr _t190;
				intOrPtr _t195;
				void* _t196;
				intOrPtr _t199;
				intOrPtr _t202;
				void* _t206;
				void* _t207;
				void* _t208;
				void* _t211;

				_t215 = __r14;
				_t207 = __rbp;
				_a16 = __rbx;
				_t209 = _t208 - 0x130;
				_t120 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_t121 = _t120 ^ _t208 - 0x00000130;
				_v16 = _t121;
				_t159 = __rcx;
				OutputDebugStringA(??); // executed
				_v112 = 0;
				_v88 = 0xf;
				_v96 = 6;
				_t73 = "system"; // 0x74737973
				_v112 = _t73;
				_v108 =  *0x1fd2ba84 & 0x0000ffff;
				_v106 = 0;
				_v80 = 0;
				asm("movdqa xmm0, [0x303b5]");
				asm("movdqu [esp+0xf8], xmm0");
				_v80 = 0;
				E00007FFC7FFC1FD0D640(__rcx, "wfaxport.dll initialize", _t211);
				if ( &_v80 == _t121) goto 0x1fcfc02c;
				_t212 =  *((intOrPtr*)(_t121 + 0x10));
				if ( *((long long*)(_t121 + 0x18)) - 0x10 < 0) goto 0x1fcfc01c;
				E00007FFC7FFC1FCF9100(_t159,  &_v80,  *_t121,  *((intOrPtr*)(_t121 + 0x10)), __r14);
				E00007FFC7FFC1FD106F0( *((long long*)(_t121 + 0x18)) - 0x10,  *_t121,  &_v112,  *((intOrPtr*)(_t121 + 0x10)));
				_t185 = _v88;
				if (_t185 - 0x10 < 0) goto 0x1fcfc080;
				if (_t185 + 1 - 0x1000 < 0) goto 0x1fcfc07b;
				_t125 = _v112 -  *((intOrPtr*)(_v112 - 8)) + 0xfffffff8;
				if (_t125 - 0x1f <= 0) goto 0x1fcfc07b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v96 = 0;
				_v88 = 0xf;
				_v112 = 0;
				E00007FFC7FFC1FD04280(_t100, _t159,  &_v48, _t159, _t206, _t207);
				_v280 = _t125;
				r8d = 0xd7;
				E00007FFC7FFC1FCF5600(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "InitializePrintMonitor \'{}\'"); // executed
				_t190 = _v24;
				if (_t190 - 0x10 < 0) goto 0x1fcfc11b;
				_t170 = _v48;
				if (_t190 + 1 - 0x1000 < 0) goto 0x1fcfc116;
				if (_v48 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfc116;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				E00007FFC7FFC1FCFE0D0( *((intOrPtr*)(_t170 - 8)), _t190 + 0x28);
				E00007FFC7FFC1FD04280(_t100, _t159,  &_v48, _t159, _t206, _t207);
				E00007FFC7FFC1FCFFE00(_v48 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8 - 0x1f, _t159, _v48 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8, _v48 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8, _t207,  *((intOrPtr*)(_t121 + 0x10)), _t215); // executed
				_t195 = _v24;
				if (_t195 - 0x10 < 0) goto 0x1fcfc187;
				_t196 = _t195 + 1;
				_t174 = _v48;
				if (_t196 - 0x1000 < 0) goto 0x1fcfc181;
				_t175 =  *((intOrPtr*)(_t174 - 8));
				if (_t174 - _t175 + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfc181;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_t112 =  *0x1fd41a88 -  *((intOrPtr*)(_t196 + 0x27 +  *((intOrPtr*)( *[gs:0x58] + _t175 * 8)))); // 0x8000000c
				if (_t112 > 0) goto 0x1fcfc3f8;
				_t134 =  *0x1fd41a80; // 0x67bed0
				asm("xorps xmm0, xmm0");
				asm("movups [eax+0x8], xmm0");
				asm("movups [eax+0x18], xmm0");
				asm("movups [eax+0x28], xmm0");
				asm("movups [eax+0x38], xmm0");
				asm("movups [eax+0x48], xmm0");
				asm("movups [eax+0x58], xmm0");
				asm("movups [eax+0x68], xmm0");
				asm("movups [eax+0x78], xmm0");
				 *(_t134 + 0x88) = _t175;
				_t135 =  *0x1fd41a80; // 0x67bed0
				 *_t135 = 0x88;
				_v256 = 0x7ffc1fcfa1f0;
				_v248 = 0x7ffc1fcfa620;
				_v240 = 0x7ffc1fcfa8e0;
				_v232 = 0x7ffc1fcfab60;
				_v224 = 0x7ffc1fcfae80;
				_v216 = 0x7ffc1fcfa8f0;
				_v208 = 0x7ffc1fcfa000;
				_v200 = 0x7ffc1fcf9780;
				_v192 = 0x7ffc1fcf93c0;
				_v184 = 0x7ffc1fcf9770;
				_v176 = 0x7ffc1fcf9980;
				_v168 = 0x7ffc1fcf9c50;
				asm("xorps xmm2, xmm2");
				_v128 = 0x7ffc1fcf9c50;
				asm("movups xmm0, [esp+0x38]");
				asm("movups [eax+0x8], xmm0");
				asm("movups xmm1, [esp+0x48]");
				asm("movups [eax+0x18], xmm1");
				asm("movups xmm0, [esp+0x58]");
				asm("movups [eax+0x28], xmm0");
				asm("movups xmm1, [esp+0x68]");
				asm("movups [eax+0x38], xmm1");
				asm("movups xmm0, [esp+0x78]");
				asm("movups [eax+0x48], xmm0");
				asm("movups xmm1, [esp+0x88]");
				asm("movups [eax+0x58], xmm1");
				asm("movups [eax+0x68], xmm2");
				asm("movups [eax+0x78], xmm2");
				asm("movsd xmm0, [esp+0xb8]");
				asm("movsd [eax+0x88], xmm0");
				_t149 =  *0x1fd41a80; // 0x67bed0
				_v264 = _t149;
				_v280 =  &_v264;
				r8d = 0xf0;
				E00007FFC7FFC1FCF5DB0(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "return MONITOREX {:#x}");
				_t160 =  *0x1fd41a80; // 0x67bed0
				E00007FFC7FFC1FD106F0(_t112,  &_v264,  &_v80,  *((intOrPtr*)(_t121 + 0x10)));
				_t199 = _v56;
				if (_t199 - 0x10 < 0) goto 0x1fcfc37c;
				_t177 = _v80;
				if (_t199 + 1 - 0x1000 < 0) goto 0x1fcfc376;
				_t115 = _t177 -  *((intOrPtr*)(_t177 - 8)) + 0xfffffff8 - 0x1f;
				if (_t177 -  *((intOrPtr*)(_t177 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfc376;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_t154 = _t160;
				E00007FFC7FFC1FD106F0(_t115, _t154,  &_v80, _t212);
				_t202 = _v56;
				if (_t202 - 0x10 < 0) goto 0x1fcfc3d5;
				if (_t202 + 1 - 0x1000 < 0) goto 0x1fcfc3cf;
				if (_v80 -  *((intOrPtr*)(_v80 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfc3cf;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				return E00007FFC7FFC1FD15E20(0, 1, _v16 ^ _t209);
			}





















































                                                                                                                                                0x7ffc1fcfbf60
                                                                                                                                                0x7ffc1fcfbf60
                                                                                                                                                0x7ffc1fcfbf60
                                                                                                                                                0x7ffc1fcfbf66
                                                                                                                                                0x7ffc1fcfbf6d
                                                                                                                                                0x7ffc1fcfbf74
                                                                                                                                                0x7ffc1fcfbf77
                                                                                                                                                0x7ffc1fcfbf7f
                                                                                                                                                0x7ffc1fcfbf89
                                                                                                                                                0x7ffc1fcfbf8f
                                                                                                                                                0x7ffc1fcfbf9b
                                                                                                                                                0x7ffc1fcfbfa7
                                                                                                                                                0x7ffc1fcfbfb3
                                                                                                                                                0x7ffc1fcfbfb9
                                                                                                                                                0x7ffc1fcfbfc7
                                                                                                                                                0x7ffc1fcfbfcf
                                                                                                                                                0x7ffc1fcfbfd7
                                                                                                                                                0x7ffc1fcfbfe3
                                                                                                                                                0x7ffc1fcfbfeb
                                                                                                                                                0x7ffc1fcfbff4
                                                                                                                                                0x7ffc1fcfbffc
                                                                                                                                                0x7ffc1fcfc00c
                                                                                                                                                0x7ffc1fcfc00e
                                                                                                                                                0x7ffc1fcfc017
                                                                                                                                                0x7ffc1fcfc027
                                                                                                                                                0x7ffc1fcfc034
                                                                                                                                                0x7ffc1fcfc03a
                                                                                                                                                0x7ffc1fcfc046
                                                                                                                                                0x7ffc1fcfc05d
                                                                                                                                                0x7ffc1fcfc06a
                                                                                                                                                0x7ffc1fcfc072
                                                                                                                                                0x7ffc1fcfc074
                                                                                                                                                0x7ffc1fcfc07a
                                                                                                                                                0x7ffc1fcfc07b
                                                                                                                                                0x7ffc1fcfc080
                                                                                                                                                0x7ffc1fcfc08c
                                                                                                                                                0x7ffc1fcfc098
                                                                                                                                                0x7ffc1fcfc0ab
                                                                                                                                                0x7ffc1fcfc0b1
                                                                                                                                                0x7ffc1fcfc0bd
                                                                                                                                                0x7ffc1fcfc0cf
                                                                                                                                                0x7ffc1fcfc0d5
                                                                                                                                                0x7ffc1fcfc0e1
                                                                                                                                                0x7ffc1fcfc0e6
                                                                                                                                                0x7ffc1fcfc0f8
                                                                                                                                                0x7ffc1fcfc10d
                                                                                                                                                0x7ffc1fcfc10f
                                                                                                                                                0x7ffc1fcfc115
                                                                                                                                                0x7ffc1fcfc116
                                                                                                                                                0x7ffc1fcfc11b
                                                                                                                                                0x7ffc1fcfc12e
                                                                                                                                                0x7ffc1fcfc13a
                                                                                                                                                0x7ffc1fcfc140
                                                                                                                                                0x7ffc1fcfc14c
                                                                                                                                                0x7ffc1fcfc14e
                                                                                                                                                0x7ffc1fcfc151
                                                                                                                                                0x7ffc1fcfc163
                                                                                                                                                0x7ffc1fcfc169
                                                                                                                                                0x7ffc1fcfc178
                                                                                                                                                0x7ffc1fcfc17a
                                                                                                                                                0x7ffc1fcfc180
                                                                                                                                                0x7ffc1fcfc181
                                                                                                                                                0x7ffc1fcfc1a2
                                                                                                                                                0x7ffc1fcfc1a8
                                                                                                                                                0x7ffc1fcfc1ae
                                                                                                                                                0x7ffc1fcfc1b5
                                                                                                                                                0x7ffc1fcfc1ba
                                                                                                                                                0x7ffc1fcfc1be
                                                                                                                                                0x7ffc1fcfc1c2
                                                                                                                                                0x7ffc1fcfc1c6
                                                                                                                                                0x7ffc1fcfc1ca
                                                                                                                                                0x7ffc1fcfc1ce
                                                                                                                                                0x7ffc1fcfc1d2
                                                                                                                                                0x7ffc1fcfc1d6
                                                                                                                                                0x7ffc1fcfc1da
                                                                                                                                                0x7ffc1fcfc1e1
                                                                                                                                                0x7ffc1fcfc1e8
                                                                                                                                                0x7ffc1fcfc1f5
                                                                                                                                                0x7ffc1fcfc201
                                                                                                                                                0x7ffc1fcfc20d
                                                                                                                                                0x7ffc1fcfc219
                                                                                                                                                0x7ffc1fcfc225
                                                                                                                                                0x7ffc1fcfc231
                                                                                                                                                0x7ffc1fcfc23d
                                                                                                                                                0x7ffc1fcfc249
                                                                                                                                                0x7ffc1fcfc255
                                                                                                                                                0x7ffc1fcfc261
                                                                                                                                                0x7ffc1fcfc270
                                                                                                                                                0x7ffc1fcfc27f
                                                                                                                                                0x7ffc1fcfc287
                                                                                                                                                0x7ffc1fcfc28c
                                                                                                                                                0x7ffc1fcfc29b
                                                                                                                                                0x7ffc1fcfc2a0
                                                                                                                                                0x7ffc1fcfc2a4
                                                                                                                                                0x7ffc1fcfc2a9
                                                                                                                                                0x7ffc1fcfc2ad
                                                                                                                                                0x7ffc1fcfc2b2
                                                                                                                                                0x7ffc1fcfc2b6
                                                                                                                                                0x7ffc1fcfc2bb
                                                                                                                                                0x7ffc1fcfc2bf
                                                                                                                                                0x7ffc1fcfc2c4
                                                                                                                                                0x7ffc1fcfc2c8
                                                                                                                                                0x7ffc1fcfc2d0
                                                                                                                                                0x7ffc1fcfc2d4
                                                                                                                                                0x7ffc1fcfc2d8
                                                                                                                                                0x7ffc1fcfc2dc
                                                                                                                                                0x7ffc1fcfc2e5
                                                                                                                                                0x7ffc1fcfc2ed
                                                                                                                                                0x7ffc1fcfc2f4
                                                                                                                                                0x7ffc1fcfc2fe
                                                                                                                                                0x7ffc1fcfc30a
                                                                                                                                                0x7ffc1fcfc31c
                                                                                                                                                0x7ffc1fcfc321
                                                                                                                                                0x7ffc1fcfc330
                                                                                                                                                0x7ffc1fcfc335
                                                                                                                                                0x7ffc1fcfc341
                                                                                                                                                0x7ffc1fcfc346
                                                                                                                                                0x7ffc1fcfc358
                                                                                                                                                0x7ffc1fcfc369
                                                                                                                                                0x7ffc1fcfc36d
                                                                                                                                                0x7ffc1fcfc36f
                                                                                                                                                0x7ffc1fcfc375
                                                                                                                                                0x7ffc1fcfc376
                                                                                                                                                0x7ffc1fcfc37c
                                                                                                                                                0x7ffc1fcfc389
                                                                                                                                                0x7ffc1fcfc38e
                                                                                                                                                0x7ffc1fcfc39a
                                                                                                                                                0x7ffc1fcfc3b1
                                                                                                                                                0x7ffc1fcfc3c6
                                                                                                                                                0x7ffc1fcfc3c8
                                                                                                                                                0x7ffc1fcfc3ce
                                                                                                                                                0x7ffc1fcfc3cf
                                                                                                                                                0x7ffc1fcfc3f7

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$DebugOutputString__tlregdtor
                                                                                                                                                • String ID: InitializePrintMonitor '{}'$c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$return MONITOREX {:#x}$system$wfaxport.dll initialize
                                                                                                                                                • API String ID: 4009608328-1001868195
                                                                                                                                                • Opcode ID: 8a945a9737c092440fecb425aedbfe83d9223102503b92f5e5b93206be17f888
                                                                                                                                                • Instruction ID: 814def2003f22ad632c864f07593330475b4c1d6245f6dd81ef057a3bf222066
                                                                                                                                                • Opcode Fuzzy Hash: 8a945a9737c092440fecb425aedbfe83d9223102503b92f5e5b93206be17f888
                                                                                                                                                • Instruction Fuzzy Hash: 2DD15D22E18F9A81FA24DF14E8503B9B360FBD5760F409236DA9D027A5EF6CE1E4D750
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD00020 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 193COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 432 7ffc1fd00020-7ffc1fd00083 call 7ffc1fd03d90 call 7ffc1fd03c10 437 7ffc1fd000f5 432->437 438 7ffc1fd00085-7ffc1fd0008e 432->438 441 7ffc1fd000f7-7ffc1fd00103 437->441 439 7ffc1fd00090-7ffc1fd000a2 438->439 440 7ffc1fd000be-7ffc1fd000f3 438->440 442 7ffc1fd000b9 call 7ffc1fd156e4 439->442 443 7ffc1fd000a4-7ffc1fd000b7 439->443 440->441 444 7ffc1fd00105-7ffc1fd0011a 441->444 445 7ffc1fd0013e-7ffc1fd00156 call 7ffc1fd03b40 441->445 442->440 443->442 447 7ffc1fd00131-7ffc1fd00137 _invalid_parameter_noinfo_noreturn 443->447 449 7ffc1fd00138-7ffc1fd0013d call 7ffc1fd156e4 444->449 450 7ffc1fd0011c-7ffc1fd0012f 444->450 455 7ffc1fd00158-7ffc1fd0017a call 7ffc1fcf5600 445->455 456 7ffc1fd0017f-7ffc1fd00202 call 7ffc1fcf49b0 call 7ffc1fd03b40 445->456 447->449 449->445 450->447 450->449 455->456 462 7ffc1fd00204-7ffc1fd00229 call 7ffc1fcf5600 456->462 463 7ffc1fd0022e-7ffc1fd002b3 call 7ffc1fcf49b0 call 7ffc1fd03b40 456->463 462->463 468 7ffc1fd002b8-7ffc1fd002ba 463->468 469 7ffc1fd002e6-7ffc1fd00325 468->469 470 7ffc1fd002bc-7ffc1fd002e1 call 7ffc1fcf5600 468->470 472 7ffc1fd00327-7ffc1fd0033c 469->472 473 7ffc1fd0035f-7ffc1fd00384 469->473 470->469 474 7ffc1fd0035a call 7ffc1fd156e4 472->474 475 7ffc1fd0033e-7ffc1fd00351 472->475 476 7ffc1fd003bb-7ffc1fd003e2 call 7ffc1fd15e20 473->476 477 7ffc1fd00386-7ffc1fd00398 473->477 474->473 475->474 479 7ffc1fd00353-7ffc1fd00359 _invalid_parameter_noinfo_noreturn 475->479 481 7ffc1fd0039a-7ffc1fd003ad 477->481 482 7ffc1fd003b6 call 7ffc1fd156e4 477->482 479->474 481->482 484 7ffc1fd003af-7ffc1fd003b5 _invalid_parameter_noinfo_noreturn 481->484 482->476 484->482
                                                                                                                                                C-Code - Quality: 36%
                                                                                                                                                			E00007FFC7FFC1FD00020(long long __rbx, long long __rcx, long long __rsi, void* __r8, long long _a16, long long _a24) {
				void* _v8;
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				long long _v64;
				long long _v72;
				char _v88;
				long long _v96;
				char _v104;
				long long _v112;
				long long _v120;
				char _v136;
				long long _v144;
				long long _v152;
				char _v168;
				long long _v176;
				char _v184;
				long long _v208;
				long long _v216;
				long long _v232;
				void* __rdi;
				void* _t77;
				void* _t81;
				void* _t84;
				void* _t87;
				void* _t92;
				signed long long _t118;
				signed long long _t119;
				long long _t170;
				intOrPtr _t173;
				long long _t181;
				intOrPtr _t184;
				long long _t187;
				signed long long _t189;
				void* _t191;
				void* _t192;
				void* _t195;
				void* _t202;

				_t195 = __r8;
				_a16 = __rbx;
				_a24 = __rsi;
				_t193 = _t192 - 0x100;
				_t118 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_t119 = _t118 ^ _t192 - 0x00000100;
				_v24 = _t119;
				_v104 = __rcx;
				_t77 = E00007FFC7FFC1FD03D90(_t92, __rcx,  &_v168, __rsi, _t191, __r8, _t202);
				asm("movups xmm0, [0x2e0a7]");
				asm("movaps [esp+0x30], xmm0");
				E00007FFC7FFC1FD03C10(_t77, _t92, __rcx,  &_v56, _t195, _t202); // executed
				_t189 = _t119;
				if ( &_v168 == _t189) goto 0x1fd000f5;
				_t170 = _v144;
				if (_t170 - 0x10 < 0) goto 0x1fd000be;
				if (_t170 + 1 - 0x1000 < 0) goto 0x1fd000b9;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x1fd00131;
				E00007FFC7FFC1FD156E4();
				_v152 = _t187;
				_v144 = 0xf;
				_v168 = dil;
				asm("movups xmm0, [esi]");
				asm("movups [esp+0x60], xmm0");
				asm("movups xmm1, [esi+0x10]");
				asm("movups [esp+0x70], xmm1");
				 *((long long*)(_t189 + 0x10)) = _t187;
				 *((long long*)(_t189 + 0x18)) = 0xf;
				 *_t189 = dil;
				goto 0x1fd000f7;
				_t173 = _v32;
				if (_t173 - 0x10 < 0) goto 0x1fd0013e;
				if (_t173 + 1 - 0x1000 < 0) goto 0x1fd00138;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fd00138;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_t81 = E00007FFC7FFC1FD03B40( &_v168); // executed
				if (_t81 != 0) goto 0x1fd0017f;
				_v232 =  &_v168;
				r8d = 0x1d;
				E00007FFC7FFC1FCF5600(_t195 - 0x19, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create ProgramData dir \'{}\'");
				_t129 =  >=  ? _v168 :  &_v168;
				_v104 =  >=  ? _v168 :  &_v168;
				_v96 = _v152;
				_v184 = 0xe;
				_v176 =  &_v104;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x30], xmm0");
				_v184 = "{}\\Wildix";
				_v176 = 9;
				E00007FFC7FFC1FCF49B0(_v104,  &_v136, _t187, _t189);
				_t84 = E00007FFC7FFC1FD03B40( &_v136); // executed
				if (_t84 != 0) goto 0x1fd0022e;
				_v232 =  &_v136;
				r8d = 0x20;
				E00007FFC7FFC1FCF5600( &_v216 - 0x1c, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create Wildix dir \'{}\'");
				_t135 =  >=  ? _v136 :  &_v136;
				_v184 =  >=  ? _v136 :  &_v136;
				_v176 = _v120;
				_v216 = 0xe;
				_v208 =  &_v184;
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0xd0], xmm0");
				_v216 = "{}\\FaxPrinter";
				_v208 = 0xd;
				E00007FFC7FFC1FCF49B0(_v104,  &_v88, _t187, _t189);
				_t87 = E00007FFC7FFC1FD03B40( &_v88); // executed
				if (_t87 != 0) goto 0x1fd002e6;
				_v232 =  &_v88;
				r8d = 0x23;
				E00007FFC7FFC1FCF5600( &_v56 - 0x1f, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create printing dir \'{}\'");
				asm("movups xmm0, [esp+0xb0]");
				asm("movups [ebx], xmm0");
				asm("movups xmm1, [esp+0xc0]");
				asm("movups [ebx+0x10], xmm1");
				_v72 = _t187;
				_v64 = 0xf;
				_v88 = 0;
				_t181 = _v112;
				if (_t181 - 0x10 < 0) goto 0x1fd0035f;
				if (_t181 + 1 - 0x1000 < 0) goto 0x1fd0035a;
				if (_v136 -  *((intOrPtr*)(_v136 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fd0035a;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v120 = _t187;
				_v112 = 0xf;
				_v136 = 0;
				_t184 = _v144;
				if (_t184 - 0x10 < 0) goto 0x1fd003bb;
				if (_t184 + 1 - 0x1000 < 0) goto 0x1fd003b6;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fd003b6;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFC7FFC1FD15E20(E00007FFC7FFC1FD156E4(),  &_v56 - 0x1f, _v24 ^ _t193);
			}









































                                                                                                                                                0x7ffc1fd00020
                                                                                                                                                0x7ffc1fd00020
                                                                                                                                                0x7ffc1fd00025
                                                                                                                                                0x7ffc1fd0002b
                                                                                                                                                0x7ffc1fd00032
                                                                                                                                                0x7ffc1fd00039
                                                                                                                                                0x7ffc1fd0003c
                                                                                                                                                0x7ffc1fd00047
                                                                                                                                                0x7ffc1fd00054
                                                                                                                                                0x7ffc1fd0005a
                                                                                                                                                0x7ffc1fd00061
                                                                                                                                                0x7ffc1fd00073
                                                                                                                                                0x7ffc1fd00078
                                                                                                                                                0x7ffc1fd00083
                                                                                                                                                0x7ffc1fd00085
                                                                                                                                                0x7ffc1fd0008e
                                                                                                                                                0x7ffc1fd000a2
                                                                                                                                                0x7ffc1fd000b7
                                                                                                                                                0x7ffc1fd000b9
                                                                                                                                                0x7ffc1fd000c0
                                                                                                                                                0x7ffc1fd000c5
                                                                                                                                                0x7ffc1fd000ce
                                                                                                                                                0x7ffc1fd000d3
                                                                                                                                                0x7ffc1fd000d6
                                                                                                                                                0x7ffc1fd000db
                                                                                                                                                0x7ffc1fd000df
                                                                                                                                                0x7ffc1fd000e4
                                                                                                                                                0x7ffc1fd000e8
                                                                                                                                                0x7ffc1fd000f0
                                                                                                                                                0x7ffc1fd000f3
                                                                                                                                                0x7ffc1fd000f7
                                                                                                                                                0x7ffc1fd00103
                                                                                                                                                0x7ffc1fd0011a
                                                                                                                                                0x7ffc1fd0012f
                                                                                                                                                0x7ffc1fd00131
                                                                                                                                                0x7ffc1fd00137
                                                                                                                                                0x7ffc1fd00138
                                                                                                                                                0x7ffc1fd0014f
                                                                                                                                                0x7ffc1fd00156
                                                                                                                                                0x7ffc1fd0015d
                                                                                                                                                0x7ffc1fd00169
                                                                                                                                                0x7ffc1fd0017a
                                                                                                                                                0x7ffc1fd0018a
                                                                                                                                                0x7ffc1fd00190
                                                                                                                                                0x7ffc1fd0019d
                                                                                                                                                0x7ffc1fd001a5
                                                                                                                                                0x7ffc1fd001b6
                                                                                                                                                0x7ffc1fd001bb
                                                                                                                                                0x7ffc1fd001c0
                                                                                                                                                0x7ffc1fd001cd
                                                                                                                                                0x7ffc1fd001d2
                                                                                                                                                0x7ffc1fd001ed
                                                                                                                                                0x7ffc1fd001fb
                                                                                                                                                0x7ffc1fd00202
                                                                                                                                                0x7ffc1fd0020c
                                                                                                                                                0x7ffc1fd00218
                                                                                                                                                0x7ffc1fd00229
                                                                                                                                                0x7ffc1fd0023f
                                                                                                                                                0x7ffc1fd00248
                                                                                                                                                0x7ffc1fd00255
                                                                                                                                                0x7ffc1fd0025a
                                                                                                                                                0x7ffc1fd00268
                                                                                                                                                0x7ffc1fd0026d
                                                                                                                                                0x7ffc1fd00272
                                                                                                                                                0x7ffc1fd00282
                                                                                                                                                0x7ffc1fd00287
                                                                                                                                                0x7ffc1fd002a5
                                                                                                                                                0x7ffc1fd002b3
                                                                                                                                                0x7ffc1fd002ba
                                                                                                                                                0x7ffc1fd002c4
                                                                                                                                                0x7ffc1fd002d0
                                                                                                                                                0x7ffc1fd002e1
                                                                                                                                                0x7ffc1fd002e6
                                                                                                                                                0x7ffc1fd002ee
                                                                                                                                                0x7ffc1fd002f1
                                                                                                                                                0x7ffc1fd002f9
                                                                                                                                                0x7ffc1fd002fd
                                                                                                                                                0x7ffc1fd00305
                                                                                                                                                0x7ffc1fd00311
                                                                                                                                                0x7ffc1fd00319
                                                                                                                                                0x7ffc1fd00325
                                                                                                                                                0x7ffc1fd0033c
                                                                                                                                                0x7ffc1fd00351
                                                                                                                                                0x7ffc1fd00353
                                                                                                                                                0x7ffc1fd00359
                                                                                                                                                0x7ffc1fd0035a
                                                                                                                                                0x7ffc1fd0035f
                                                                                                                                                0x7ffc1fd00367
                                                                                                                                                0x7ffc1fd00373
                                                                                                                                                0x7ffc1fd0037b
                                                                                                                                                0x7ffc1fd00384
                                                                                                                                                0x7ffc1fd00398
                                                                                                                                                0x7ffc1fd003ad
                                                                                                                                                0x7ffc1fd003af
                                                                                                                                                0x7ffc1fd003b5
                                                                                                                                                0x7ffc1fd003e2

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00007FFC1FD03D90: GetTempPathW.KERNEL32 ref: 00007FFC1FD03DDA
                                                                                                                                                  • Part of subcall function 00007FFC1FD03D90: GetLastError.KERNEL32 ref: 00007FFC1FD03DE4
                                                                                                                                                  • Part of subcall function 00007FFC1FD03D90: WideCharToMultiByte.KERNEL32 ref: 00007FFC1FD03E63
                                                                                                                                                  • Part of subcall function 00007FFC1FD03D90: WideCharToMultiByte.KERNEL32 ref: 00007FFC1FD03E9C
                                                                                                                                                  • Part of subcall function 00007FFC1FD03C10: WideCharToMultiByte.KERNEL32 ref: 00007FFC1FD03CE0
                                                                                                                                                  • Part of subcall function 00007FFC1FD03C10: WideCharToMultiByte.KERNEL32 ref: 00007FFC1FD03D19
                                                                                                                                                  • Part of subcall function 00007FFC1FD03C10: CoTaskMemFree.OLE32 ref: 00007FFC1FD03D27
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD00131
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ByteCharMultiWide$ErrorFreeLastPathTaskTemp_invalid_parameter_noinfo_noreturn
                                                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$couldn't create ProgramData dir '{}'$couldn't create Wildix dir '{}'$couldn't create printing dir '{}'${}\FaxPrinter${}\Wildix
                                                                                                                                                • API String ID: 965925647-3675253893
                                                                                                                                                • Opcode ID: c58682fe83c140aa809a0b497b6bdb49f28910595aac2103895e1e7c52127337
                                                                                                                                                • Instruction ID: f2150c5b2bc53cb3ea7631d9bcee0ed27732abad879a6b6b3ad5c2d6896c1840
                                                                                                                                                • Opcode Fuzzy Hash: c58682fe83c140aa809a0b497b6bdb49f28910595aac2103895e1e7c52127337
                                                                                                                                                • Instruction Fuzzy Hash: 0BA15E22A18FD991EA24EF14F4443BEB361FB953A4F405231E6DC42AA9DF7CE194C790
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD00140 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 127COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                C-Code - Quality: 45%
                                                                                                                                                			E00007FFC7FFC1FD00140(long long __rdi, void* __rsi, void* __r8, long long _a32, long long _a48, long long _a56, char _a80, long long _a88, char _a96, long long _a112, intOrPtr _a120, char _a128, long long _a144, long long _a152, char _a160, long long _a168, char _a176, long long _a192, long long _a200, char _a208, signed int _a240, void* _a256) {
				void* _t58;
				void* _t61;
				void* _t64;
				long long _t123;
				intOrPtr _t126;
				long long _t129;
				signed long long _t133;

				_t131 = __rsi;
				_t129 = __rdi;
				_t58 = E00007FFC7FFC1FD03B40( &_a96); // executed
				if (_t58 != 0) goto 0x1fd0017f;
				_a32 =  &_a96;
				r8d = 0x1d;
				E00007FFC7FFC1FCF5600(__r8 - 0x19, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create ProgramData dir \'{}\'");
				_t87 =  >=  ? _a96 :  &_a96;
				_a160 =  >=  ? _a96 :  &_a96;
				_a168 = _a112;
				_a80 = 0xe;
				_a88 =  &_a160;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x30], xmm0");
				_a80 = "{}\\Wildix";
				_a88 = 9;
				E00007FFC7FFC1FCF49B0(_a160,  &_a128, __rdi, __rsi);
				_t61 = E00007FFC7FFC1FD03B40( &_a128); // executed
				if (_t61 != 0) goto 0x1fd0022e;
				_a32 =  &_a128;
				r8d = 0x20;
				E00007FFC7FFC1FCF5600( &_a48 - 0x1c, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create Wildix dir \'{}\'");
				_t93 =  >=  ? _a128 :  &_a128;
				_a80 =  >=  ? _a128 :  &_a128;
				_a88 = _a144;
				_a48 = 0xe;
				_a56 =  &_a80;
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0xd0], xmm0");
				_a48 = "{}\\FaxPrinter";
				_a56 = 0xd;
				E00007FFC7FFC1FCF49B0(_a160,  &_a176, _t129, _t131);
				_t64 = E00007FFC7FFC1FD03B40( &_a176); // executed
				if (_t64 != 0) goto 0x1fd002e6;
				_a32 =  &_a176;
				r8d = 0x23;
				E00007FFC7FFC1FCF5600( &_a208 - 0x1f, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t create printing dir \'{}\'");
				asm("movups xmm0, [esp+0xb0]");
				asm("movups [ebx], xmm0");
				asm("movups xmm1, [esp+0xc0]");
				asm("movups [ebx+0x10], xmm1");
				_a192 = _t129;
				_a200 = 0xf;
				_a176 = 0;
				_t123 = _a152;
				if (_t123 - 0x10 < 0) goto 0x1fd0035f;
				if (_t123 + 1 - 0x1000 < 0) goto 0x1fd0035a;
				if (_a128 -  *((intOrPtr*)(_a128 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fd0035a;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_a144 = _t129;
				_a152 = 0xf;
				_a128 = 0;
				_t126 = _a120;
				if (_t126 - 0x10 < 0) goto 0x1fd003bb;
				if (_t126 + 1 - 0x1000 < 0) goto 0x1fd003b6;
				if (_a96 -  *((intOrPtr*)(_a96 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fd003b6;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFC7FFC1FD15E20(E00007FFC7FFC1FD156E4(),  &_a208 - 0x1f, _a240 ^ _t133);
			}










                                                                                                                                                0x7ffc1fd00140
                                                                                                                                                0x7ffc1fd00140
                                                                                                                                                0x7ffc1fd0014f
                                                                                                                                                0x7ffc1fd00156
                                                                                                                                                0x7ffc1fd0015d
                                                                                                                                                0x7ffc1fd00169
                                                                                                                                                0x7ffc1fd0017a
                                                                                                                                                0x7ffc1fd0018a
                                                                                                                                                0x7ffc1fd00190
                                                                                                                                                0x7ffc1fd0019d
                                                                                                                                                0x7ffc1fd001a5
                                                                                                                                                0x7ffc1fd001b6
                                                                                                                                                0x7ffc1fd001bb
                                                                                                                                                0x7ffc1fd001c0
                                                                                                                                                0x7ffc1fd001cd
                                                                                                                                                0x7ffc1fd001d2
                                                                                                                                                0x7ffc1fd001ed
                                                                                                                                                0x7ffc1fd001fb
                                                                                                                                                0x7ffc1fd00202
                                                                                                                                                0x7ffc1fd0020c
                                                                                                                                                0x7ffc1fd00218
                                                                                                                                                0x7ffc1fd00229
                                                                                                                                                0x7ffc1fd0023f
                                                                                                                                                0x7ffc1fd00248
                                                                                                                                                0x7ffc1fd00255
                                                                                                                                                0x7ffc1fd0025a
                                                                                                                                                0x7ffc1fd00268
                                                                                                                                                0x7ffc1fd0026d
                                                                                                                                                0x7ffc1fd00272
                                                                                                                                                0x7ffc1fd00282
                                                                                                                                                0x7ffc1fd00287
                                                                                                                                                0x7ffc1fd002a5
                                                                                                                                                0x7ffc1fd002b3
                                                                                                                                                0x7ffc1fd002ba
                                                                                                                                                0x7ffc1fd002c4
                                                                                                                                                0x7ffc1fd002d0
                                                                                                                                                0x7ffc1fd002e1
                                                                                                                                                0x7ffc1fd002e6
                                                                                                                                                0x7ffc1fd002ee
                                                                                                                                                0x7ffc1fd002f1
                                                                                                                                                0x7ffc1fd002f9
                                                                                                                                                0x7ffc1fd002fd
                                                                                                                                                0x7ffc1fd00305
                                                                                                                                                0x7ffc1fd00311
                                                                                                                                                0x7ffc1fd00319
                                                                                                                                                0x7ffc1fd00325
                                                                                                                                                0x7ffc1fd0033c
                                                                                                                                                0x7ffc1fd00351
                                                                                                                                                0x7ffc1fd00353
                                                                                                                                                0x7ffc1fd00359
                                                                                                                                                0x7ffc1fd0035a
                                                                                                                                                0x7ffc1fd0035f
                                                                                                                                                0x7ffc1fd00367
                                                                                                                                                0x7ffc1fd00373
                                                                                                                                                0x7ffc1fd0037b
                                                                                                                                                0x7ffc1fd00384
                                                                                                                                                0x7ffc1fd00398
                                                                                                                                                0x7ffc1fd003ad
                                                                                                                                                0x7ffc1fd003af
                                                                                                                                                0x7ffc1fd003b5
                                                                                                                                                0x7ffc1fd003e2

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00007FFC1FD03B40: CreateDirectoryW.KERNELBASE ref: 00007FFC1FD03B7F
                                                                                                                                                  • Part of subcall function 00007FFC1FD03B40: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD03BC0
                                                                                                                                                  • Part of subcall function 00007FFC1FD03B40: GetLastError.KERNEL32 ref: 00007FFC1FD03BD0
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD00353
                                                                                                                                                  • Part of subcall function 00007FFC1FCF5600: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF574B
                                                                                                                                                  • Part of subcall function 00007FFC1FCF5600: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF5792
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD003AF
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$CreateDirectoryErrorLast
                                                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$couldn't create ProgramData dir '{}'$couldn't create Wildix dir '{}'$couldn't create printing dir '{}'${}\FaxPrinter${}\Wildix
                                                                                                                                                • API String ID: 3337396845-3675253893
                                                                                                                                                • Opcode ID: e521db47b4886a37dff7e35a1e7e0546d378e792aa275872bb417e4f7680215d
                                                                                                                                                • Instruction ID: 7d7414fb773f257ed9bc1104be13b6e1533fd157b6918f98999f2132c893d80d
                                                                                                                                                • Opcode Fuzzy Hash: e521db47b4886a37dff7e35a1e7e0546d378e792aa275872bb417e4f7680215d
                                                                                                                                                • Instruction Fuzzy Hash: D2613F32618FD995EB24DF14F4443AAB361FB94364F804232D6DC42AA9EF7CD198CB90
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCFBD60 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 113threadCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                C-Code - Quality: 60%
                                                                                                                                                			E00007FFC7FFC1FCFBD60(void* __edx, long long __rbx, long long __rcx, void* __rbp, void* __r14, long long _a16) {
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				long long _v64;
				long long _v72;
				char _v80;
				char _v88;
				char _v104;
				long long _v120;
				signed long long _t64;
				long long _t76;
				long long _t91;
				intOrPtr _t97;
				long long _t100;
				void* _t102;
				void* _t105;

				_t76 = __rbx;
				_a16 = __rbx;
				_t64 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_v24 = _t64 ^ _t102 - 0x00000090;
				_t100 = __rcx;
				_v64 = 0xf;
				_v72 = 8;
				_v88 = 0x5f6c6c64;
				_v80 = 0;
				_v56 = 0;
				asm("movdqa xmm0, [0x305e5]");
				asm("movdqu [esp+0x70], xmm0");
				_v56 = 0;
				E00007FFC7FFC1FD0D640(__rbx, __rcx, _t105);
				if ( &_v56 == 0x5f6c6c64) goto 0x1fcfbdf0;
				if ( *0x6E69616D5F6C6C7C - 0x10 < 0) goto 0x1fcfbde3;
				E00007FFC7FFC1FCF9100(_t76,  &_v56,  *0x5f6c6c64,  *0x6E69616D5F6C6C74, __r14);
				E00007FFC7FFC1FD106F0( *0x6E69616D5F6C6C7C - 0x10,  *0x5f6c6c64,  &_v88,  *0x6E69616D5F6C6C74);
				_t91 = _v64;
				if (_t91 - 0x10 < 0) goto 0x1fcfbe3b;
				if (_t91 + 1 - 0x1000 < 0) goto 0x1fcfbe36;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfbe36;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v72 = 0;
				_v64 = 0xf;
				_v88 = 0;
				E00007FFC7FFC1FD106D0(0, __edx, _v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f, _v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8,  *((intOrPtr*)(_v88 - 8)), _t91 + 0x28,  *0x6E69616D5F6C6C74); // executed
				if (__edx == 0) goto 0x1fcfbebc;
				if (__edx != 1) goto 0x1fcfbeea;
				_v104 = _t100;
				_v120 =  &_v104;
				r8d = 0xfb;
				E00007FFC7FFC1FCF5DB0(__edx, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "process attach, instance {:#x}"); // executed
				if (DisableThreadLibraryCalls(??) != 0) goto 0x1fcfbeea;
				r8d = 0xfd;
				E00007FFC7FFC1FCF52D0(_t76 + 2, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "DisableThreadLibraryCalls() failed");
				goto 0x1fcfbeea;
				_v104 = _t100;
				_v120 =  &_v104;
				r8d = 0x101;
				E00007FFC7FFC1FCF5DB0(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "process detach, instance {:#x}");
				E00007FFC7FFC1FD106F0(DisableThreadLibraryCalls(??),  &_v104,  &_v56,  *0x6E69616D5F6C6C74);
				_t97 = _v32;
				if (_t97 - 0x10 < 0) goto 0x1fcfbf35;
				if (_t97 + 1 - 0x1000 < 0) goto 0x1fcfbf2f;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfbf2f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				return E00007FFC7FFC1FD15E20(1, 1, _v24 ^ _t102 - 0x00000090);
			}



















                                                                                                                                                0x7ffc1fcfbd60
                                                                                                                                                0x7ffc1fcfbd60
                                                                                                                                                0x7ffc1fcfbd6d
                                                                                                                                                0x7ffc1fcfbd77
                                                                                                                                                0x7ffc1fcfbd81
                                                                                                                                                0x7ffc1fcfbd84
                                                                                                                                                0x7ffc1fcfbd8d
                                                                                                                                                0x7ffc1fcfbda0
                                                                                                                                                0x7ffc1fcfbda5
                                                                                                                                                0x7ffc1fcfbdaa
                                                                                                                                                0x7ffc1fcfbdb3
                                                                                                                                                0x7ffc1fcfbdbb
                                                                                                                                                0x7ffc1fcfbdc1
                                                                                                                                                0x7ffc1fcfbdc6
                                                                                                                                                0x7ffc1fcfbdd3
                                                                                                                                                0x7ffc1fcfbdde
                                                                                                                                                0x7ffc1fcfbdeb
                                                                                                                                                0x7ffc1fcfbdf5
                                                                                                                                                0x7ffc1fcfbdfb
                                                                                                                                                0x7ffc1fcfbe04
                                                                                                                                                0x7ffc1fcfbe18
                                                                                                                                                0x7ffc1fcfbe2d
                                                                                                                                                0x7ffc1fcfbe2f
                                                                                                                                                0x7ffc1fcfbe35
                                                                                                                                                0x7ffc1fcfbe36
                                                                                                                                                0x7ffc1fcfbe3b
                                                                                                                                                0x7ffc1fcfbe44
                                                                                                                                                0x7ffc1fcfbe4d
                                                                                                                                                0x7ffc1fcfbe54
                                                                                                                                                0x7ffc1fcfbe5c
                                                                                                                                                0x7ffc1fcfbe61
                                                                                                                                                0x7ffc1fcfbe67
                                                                                                                                                0x7ffc1fcfbe71
                                                                                                                                                0x7ffc1fcfbe7d
                                                                                                                                                0x7ffc1fcfbe8c
                                                                                                                                                0x7ffc1fcfbe9c
                                                                                                                                                0x7ffc1fcfbea5
                                                                                                                                                0x7ffc1fcfbeb5
                                                                                                                                                0x7ffc1fcfbeba
                                                                                                                                                0x7ffc1fcfbebc
                                                                                                                                                0x7ffc1fcfbec6
                                                                                                                                                0x7ffc1fcfbed2
                                                                                                                                                0x7ffc1fcfbee4
                                                                                                                                                0x7ffc1fcfbeef
                                                                                                                                                0x7ffc1fcfbef4
                                                                                                                                                0x7ffc1fcfbefd
                                                                                                                                                0x7ffc1fcfbf11
                                                                                                                                                0x7ffc1fcfbf26
                                                                                                                                                0x7ffc1fcfbf28
                                                                                                                                                0x7ffc1fcfbf2e
                                                                                                                                                0x7ffc1fcfbf2f
                                                                                                                                                0x7ffc1fcfbf5a

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$CallsDisableLibraryThread__tlregdtor
                                                                                                                                                • String ID: DisableThreadLibraryCalls() failed$c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$dll_main$process attach, instance {:#x}$process detach, instance {:#x}
                                                                                                                                                • API String ID: 4146258558-105971010
                                                                                                                                                • Opcode ID: 03e865174120058d9e108d2211f40708f87fc382396c02e20b730f4e8c4c7978
                                                                                                                                                • Instruction ID: 7d739772f3f9e4c258a540af79101333f071804531638da3e020bb4aa4604ea3
                                                                                                                                                • Opcode Fuzzy Hash: 03e865174120058d9e108d2211f40708f87fc382396c02e20b730f4e8c4c7978
                                                                                                                                                • Instruction Fuzzy Hash: 0B518E21A18F9E82FB24AF14F4543BAA351FB857A0F440235EA9D06BD5CFACE454D790
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD161F0 Relevance: 13.7, APIs: 9, Instructions: 230COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 561 7ffc1fd161f0-7ffc1fd161f6 562 7ffc1fd16231-7ffc1fd1623b 561->562 563 7ffc1fd161f8-7ffc1fd161fb 561->563 566 7ffc1fd16358-7ffc1fd1636d 562->566 564 7ffc1fd161fd-7ffc1fd16200 563->564 565 7ffc1fd16225-7ffc1fd16264 call 7ffc1fd15868 563->565 567 7ffc1fd16202-7ffc1fd16205 564->567 568 7ffc1fd16218 __scrt_dllmain_crt_thread_attach 564->568 584 7ffc1fd16332 565->584 585 7ffc1fd1626a-7ffc1fd1627f call 7ffc1fd156fc 565->585 569 7ffc1fd1637c-7ffc1fd16396 call 7ffc1fd156fc 566->569 570 7ffc1fd1636f 566->570 572 7ffc1fd16211-7ffc1fd16216 call 7ffc1fd157ac 567->572 573 7ffc1fd16207-7ffc1fd16210 567->573 576 7ffc1fd1621d-7ffc1fd16224 568->576 582 7ffc1fd163cf-7ffc1fd16400 call 7ffc1fd16758 569->582 583 7ffc1fd16398-7ffc1fd163cd call 7ffc1fd15824 call 7ffc1fd16960 call 7ffc1fd169d4 call 7ffc1fd159d8 call 7ffc1fd159fc call 7ffc1fd15854 569->583 574 7ffc1fd16371-7ffc1fd1637b 570->574 572->576 595 7ffc1fd16411-7ffc1fd16417 582->595 596 7ffc1fd16402-7ffc1fd16408 582->596 583->574 589 7ffc1fd16334-7ffc1fd16349 584->589 593 7ffc1fd16285-7ffc1fd16296 call 7ffc1fd1576c 585->593 594 7ffc1fd1634a-7ffc1fd16357 call 7ffc1fd16758 585->594 611 7ffc1fd162e7-7ffc1fd162f1 call 7ffc1fd159d8 593->611 612 7ffc1fd16298-7ffc1fd162b5 call 7ffc1fd16998 call 7ffc1fd16950 call 7ffc1fd16974 call 7ffc1fd2718b 593->612 594->566 601 7ffc1fd1645e-7ffc1fd16466 call 7ffc1fcfbd60 595->601 602 7ffc1fd16419-7ffc1fd16423 595->602 596->595 600 7ffc1fd1640a-7ffc1fd1640c 596->600 607 7ffc1fd164ff-7ffc1fd1650c 600->607 613 7ffc1fd1646b-7ffc1fd16474 601->613 608 7ffc1fd1642f-7ffc1fd1643d 602->608 609 7ffc1fd16425-7ffc1fd1642d 602->609 614 7ffc1fd16443-7ffc1fd1644b call 7ffc1fd161f0 608->614 625 7ffc1fd164f5-7ffc1fd164fd 608->625 609->614 611->584 633 7ffc1fd162f3-7ffc1fd162ff call 7ffc1fd16990 611->633 659 7ffc1fd162ba-7ffc1fd162bc 612->659 621 7ffc1fd164ac-7ffc1fd164ae 613->621 622 7ffc1fd16476-7ffc1fd16478 613->622 627 7ffc1fd16450-7ffc1fd16458 614->627 623 7ffc1fd164b0-7ffc1fd164b3 621->623 624 7ffc1fd164b5-7ffc1fd164ca call 7ffc1fd161f0 621->624 622->621 630 7ffc1fd1647a-7ffc1fd1649c call 7ffc1fcfbd60 call 7ffc1fd16358 622->630 623->624 623->625 624->625 642 7ffc1fd164cc-7ffc1fd164d6 624->642 625->607 627->601 627->625 630->621 656 7ffc1fd1649e-7ffc1fd164a3 630->656 650 7ffc1fd16301-7ffc1fd1630b call 7ffc1fd15940 633->650 651 7ffc1fd16325-7ffc1fd16330 633->651 647 7ffc1fd164e1-7ffc1fd164f1 642->647 648 7ffc1fd164d8-7ffc1fd164df 642->648 647->625 648->625 650->651 660 7ffc1fd1630d-7ffc1fd1631b 650->660 651->589 656->621 659->611 661 7ffc1fd162be-7ffc1fd162c5 __scrt_dllmain_after_initialize_c 659->661 660->651 661->611 662 7ffc1fd162c7-7ffc1fd162e4 call 7ffc1fd27185 661->662 662->611
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00007FFC7FFC1FD161F0(void* __edx) {
				void* _t5;

				_t5 = __edx;
				if (_t5 == 0) goto 0x1fd16231;
				if (_t5 == 0) goto 0x1fd16225;
				if (_t5 == 0) goto 0x1fd16218;
				if (__edx == 1) goto 0x1fd16211;
				return 1;
			}




                                                                                                                                                0x7ffc1fd161f4
                                                                                                                                                0x7ffc1fd161f6
                                                                                                                                                0x7ffc1fd161fb
                                                                                                                                                0x7ffc1fd16200
                                                                                                                                                0x7ffc1fd16205
                                                                                                                                                0x7ffc1fd16210

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 349153199-0
                                                                                                                                                • Opcode ID: 5215a130fcafb17abb011fae8be36ecb621862199774095c9dff41689b1369c8
                                                                                                                                                • Instruction ID: 0b495238a20b6b63ae62efc6630fa4e86f04de01c683bc3097514cb574aa1f29
                                                                                                                                                • Opcode Fuzzy Hash: 5215a130fcafb17abb011fae8be36ecb621862199774095c9dff41689b1369c8
                                                                                                                                                • Instruction Fuzzy Hash: 8381BDA1E0CE6F86FB5CBF2994412B96290AF827A0F584035DA4C47796DE3CE475C3A0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCFA1F0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 183COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 665 7ffc1fcfa1f0-7ffc1fcfa2ad call 7ffc1fd0d640 668 7ffc1fcfa2af-7ffc1fcfa2b8 665->668 669 7ffc1fcfa2cd-7ffc1fcfa2e7 call 7ffc1fd106f0 665->669 670 7ffc1fcfa2ba 668->670 671 7ffc1fcfa2bd-7ffc1fcfa2c8 call 7ffc1fcf9100 668->671 675 7ffc1fcfa2e9-7ffc1fcfa2fe 669->675 676 7ffc1fcfa321-7ffc1fcfa3cf call 7ffc1fd04280 call 7ffc1fcf57c0 669->676 670->671 671->669 678 7ffc1fcfa300-7ffc1fcfa313 675->678 679 7ffc1fcfa31c call 7ffc1fd156e4 675->679 685 7ffc1fcfa409-7ffc1fcfa440 call 7ffc1fcfe0d0 call 7ffc1fd04280 call 7ffc1fcff010 676->685 686 7ffc1fcfa3d1-7ffc1fcfa3e6 676->686 678->679 680 7ffc1fcfa315-7ffc1fcfa31b _invalid_parameter_noinfo_noreturn 678->680 679->676 680->679 696 7ffc1fcfa445-7ffc1fcfa453 685->696 687 7ffc1fcfa3e8-7ffc1fcfa3fb 686->687 688 7ffc1fcfa404 call 7ffc1fd156e4 686->688 687->688 690 7ffc1fcfa3fd-7ffc1fcfa403 _invalid_parameter_noinfo_noreturn 687->690 688->685 690->688 697 7ffc1fcfa455-7ffc1fcfa46a 696->697 698 7ffc1fcfa48e-7ffc1fcfa4b2 call 7ffc1fd106f0 696->698 699 7ffc1fcfa488-7ffc1fcfa48d call 7ffc1fd156e4 697->699 700 7ffc1fcfa46c-7ffc1fcfa47f 697->700 706 7ffc1fcfa4b4-7ffc1fcfa4c9 698->706 707 7ffc1fcfa4ed-7ffc1fcfa61b call 7ffc1fd15e20 698->707 699->698 700->699 702 7ffc1fcfa481-7ffc1fcfa487 _invalid_parameter_noinfo_noreturn 700->702 702->699 709 7ffc1fcfa4cb-7ffc1fcfa4de 706->709 710 7ffc1fcfa4e7-7ffc1fcfa4ec call 7ffc1fd156e4 706->710 709->710 713 7ffc1fcfa4e0-7ffc1fcfa4e6 _invalid_parameter_noinfo_noreturn 709->713 710->707 713->710
                                                                                                                                                C-Code - Quality: 34%
                                                                                                                                                			E00007FFC7FFC1FCFA1F0(char __edx, void* __rcx, void* __rbp, long long __r8, intOrPtr* _a40, intOrPtr* _a48) {
				signed int _v72;
				intOrPtr _v80;
				char _v104;
				long long _v112;
				long long _v120;
				char _v130;
				short _v132;
				char _v136;
				intOrPtr _v144;
				char _v168;
				char _v200;
				char _v208;
				char _v216;
				char _v224;
				char _v232;
				long long _v240;
				char _v248;
				long long _v256;
				long long _v264;
				long long _v272;
				long long _v280;
				long long _v288;
				long long _v296;
				void* __rbx;
				void* __rsi;
				void* __r14;
				char _t71;
				intOrPtr _t82;
				void* _t98;
				signed long long _t124;
				signed long long _t125;
				long long _t129;
				void* _t148;
				long long _t149;
				char _t170;
				long long _t184;
				intOrPtr _t189;
				intOrPtr _t194;
				intOrPtr _t197;
				intOrPtr _t200;
				intOrPtr _t203;
				intOrPtr _t206;
				long long _t209;
				long long _t210;
				void* _t212;
				void* _t213;
				intOrPtr _t217;
				void* _t220;
				intOrPtr* _t221;
				intOrPtr* _t222;
				void* _t223;

				_t212 = __rbp;
				_t220 = _t213;
				_t214 = _t213 - 0x110;
				_t124 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_t125 = _t124 ^ _t213 - 0x00000110;
				_v72 = _t125;
				_t209 = __r8;
				r13d = __edx;
				_t223 = __rcx;
				_v224 = __edx;
				_v232 = r9d;
				_t221 = _a40;
				_v240 = _t221;
				_t222 = _a48;
				 *((long long*)(_t220 - 0x88)) = _t210;
				 *((long long*)(_t220 - 0x70)) = 0xf;
				 *((long long*)(_t220 - 0x78)) = 6;
				_t71 = "system"; // 0x74737973
				_v136 = _t71;
				_v132 =  *0x1fd2ba84 & 0x0000ffff;
				_v130 = sil;
				 *((long long*)(_t220 - 0xa8)) = _t210;
				asm("movdqa xmm0, [0x32114]");
				asm("movdqu [esp+0xb0], xmm0");
				_v168 = sil;
				E00007FFC7FFC1FD0D640(_t148, __rcx, __r8);
				if ( &_v168 == _t125) goto 0x1fcfa2cd;
				_t217 =  *((intOrPtr*)(_t125 + 0x10));
				if ( *((long long*)(_t125 + 0x18)) - 0x10 < 0) goto 0x1fcfa2bd;
				E00007FFC7FFC1FCF9100(_t148,  &_v168,  *_t125, _t217, _t222);
				E00007FFC7FFC1FD106F0( *((long long*)(_t125 + 0x18)) - 0x10,  *_t125,  &_v136, _t217);
				_t184 = _v112;
				if (_t184 - 0x10 < 0) goto 0x1fcfa321;
				if (_t184 + 1 - 0x1000 < 0) goto 0x1fcfa31c;
				_t129 = _v136 -  *((intOrPtr*)(_v136 - 8)) + 0xfffffff8;
				if (_t129 - 0x1f <= 0) goto 0x1fcfa31c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v120 = _t210;
				_v112 = 0xf;
				_v136 = 0;
				_v248 = 0;
				 *_t222 = 0;
				 *_t221 = 0;
				_v208 = _t222;
				_v200 = _t209;
				_v216 = _t209;
				E00007FFC7FFC1FD04280(_t98, _t148,  &_v104, _t223, _t210, _t212);
				_v256 =  &_v208;
				_v264 =  &_v200;
				_v272 =  &_v232;
				_v280 =  &_v216;
				_v288 =  &_v224;
				_v296 = _t129;
				r8d = 0x74;
				_t96 = _t217 - 0x73;
				E00007FFC7FFC1FCF57C0(_t217 - 0x73, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_enumports \'{}\', {}, {:#x}, {}, {:#x}, {:#x}"); // executed
				_t189 = _v80;
				if (_t189 - 0x10 < 0) goto 0x1fcfa409;
				if (_t189 + 1 - 0x1000 < 0) goto 0x1fcfa404;
				_t132 = _v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8;
				if (_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfa404;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				E00007FFC7FFC1FCFE0D0( *((intOrPtr*)(_v104 - 8)), _t189 + 0x28);
				_t149 = _t148 + _t209;
				E00007FFC7FFC1FD04280(_t98, _t149,  &_v104, _t223, _v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8, _t212);
				_v288 =  &_v248;
				_v296 = _t149;
				r8d = r13d;
				_t82 = E00007FFC7FFC1FCFF010(0, _t149, _t132, _t209); // executed
				_t194 = _v80;
				if (_t194 - 0x10 < 0) goto 0x1fcfa48e;
				if (_t194 + 1 - 0x1000 < 0) goto 0x1fcfa488;
				if (_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfa488;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				 *_t221 = _v248;
				 *_t222 = _t82;
				E00007FFC7FFC1FD106F0(_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f, _v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8,  &_v168, _t217);
				_t197 = _v144;
				if (_t197 - 0x10 < 0) goto 0x1fcfa4ed;
				_t170 = _v168;
				if (_t197 + 1 - 0x1000 < 0) goto 0x1fcfa4e7;
				_t138 = _t170 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8;
				_t113 = _t170 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8 - 0x1f;
				if (_t170 -  *((intOrPtr*)(_t170 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfa4e7;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				E00007FFC7FFC1FD106F0(_t113, _t138,  &_v168, _t217);
				_t200 = _v144;
				if (_t200 - 0x10 < 0) goto 0x1fcfa5f7;
				if (_t200 + 1 - 0x1000 < 0) goto 0x1fcfa5f1;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfa5f1;
				__imp___invalid_parameter_noinfo_noreturn();
				E00007FFC7FFC1FD106F0(_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f, _v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8,  &_v168, _t217);
				_t203 = _v144;
				if (_t203 - 0x10 < 0) goto 0x1fcfa5f7;
				if (_t203 + 1 - 0x1000 < 0) goto 0x1fcfa5f1;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfa5f1;
				__imp___invalid_parameter_noinfo_noreturn();
				E00007FFC7FFC1FD106F0(_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f, _v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8,  &_v168, _t217);
				_t206 = _v144;
				if (_t206 - 0x10 < 0) goto 0x1fcfa5f7;
				if (_t206 + 1 - 0x1000 < 0) goto 0x1fcfa5f1;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfa5f1;
				__imp___invalid_parameter_noinfo_noreturn();
				E00007FFC7FFC1FD156E4();
				return E00007FFC7FFC1FD15E20(0, _t96, _v72 ^ _t214);
			}






















































                                                                                                                                                0x7ffc1fcfa1f0
                                                                                                                                                0x7ffc1fcfa1f0
                                                                                                                                                0x7ffc1fcfa1fe
                                                                                                                                                0x7ffc1fcfa205
                                                                                                                                                0x7ffc1fcfa20c
                                                                                                                                                0x7ffc1fcfa20f
                                                                                                                                                0x7ffc1fcfa21a
                                                                                                                                                0x7ffc1fcfa21d
                                                                                                                                                0x7ffc1fcfa220
                                                                                                                                                0x7ffc1fcfa223
                                                                                                                                                0x7ffc1fcfa227
                                                                                                                                                0x7ffc1fcfa22b
                                                                                                                                                0x7ffc1fcfa233
                                                                                                                                                0x7ffc1fcfa238
                                                                                                                                                0x7ffc1fcfa242
                                                                                                                                                0x7ffc1fcfa249
                                                                                                                                                0x7ffc1fcfa251
                                                                                                                                                0x7ffc1fcfa259
                                                                                                                                                0x7ffc1fcfa25f
                                                                                                                                                0x7ffc1fcfa26d
                                                                                                                                                0x7ffc1fcfa275
                                                                                                                                                0x7ffc1fcfa27d
                                                                                                                                                0x7ffc1fcfa284
                                                                                                                                                0x7ffc1fcfa28c
                                                                                                                                                0x7ffc1fcfa295
                                                                                                                                                0x7ffc1fcfa29d
                                                                                                                                                0x7ffc1fcfa2ad
                                                                                                                                                0x7ffc1fcfa2af
                                                                                                                                                0x7ffc1fcfa2b8
                                                                                                                                                0x7ffc1fcfa2c8
                                                                                                                                                0x7ffc1fcfa2d5
                                                                                                                                                0x7ffc1fcfa2db
                                                                                                                                                0x7ffc1fcfa2e7
                                                                                                                                                0x7ffc1fcfa2fe
                                                                                                                                                0x7ffc1fcfa30b
                                                                                                                                                0x7ffc1fcfa313
                                                                                                                                                0x7ffc1fcfa315
                                                                                                                                                0x7ffc1fcfa31b
                                                                                                                                                0x7ffc1fcfa31c
                                                                                                                                                0x7ffc1fcfa321
                                                                                                                                                0x7ffc1fcfa329
                                                                                                                                                0x7ffc1fcfa335
                                                                                                                                                0x7ffc1fcfa33d
                                                                                                                                                0x7ffc1fcfa341
                                                                                                                                                0x7ffc1fcfa344
                                                                                                                                                0x7ffc1fcfa348
                                                                                                                                                0x7ffc1fcfa34d
                                                                                                                                                0x7ffc1fcfa355
                                                                                                                                                0x7ffc1fcfa365
                                                                                                                                                0x7ffc1fcfa370
                                                                                                                                                0x7ffc1fcfa37d
                                                                                                                                                0x7ffc1fcfa387
                                                                                                                                                0x7ffc1fcfa391
                                                                                                                                                0x7ffc1fcfa39b
                                                                                                                                                0x7ffc1fcfa3a0
                                                                                                                                                0x7ffc1fcfa3ac
                                                                                                                                                0x7ffc1fcfa3b9
                                                                                                                                                0x7ffc1fcfa3bd
                                                                                                                                                0x7ffc1fcfa3c3
                                                                                                                                                0x7ffc1fcfa3cf
                                                                                                                                                0x7ffc1fcfa3e6
                                                                                                                                                0x7ffc1fcfa3f3
                                                                                                                                                0x7ffc1fcfa3fb
                                                                                                                                                0x7ffc1fcfa3fd
                                                                                                                                                0x7ffc1fcfa403
                                                                                                                                                0x7ffc1fcfa404
                                                                                                                                                0x7ffc1fcfa409
                                                                                                                                                0x7ffc1fcfa411
                                                                                                                                                0x7ffc1fcfa41f
                                                                                                                                                0x7ffc1fcfa42a
                                                                                                                                                0x7ffc1fcfa42f
                                                                                                                                                0x7ffc1fcfa437
                                                                                                                                                0x7ffc1fcfa440
                                                                                                                                                0x7ffc1fcfa447
                                                                                                                                                0x7ffc1fcfa453
                                                                                                                                                0x7ffc1fcfa46a
                                                                                                                                                0x7ffc1fcfa47f
                                                                                                                                                0x7ffc1fcfa481
                                                                                                                                                0x7ffc1fcfa487
                                                                                                                                                0x7ffc1fcfa488
                                                                                                                                                0x7ffc1fcfa492
                                                                                                                                                0x7ffc1fcfa496
                                                                                                                                                0x7ffc1fcfa4a1
                                                                                                                                                0x7ffc1fcfa4a6
                                                                                                                                                0x7ffc1fcfa4b2
                                                                                                                                                0x7ffc1fcfa4b7
                                                                                                                                                0x7ffc1fcfa4c9
                                                                                                                                                0x7ffc1fcfa4d6
                                                                                                                                                0x7ffc1fcfa4da
                                                                                                                                                0x7ffc1fcfa4de
                                                                                                                                                0x7ffc1fcfa4e0
                                                                                                                                                0x7ffc1fcfa4e6
                                                                                                                                                0x7ffc1fcfa4e7
                                                                                                                                                0x7ffc1fcfa4ff
                                                                                                                                                0x7ffc1fcfa504
                                                                                                                                                0x7ffc1fcfa510
                                                                                                                                                0x7ffc1fcfa52b
                                                                                                                                                0x7ffc1fcfa544
                                                                                                                                                0x7ffc1fcfa54a
                                                                                                                                                0x7ffc1fcfa559
                                                                                                                                                0x7ffc1fcfa55e
                                                                                                                                                0x7ffc1fcfa56a
                                                                                                                                                0x7ffc1fcfa585
                                                                                                                                                0x7ffc1fcfa59a
                                                                                                                                                0x7ffc1fcfa59c
                                                                                                                                                0x7ffc1fcfa5ab
                                                                                                                                                0x7ffc1fcfa5b0
                                                                                                                                                0x7ffc1fcfa5bc
                                                                                                                                                0x7ffc1fcfa5d3
                                                                                                                                                0x7ffc1fcfa5e8
                                                                                                                                                0x7ffc1fcfa5ea
                                                                                                                                                0x7ffc1fcfa5f1
                                                                                                                                                0x7ffc1fcfa61b

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00007FFC1FD0D640: __tlregdtor.LIBCMT ref: 00007FFC1FD0D690
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFA315
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFA3FD
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFA481
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFA4E0
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_enumports '{}', {}, {:#x}, {}, {:#x}, {:#x}$system
                                                                                                                                                • API String ID: 333172304-2864149607
                                                                                                                                                • Opcode ID: 9bf2fde0c874050469056fbb2993a46d0ec429c9a4e55342d40de94e9496e62f
                                                                                                                                                • Instruction ID: 43c0bc7644ad4af043e5a70c07ad9bcb03c5006ca0196107f0eae27c500b33fa
                                                                                                                                                • Opcode Fuzzy Hash: 9bf2fde0c874050469056fbb2993a46d0ec429c9a4e55342d40de94e9496e62f
                                                                                                                                                • Instruction Fuzzy Hash: 5881BE72A18A9981EA24DF59F4443AEB360FB857A0F404232EAAD43BD8DF7CD094C750
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCFA620 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 147COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 716 7ffc1fcfa620-7ffc1fcfa6a1 call 7ffc1fd0d640 719 7ffc1fcfa6a3-7ffc1fcfa6ac 716->719 720 7ffc1fcfa6be-7ffc1fcfa6d2 call 7ffc1fd106f0 716->720 721 7ffc1fcfa6b1-7ffc1fcfa6b9 call 7ffc1fcf9100 719->721 722 7ffc1fcfa6ae 719->722 726 7ffc1fcfa709-7ffc1fcfa759 call 7ffc1fd04280 call 7ffc1fcf59e0 720->726 727 7ffc1fcfa6d4-7ffc1fcfa6e6 720->727 721->720 722->721 735 7ffc1fcfa75e-7ffc1fcfa76b 726->735 729 7ffc1fcfa6e8-7ffc1fcfa6fb 727->729 730 7ffc1fcfa704 call 7ffc1fd156e4 727->730 729->730 731 7ffc1fcfa6fd-7ffc1fcfa703 _invalid_parameter_noinfo_noreturn 729->731 730->726 731->730 736 7ffc1fcfa7a5-7ffc1fcfa7d9 call 7ffc1fcfe0d0 call 7ffc1fd04280 call 7ffc1fd003f0 735->736 737 7ffc1fcfa76d-7ffc1fcfa782 735->737 748 7ffc1fcfa7db-7ffc1fcfa7f0 736->748 749 7ffc1fcfa814-7ffc1fcfa827 call 7ffc1fd106f0 736->749 738 7ffc1fcfa784-7ffc1fcfa797 737->738 739 7ffc1fcfa7a0 call 7ffc1fd156e4 737->739 738->739 741 7ffc1fcfa799-7ffc1fcfa79f _invalid_parameter_noinfo_noreturn 738->741 739->736 741->739 750 7ffc1fcfa7f2-7ffc1fcfa805 748->750 751 7ffc1fcfa80e-7ffc1fcfa813 call 7ffc1fd156e4 748->751 757 7ffc1fcfa829-7ffc1fcfa83b 749->757 758 7ffc1fcfa85f-7ffc1fcfa8d7 call 7ffc1fd15e20 749->758 750->751 753 7ffc1fcfa807-7ffc1fcfa80d _invalid_parameter_noinfo_noreturn 750->753 751->749 753->751 760 7ffc1fcfa859-7ffc1fcfa85e call 7ffc1fd156e4 757->760 761 7ffc1fcfa83d-7ffc1fcfa850 757->761 760->758 761->760 764 7ffc1fcfa852-7ffc1fcfa858 _invalid_parameter_noinfo_noreturn 761->764 764->760
                                                                                                                                                C-Code - Quality: 37%
                                                                                                                                                			E00007FFC7FFC1FCFA620(long long __rbx, void* __rcx, long long __rdx, long long __rsi, void* __rbp, void* __r14, long long _a24, long long _a32) {
				void* _v8;
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				intOrPtr _v64;
				char _v88;
				long long _v96;
				long long _v104;
				char _v114;
				short _v116;
				char _v120;
				char _v136;
				long long _v144;
				long long _v152;
				char _t48;
				void* _t58;
				void* _t70;
				signed long long _t89;
				signed long long _t90;
				long long _t94;
				long long _t107;
				char _t125;
				long long _t134;
				intOrPtr _t139;
				intOrPtr _t144;
				intOrPtr _t147;
				intOrPtr _t150;
				void* _t153;
				long long _t155;
				void* _t157;
				void* _t158;
				void* _t161;
				intOrPtr _t162;

				_t157 = __rbp;
				_t107 = __rbx;
				_a24 = __rbx;
				_a32 = __rsi;
				_t159 = _t158 - 0xb0;
				_t89 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_t90 = _t89 ^ _t158 - 0x000000b0;
				_v24 = _t90;
				_t155 = __rdx;
				_t153 = __rcx;
				_v120 = __rbx;
				_v96 = 0xf;
				_v104 = 6;
				_t48 = "system"; // 0x74737973
				_v120 = _t48;
				_v116 =  *0x1fd2ba84 & 0x0000ffff;
				_v114 = 0;
				_v88 = __rbx;
				asm("movdqa xmm0, [0x31d16]");
				asm("movdqu [esp+0x70], xmm0");
				_v88 = 0;
				E00007FFC7FFC1FD0D640(__rbx, __rcx, _t161);
				if ( &_v88 == _t90) goto 0x1fcfa6be;
				_t162 =  *((intOrPtr*)(_t90 + 0x10));
				if ( *((long long*)(_t90 + 0x18)) - 0x10 < 0) goto 0x1fcfa6b1;
				E00007FFC7FFC1FCF9100(_t107,  &_v88,  *_t90, _t162, __r14);
				E00007FFC7FFC1FD106F0( *((long long*)(_t90 + 0x18)) - 0x10,  *_t90,  &_v120, _t162);
				_t134 = _v96;
				if (_t134 - 0x10 < 0) goto 0x1fcfa709;
				if (_t134 + 1 - 0x1000 < 0) goto 0x1fcfa704;
				_t94 = _v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8;
				if (_t94 - 0x1f <= 0) goto 0x1fcfa704;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v104 = _t107;
				_v96 = 0xf;
				_v120 = 0;
				_v136 = _t155;
				E00007FFC7FFC1FD04280(_t70, _t107,  &_v56, _t153, _t155, _t157);
				_v144 =  &_v136;
				_v152 = _t94;
				r8d = 0x2e;
				_t69 = _t162 - 0x2d;
				E00007FFC7FFC1FCF59E0(_t162 - 0x2d, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_openport \'{}\', {:#x}"); // executed
				_t139 = _v32;
				if (_t139 - 0x10 < 0) goto 0x1fcfa7a5;
				if (_t139 + 1 - 0x1000 < 0) goto 0x1fcfa7a0;
				_t97 = _v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfa7a0;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				E00007FFC7FFC1FCFE0D0( *((intOrPtr*)(_v56 - 8)), _t139 + 0x28);
				_t58 = E00007FFC7FFC1FD04280(_t70, _t97,  &_v56, _t153, _t155, _t157);
				_t163 = _t155;
				E00007FFC7FFC1FD003F0(_t58, _t97, _t97, _t97, _t157, _t155);
				_t144 = _v32;
				if (_t144 - 0x10 < 0) goto 0x1fcfa814;
				if (_t144 + 1 - 0x1000 < 0) goto 0x1fcfa80e;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfa80e;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				E00007FFC7FFC1FD106F0(_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f, _v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8,  &_v88, _t155);
				_t147 = _v64;
				if (_t147 - 0x10 < 0) goto 0x1fcfa85f;
				_t125 = _v88;
				if (_t147 + 1 - 0x1000 < 0) goto 0x1fcfa859;
				_t103 = _t125 -  *((intOrPtr*)(_t125 - 8)) + 0xfffffff8;
				_t84 = _t125 -  *((intOrPtr*)(_t125 - 8)) + 0xfffffff8 - 0x1f;
				if (_t125 -  *((intOrPtr*)(_t125 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfa859;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				E00007FFC7FFC1FD106F0(_t84, _t103,  &_v88, _t163);
				_t150 = _v64;
				if (_t150 - 0x10 < 0) goto 0x1fcfa8b1;
				if (_t150 + 1 - 0x1000 < 0) goto 0x1fcfa8ab;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfa8ab;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				return E00007FFC7FFC1FD15E20(0, _t69, _v24 ^ _t159);
			}




































                                                                                                                                                0x7ffc1fcfa620
                                                                                                                                                0x7ffc1fcfa620
                                                                                                                                                0x7ffc1fcfa620
                                                                                                                                                0x7ffc1fcfa625
                                                                                                                                                0x7ffc1fcfa62b
                                                                                                                                                0x7ffc1fcfa632
                                                                                                                                                0x7ffc1fcfa639
                                                                                                                                                0x7ffc1fcfa63c
                                                                                                                                                0x7ffc1fcfa644
                                                                                                                                                0x7ffc1fcfa647
                                                                                                                                                0x7ffc1fcfa64c
                                                                                                                                                0x7ffc1fcfa651
                                                                                                                                                0x7ffc1fcfa65a
                                                                                                                                                0x7ffc1fcfa663
                                                                                                                                                0x7ffc1fcfa669
                                                                                                                                                0x7ffc1fcfa674
                                                                                                                                                0x7ffc1fcfa679
                                                                                                                                                0x7ffc1fcfa67d
                                                                                                                                                0x7ffc1fcfa682
                                                                                                                                                0x7ffc1fcfa68a
                                                                                                                                                0x7ffc1fcfa690
                                                                                                                                                0x7ffc1fcfa694
                                                                                                                                                0x7ffc1fcfa6a1
                                                                                                                                                0x7ffc1fcfa6a3
                                                                                                                                                0x7ffc1fcfa6ac
                                                                                                                                                0x7ffc1fcfa6b9
                                                                                                                                                0x7ffc1fcfa6c3
                                                                                                                                                0x7ffc1fcfa6c9
                                                                                                                                                0x7ffc1fcfa6d2
                                                                                                                                                0x7ffc1fcfa6e6
                                                                                                                                                0x7ffc1fcfa6f3
                                                                                                                                                0x7ffc1fcfa6fb
                                                                                                                                                0x7ffc1fcfa6fd
                                                                                                                                                0x7ffc1fcfa703
                                                                                                                                                0x7ffc1fcfa704
                                                                                                                                                0x7ffc1fcfa709
                                                                                                                                                0x7ffc1fcfa70e
                                                                                                                                                0x7ffc1fcfa717
                                                                                                                                                0x7ffc1fcfa71c
                                                                                                                                                0x7ffc1fcfa72c
                                                                                                                                                0x7ffc1fcfa737
                                                                                                                                                0x7ffc1fcfa73c
                                                                                                                                                0x7ffc1fcfa748
                                                                                                                                                0x7ffc1fcfa755
                                                                                                                                                0x7ffc1fcfa759
                                                                                                                                                0x7ffc1fcfa75f
                                                                                                                                                0x7ffc1fcfa76b
                                                                                                                                                0x7ffc1fcfa782
                                                                                                                                                0x7ffc1fcfa78f
                                                                                                                                                0x7ffc1fcfa797
                                                                                                                                                0x7ffc1fcfa799
                                                                                                                                                0x7ffc1fcfa79f
                                                                                                                                                0x7ffc1fcfa7a0
                                                                                                                                                0x7ffc1fcfa7a5
                                                                                                                                                0x7ffc1fcfa7b8
                                                                                                                                                0x7ffc1fcfa7be
                                                                                                                                                0x7ffc1fcfa7c7
                                                                                                                                                0x7ffc1fcfa7cd
                                                                                                                                                0x7ffc1fcfa7d9
                                                                                                                                                0x7ffc1fcfa7f0
                                                                                                                                                0x7ffc1fcfa805
                                                                                                                                                0x7ffc1fcfa807
                                                                                                                                                0x7ffc1fcfa80d
                                                                                                                                                0x7ffc1fcfa80e
                                                                                                                                                0x7ffc1fcfa819
                                                                                                                                                0x7ffc1fcfa81e
                                                                                                                                                0x7ffc1fcfa827
                                                                                                                                                0x7ffc1fcfa82c
                                                                                                                                                0x7ffc1fcfa83b
                                                                                                                                                0x7ffc1fcfa848
                                                                                                                                                0x7ffc1fcfa84c
                                                                                                                                                0x7ffc1fcfa850
                                                                                                                                                0x7ffc1fcfa852
                                                                                                                                                0x7ffc1fcfa858
                                                                                                                                                0x7ffc1fcfa859
                                                                                                                                                0x7ffc1fcfa86b
                                                                                                                                                0x7ffc1fcfa870
                                                                                                                                                0x7ffc1fcfa879
                                                                                                                                                0x7ffc1fcfa88d
                                                                                                                                                0x7ffc1fcfa8a2
                                                                                                                                                0x7ffc1fcfa8a4
                                                                                                                                                0x7ffc1fcfa8aa
                                                                                                                                                0x7ffc1fcfa8ab
                                                                                                                                                0x7ffc1fcfa8d7

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00007FFC1FD0D640: __tlregdtor.LIBCMT ref: 00007FFC1FD0D690
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFA6FD
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFA799
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFA807
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFA852
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_openport '{}', {:#x}$system
                                                                                                                                                • API String ID: 333172304-33612538
                                                                                                                                                • Opcode ID: 6fa6c247fdee1d97a4ab246a2aee9091d9b3f152b3ee41501171ff8f04a6126a
                                                                                                                                                • Instruction ID: 38314cc9fed6d97a4971312db29dadc3f712168c985e86e7ea1ef4565396b763
                                                                                                                                                • Opcode Fuzzy Hash: 6fa6c247fdee1d97a4ab246a2aee9091d9b3f152b3ee41501171ff8f04a6126a
                                                                                                                                                • Instruction Fuzzy Hash: 4F519162A18A9D41FA24AF19F45437EA361FB857B0F404235E6AD42BD9DF6CE090C750
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD03C10 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ByteCharMultiWide$FreeTask
                                                                                                                                                • String ID: c:\design\wiservice\wiservice\ext\win\ext-win-winutil.cpp$couldn't get special folder, error {}
                                                                                                                                                • API String ID: 1807027773-2105816268
                                                                                                                                                • Opcode ID: 0aea5c072ffcce53e0958a78cc9f631293463d4cb17f85037c0cb97f6f347947
                                                                                                                                                • Instruction ID: 2e4165531b69f03050a117fc47e16aef7dbe3047c5dff154ec559f75c98dc6f1
                                                                                                                                                • Opcode Fuzzy Hash: 0aea5c072ffcce53e0958a78cc9f631293463d4cb17f85037c0cb97f6f347947
                                                                                                                                                • Instruction Fuzzy Hash: FC419F32608F9986E7259F16F44026AB761FB857A0F484235EB8D03B98DF3CE554C790
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD09190 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 141COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                C-Code - Quality: 40%
                                                                                                                                                			E00007FFC7FFC1FD09190(void* __eflags, long long __rbx, intOrPtr* __rcx, long long __rsi, long long _a16, long long _a24) {
				void* _v8;
				signed int _v16;
				long long _v24;
				long long _v32;
				char _v48;
				long long _v56;
				long long _v64;
				char _v80;
				long long _v88;
				long long _v96;
				intOrPtr _v102;
				short _v104;
				char _v112;
				long long _v120;
				void* __rdi;
				void* _t60;
				signed long long _t78;
				char* _t93;
				intOrPtr _t113;
				long long _t116;
				long long _t119;
				intOrPtr _t122;
				void* _t125;
				void* _t129;
				void* _t134;

				_t127 = __rsi;
				_a16 = __rbx;
				_a24 = __rsi;
				_t78 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_v16 = _t78 ^ _t129 - 0x00000090;
				_t93 = __rcx;
				_v120 = __rcx;
				 *((long long*)(__rcx)) = __rsi;
				 *((long long*)(__rcx + 0x10)) = __rsi;
				 *((long long*)(__rcx + 0x18)) = 0xf;
				 *__rcx = sil;
				 *((long long*)(__rcx + 0x38)) = 0xf;
				 *((intOrPtr*)(__rcx + 0x20)) = sil;
				 *((long long*)(__rcx + 0x30)) = 8;
				 *((long long*)(__rcx + 0x20)) = 0x646c6f5f;
				 *((intOrPtr*)(__rcx + 0x28)) = sil;
				 *((long long*)(__rcx + 0x40)) = 0x2710;
				 *((long long*)(__rcx + 0x48)) = __rsi;
				 *((intOrPtr*)(__rcx + 0x50)) = 0;
				 *((intOrPtr*)(__rcx + 0x50)) = 0x3a875d21;
				_v88 = 0xf;
				_v96 = 0xa;
				asm("movsd xmm0, [0x24112]");
				asm("movsd [esp+0x28], xmm0");
				_v104 =  *0x1fd2d340 & 0x0000ffff;
				_v102 = sil;
				E00007FFC7FFC1FD0D6B0(0x646c6f5f,  &_v48); // executed
				E00007FFC7FFC1FD03370(__rcx,  &_v80, 0x646c6f5f, _t125,  &_v112);
				if (__rcx == 0x646c6f5f) goto 0x1fd092c4;
				_t113 =  *((intOrPtr*)(__rcx + 0x18));
				if (_t113 - 0x10 < 0) goto 0x1fd09298;
				if (_t113 + 1 - 0x1000 < 0) goto 0x1fd09293;
				if ( *__rcx -  *((intOrPtr*)( *__rcx - 8)) - 8 - 0x1f > 0) goto 0x1fd092f8;
				E00007FFC7FFC1FD156E4();
				 *((long long*)(_t93 + 0x10)) = __rsi;
				 *((long long*)(_t93 + 0x18)) = 0xf;
				 *_t93 = 0;
				asm("movups xmm0, [edi]");
				asm("movups [ebx], xmm0");
				asm("movups xmm1, [edi+0x10]");
				asm("movups [ebx+0x10], xmm1");
				 *0x7478742E646C6F6F = __rsi;
				 *0x7478742E646C6F77 = 0xf;
				 *0x646c6f5f = 0;
				_t116 = _v56;
				if (_t116 - 0x10 < 0) goto 0x1fd09304;
				if (_t116 + 1 - 0x1000 < 0) goto 0x1fd092ff;
				if (_v80 -  *((intOrPtr*)(_v80 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fd092ff;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v64 = __rsi;
				_v56 = 0xf;
				_v80 = 0;
				_t119 = _v24;
				if (_t119 - 0x10 < 0) goto 0x1fd0935a;
				if (_t119 + 1 - 0x1000 < 0) goto 0x1fd09355;
				if (_v48 -  *((intOrPtr*)(_v48 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fd09355;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v32 = __rsi;
				_v24 = 0xf;
				_v48 = 0;
				_t122 = _v88;
				if (_t122 - 0x10 < 0) goto 0x1fd093b0;
				if (_t122 + 1 - 0x1000 < 0) goto 0x1fd093ab;
				if (_v112 -  *((intOrPtr*)(_v112 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fd093ab;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				E00007FFC7FFC1FD0DE70(_t60, _t93, _t93, _t122 + 0x28, 0x646c6f5f, __rsi, _t134);
				E00007FFC7FFC1FD0DB70(_v112 -  *((intOrPtr*)(_v112 - 8)) + 0xfffffff8, _t93, _t93, _t122 + 0x28, 0x646c6f5f, _t127, _t134);
				return E00007FFC7FFC1FD15E20(E00007FFC7FFC1FD105F0(0, _v112 -  *((intOrPtr*)(_v112 - 8)) + 0xfffffff8, _t93, _t93, _t127), _t60, _v16 ^ _t129 - 0x00000090);
			}




























                                                                                                                                                0x7ffc1fd09190
                                                                                                                                                0x7ffc1fd09190
                                                                                                                                                0x7ffc1fd09195
                                                                                                                                                0x7ffc1fd091a2
                                                                                                                                                0x7ffc1fd091ac
                                                                                                                                                0x7ffc1fd091b4
                                                                                                                                                0x7ffc1fd091b7
                                                                                                                                                0x7ffc1fd091be
                                                                                                                                                0x7ffc1fd091c1
                                                                                                                                                0x7ffc1fd091c5
                                                                                                                                                0x7ffc1fd091cd
                                                                                                                                                0x7ffc1fd091d0
                                                                                                                                                0x7ffc1fd091d8
                                                                                                                                                0x7ffc1fd091dc
                                                                                                                                                0x7ffc1fd091ee
                                                                                                                                                0x7ffc1fd091f2
                                                                                                                                                0x7ffc1fd091f6
                                                                                                                                                0x7ffc1fd091fe
                                                                                                                                                0x7ffc1fd09202
                                                                                                                                                0x7ffc1fd09205
                                                                                                                                                0x7ffc1fd0920c
                                                                                                                                                0x7ffc1fd09215
                                                                                                                                                0x7ffc1fd0921e
                                                                                                                                                0x7ffc1fd09226
                                                                                                                                                0x7ffc1fd09233
                                                                                                                                                0x7ffc1fd09238
                                                                                                                                                0x7ffc1fd09242
                                                                                                                                                0x7ffc1fd09255
                                                                                                                                                0x7ffc1fd09260
                                                                                                                                                0x7ffc1fd09262
                                                                                                                                                0x7ffc1fd0926a
                                                                                                                                                0x7ffc1fd09279
                                                                                                                                                0x7ffc1fd0928e
                                                                                                                                                0x7ffc1fd09293
                                                                                                                                                0x7ffc1fd09298
                                                                                                                                                0x7ffc1fd0929c
                                                                                                                                                0x7ffc1fd092a4
                                                                                                                                                0x7ffc1fd092a7
                                                                                                                                                0x7ffc1fd092aa
                                                                                                                                                0x7ffc1fd092ad
                                                                                                                                                0x7ffc1fd092b1
                                                                                                                                                0x7ffc1fd092b5
                                                                                                                                                0x7ffc1fd092b9
                                                                                                                                                0x7ffc1fd092c1
                                                                                                                                                0x7ffc1fd092c4
                                                                                                                                                0x7ffc1fd092cd
                                                                                                                                                0x7ffc1fd092e1
                                                                                                                                                0x7ffc1fd092f6
                                                                                                                                                0x7ffc1fd092f8
                                                                                                                                                0x7ffc1fd092fe
                                                                                                                                                0x7ffc1fd092ff
                                                                                                                                                0x7ffc1fd09304
                                                                                                                                                0x7ffc1fd09309
                                                                                                                                                0x7ffc1fd09312
                                                                                                                                                0x7ffc1fd09317
                                                                                                                                                0x7ffc1fd09323
                                                                                                                                                0x7ffc1fd09337
                                                                                                                                                0x7ffc1fd0934c
                                                                                                                                                0x7ffc1fd0934e
                                                                                                                                                0x7ffc1fd09354
                                                                                                                                                0x7ffc1fd09355
                                                                                                                                                0x7ffc1fd0935a
                                                                                                                                                0x7ffc1fd0935f
                                                                                                                                                0x7ffc1fd0936b
                                                                                                                                                0x7ffc1fd09370
                                                                                                                                                0x7ffc1fd09379
                                                                                                                                                0x7ffc1fd0938d
                                                                                                                                                0x7ffc1fd093a2
                                                                                                                                                0x7ffc1fd093a4
                                                                                                                                                0x7ffc1fd093aa
                                                                                                                                                0x7ffc1fd093ab
                                                                                                                                                0x7ffc1fd093b3
                                                                                                                                                0x7ffc1fd093bb
                                                                                                                                                0x7ffc1fd093f2

                                                                                                                                                APIs
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD092F8
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD0934E
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD093A4
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                • String ID: _old.txt
                                                                                                                                                • API String ID: 3668304517-616907513
                                                                                                                                                • Opcode ID: 9a96ff971de34a4b58c4abe26f650b06592e0d6a33e0442a0494c68a5f3492f4
                                                                                                                                                • Instruction ID: 724e33ac4a40b12b0ed434289558378fb4bae67b24bbe849ff707e3b1a67c4af
                                                                                                                                                • Opcode Fuzzy Hash: 9a96ff971de34a4b58c4abe26f650b06592e0d6a33e0442a0494c68a5f3492f4
                                                                                                                                                • Instruction Fuzzy Hash: 2F61C072A18B9981EB18EF28E04437E7361FB85BA4F504231E69D06BD9CF7DD0A1C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD06090 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                C-Code - Quality: 35%
                                                                                                                                                			E00007FFC7FFC1FD06090(long long __rax, long long __rbx, long long __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v32;
				char _v40;
				char _v56;
				void* _t25;
				void* _t32;
				void* _t36;
				long long _t41;
				long long _t44;
				long long _t63;
				void* _t67;
				void* _t78;

				_t41 = __rax;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_a8 = __rcx;
				_t44 = __rcx;
				_t25 = E00007FFC7FFC1FD26670(__rax);
				if (_t41 == 0) goto 0x1fd060d1;
				r8d =  *((intOrPtr*)(__rcx + 0x28));
				if ( *_t41 == r8d) goto 0x1fd06145;
				_v40 = __rcx + 0x10;
				__imp__AcquireSRWLockShared();
				E00007FFC7FFC1FD156A8(_t25, _t41, __rcx + 0x10);
				_v32 = _t41;
				if (_t41 == 0) goto 0x1fd06110;
				E00007FFC7FFC1FD09AD0(_t32,  *((intOrPtr*)(_t44 + 0x28)), _t36, _t44, _t41, _t44 + 0x38, _t44 + 0x30);
				_t63 = _t41;
				goto 0x1fd06112;
				__imp__ReleaseSRWLockShared();
				E00007FFC7FFC1FD26670(_t41);
				if (_t41 == _t63) goto 0x1fd06145;
				_v56 = 1;
				E00007FFC7FFC1FD26E20( *((intOrPtr*)(_t44 + 0x28)), _t41, _t44, _t44 + 0x48, 0x1fd0c340, _t63, __rsi, _t67,  *((intOrPtr*)(_t44 + 0x48)), _t63, _t78);
				_v40 = _t63;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t63 + 0x128))))))();
				__imp__?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ();
				E00007FFC7FFC1FD1DF50(); // executed
				return E00007FFC7FFC1FD0A810(_t44,  &_v40);
			}














                                                                                                                                                0x7ffc1fd06090
                                                                                                                                                0x7ffc1fd06090
                                                                                                                                                0x7ffc1fd06095
                                                                                                                                                0x7ffc1fd0609a
                                                                                                                                                0x7ffc1fd0609f
                                                                                                                                                0x7ffc1fd060b4
                                                                                                                                                0x7ffc1fd060bb
                                                                                                                                                0x7ffc1fd060c6
                                                                                                                                                0x7ffc1fd060c8
                                                                                                                                                0x7ffc1fd060cf
                                                                                                                                                0x7ffc1fd060d5
                                                                                                                                                0x7ffc1fd060dd
                                                                                                                                                0x7ffc1fd060e9
                                                                                                                                                0x7ffc1fd060ee
                                                                                                                                                0x7ffc1fd060f6
                                                                                                                                                0x7ffc1fd06106
                                                                                                                                                0x7ffc1fd0610b
                                                                                                                                                0x7ffc1fd0610e
                                                                                                                                                0x7ffc1fd06115
                                                                                                                                                0x7ffc1fd0611f
                                                                                                                                                0x7ffc1fd06127
                                                                                                                                                0x7ffc1fd06129
                                                                                                                                                0x7ffc1fd06140
                                                                                                                                                0x7ffc1fd06145
                                                                                                                                                0x7ffc1fd0615b
                                                                                                                                                0x7ffc1fd06164
                                                                                                                                                0x7ffc1fd06174
                                                                                                                                                0x7ffc1fd0619d

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: LockShared$?flush@?$basic_ostream@AcquireD@std@@@std@@ReleaseU?$char_traits@V12@
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2998771425-0
                                                                                                                                                • Opcode ID: e5e5c596da9bdb092d5d06463e3ff5beb724132a46c9db2d6cb914413f5afd47
                                                                                                                                                • Instruction ID: 60eefc5a19f04f53c1e86317bf7c1e838d7d6d4eec6004e4e9a872f17f2c94e6
                                                                                                                                                • Opcode Fuzzy Hash: e5e5c596da9bdb092d5d06463e3ff5beb724132a46c9db2d6cb914413f5afd47
                                                                                                                                                • Instruction Fuzzy Hash: 3E215E62618B5E92DB08EF21D4004B96360FF85BA4F444532EA4D07759DF3CE5A5C790
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD03B40 Relevance: 4.5, APIs: 3, Instructions: 46COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 26%
                                                                                                                                                			E00007FFC7FFC1FD03B40(intOrPtr* __rcx) {
				signed int _v24;
				signed long long _v32;
				char _v56;
				void* __rbx;
				int _t14;
				void* _t19;
				void* _t21;
				signed long long _t31;
				void* _t36;
				void* _t41;
				signed long long _t47;
				void* _t50;
				void* _t51;
				signed long long _t52;

				_t31 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_v24 = _t31 ^ _t52;
				if ( *((long long*)(__rcx + 0x18)) - 0x10 < 0) goto 0x1fd03b5f;
				E00007FFC7FFC1FD03FF0(_t19, _t36,  &_v56,  *__rcx, _t50, _t51);
				_t41 =  >=  ? _v56 :  &_v56;
				_t14 = CreateDirectoryW(??, ??); // executed
				_t47 = _v32;
				if (_t47 - 8 < 0) goto 0x1fd03bcc;
				if (2 + _t47 * 2 - 0x1000 < 0) goto 0x1fd03bc7;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fd03bc7;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				if (_t14 != 0) goto 0x1fd03bf2;
				if (GetLastError() == 0xb7) goto 0x1fd03bf2;
				return E00007FFC7FFC1FD15E20(0, _t21, _v24 ^ _t52);
			}

















                                                                                                                                                0x7ffc1fd03b46
                                                                                                                                                0x7ffc1fd03b50
                                                                                                                                                0x7ffc1fd03b5a
                                                                                                                                                0x7ffc1fd03b67
                                                                                                                                                0x7ffc1fd03b77
                                                                                                                                                0x7ffc1fd03b7f
                                                                                                                                                0x7ffc1fd03b85
                                                                                                                                                0x7ffc1fd03b90
                                                                                                                                                0x7ffc1fd03ba9
                                                                                                                                                0x7ffc1fd03bbe
                                                                                                                                                0x7ffc1fd03bc0
                                                                                                                                                0x7ffc1fd03bc6
                                                                                                                                                0x7ffc1fd03bc7
                                                                                                                                                0x7ffc1fd03bce
                                                                                                                                                0x7ffc1fd03bdb
                                                                                                                                                0x7ffc1fd03bf1

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CreateDirectoryErrorLast_invalid_parameter_noinfo_noreturn
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1363081247-0
                                                                                                                                                • Opcode ID: faef024df2a03db1270b99d93008469492379fdd24af4c472736017e69ee614e
                                                                                                                                                • Instruction ID: 204d4e1f947f5e897bccd2faec46bff4c4e91329790cdabe57f8f4773c19f5f4
                                                                                                                                                • Opcode Fuzzy Hash: faef024df2a03db1270b99d93008469492379fdd24af4c472736017e69ee614e
                                                                                                                                                • Instruction Fuzzy Hash: 7A11C461A18E6E81FE18BF29E48923A2322FF95778F400631D6AD466D5CE6CD090C790
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD27B10 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                			E00007FFC7FFC1FD27B10(long long __rdx, void* __r8) {
				void* _t11;
				long long _t15;
				long _t22;
				void* _t25;

				 *((long long*)(_t25 + 0x10)) = __rdx;
				_t15 =  *((intOrPtr*)( *((intOrPtr*)(__rdx + 0x88))));
				 *((intOrPtr*)(_t15 + 8))();
				 *((long long*)(__rdx + 0x70)) = _t15;
				 *((long long*)(_t25 - 0x50 + 0x20)) = __rdx + 0x70;
				r8d = 0x7a;
				_t11 = E00007FFC7FFC1FCF5460(__r8 - 0x76, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "\'enum_ports\' method throwed BufferSizeException: {}"); // executed
				SetLastError(_t22);
				 *((intOrPtr*)( *((intOrPtr*)(__rdx + 0x58)))) =  *((intOrPtr*)(__rdx + 0x50));
				return _t11;
			}







                                                                                                                                                0x7ffc1fd27b10
                                                                                                                                                0x7ffc1fd27b24
                                                                                                                                                0x7ffc1fd27b27
                                                                                                                                                0x7ffc1fd27b2a
                                                                                                                                                0x7ffc1fd27b32
                                                                                                                                                0x7ffc1fd27b3e
                                                                                                                                                0x7ffc1fd27b4f
                                                                                                                                                0x7ffc1fd27b59
                                                                                                                                                0x7ffc1fd27b66
                                                                                                                                                0x7ffc1fd27b77

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00007FFC1FCF5460: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF558E
                                                                                                                                                  • Part of subcall function 00007FFC1FCF5460: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF55D5
                                                                                                                                                • SetLastError.KERNEL32 ref: 00007FFC1FD27B59
                                                                                                                                                Strings
                                                                                                                                                • c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp, xrefs: 00007FFC1FD27B44
                                                                                                                                                • 'enum_ports' method throwed BufferSizeException: {}, xrefs: 00007FFC1FD27B37
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$ErrorLast
                                                                                                                                                • String ID: 'enum_ports' method throwed BufferSizeException: {}$c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp
                                                                                                                                                • API String ID: 3964982034-30933652
                                                                                                                                                • Opcode ID: 7869ff0d80f280c4edbe0d1ae805a5289204315e6fb73086d8f10c0cbf007131
                                                                                                                                                • Instruction ID: b673d8f68a0d488727c722d1ef139fc31499ccd083efc165f6c814ab8acf3782
                                                                                                                                                • Opcode Fuzzy Hash: 7869ff0d80f280c4edbe0d1ae805a5289204315e6fb73086d8f10c0cbf007131
                                                                                                                                                • Instruction Fuzzy Hash: 32F01776A04F488AD714DF24E8403A933A1FB88BA8F444136EA4D07764DF7CE559C790
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD03980 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • ?_Xlength_error@std@@YAXPEBD@Z.MSVCP140(?,?,?,?,00007FFC1FD041C5,?,?,?,?,00000000,?,?,?,00000000,00007FFC1FD03B6C), ref: 00007FFC1FD0398B
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Xlength_error@std@@
                                                                                                                                                • String ID: vector too long
                                                                                                                                                • API String ID: 1004598685-2873823879
                                                                                                                                                • Opcode ID: 7facf0b4ce551dd9ebe7992f8db6e7374516873740b80f86a9a3de763a5ba51c
                                                                                                                                                • Instruction ID: 761ae6d678659991bd5d5ba0e69a573a4cc38c908d6fe343a0674e3592ef26c2
                                                                                                                                                • Opcode Fuzzy Hash: 7facf0b4ce551dd9ebe7992f8db6e7374516873740b80f86a9a3de763a5ba51c
                                                                                                                                                • Instruction Fuzzy Hash: 96A00254919C5D91E50CFF51D89517411105F55321E940431D11D415515E1C6576C7E0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF57C0 Relevance: 3.1, APIs: 2, Instructions: 120COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 40%
                                                                                                                                                			E00007FFC7FFC1FCF57C0(intOrPtr __ecx, long long __rdx, long long __r9, intOrPtr* _a40, intOrPtr* _a48, intOrPtr* _a56, intOrPtr* _a64, intOrPtr* _a72, intOrPtr* _a80) {
				signed int _v56;
				long long _v72;
				long long _v88;
				intOrPtr _v104;
				long long _v120;
				intOrPtr _v136;
				long long _v144;
				char _v152;
				intOrPtr _v160;
				char _v184;
				long long _v208;
				long long _v216;
				long long _v224;
				long long _v232;
				char _v248;
				long long _v272;
				long long _v280;
				intOrPtr _v288;
				intOrPtr _v296;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t56;
				signed long long _t68;
				intOrPtr* _t70;
				intOrPtr _t105;
				intOrPtr _t108;
				intOrPtr* _t111;
				void* _t112;
				void* _t113;
				signed long long _t114;

				_t68 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_v56 = _t68 ^ _t114;
				_t111 = __rdx;
				_v288 = __ecx;
				_v272 = __rdx;
				_v296 = r14d;
				_v280 = __r9;
				_t70 = _a40;
				if ( *((long long*)(_t70 + 0x18)) - 0x10 < 0) goto 0x1fcf580f;
				_v152 =  *_t70;
				_v144 =  *((intOrPtr*)(_t70 + 0x10));
				_v136 =  *_a48;
				_v120 =  *_a56;
				_v104 =  *_a64;
				_v88 =  *_a72;
				_v72 =  *_a80;
				_v216 = 0xa51946e;
				_v208 =  &_v152;
				asm("movaps xmm0, [esp+0x80]");
				asm("movdqa [esp+0x60], xmm0");
				_v216 = __r9;
				asm("o16 nop [eax+eax]");
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x1fcf58c0;
				_v208 = 0;
				E00007FFC7FFC1FCF49B0(0xffffffff,  &_v184, __rdx, _t112);
				_v248 = 0;
				_v232 = 0;
				_v224 = 0xf;
				_v248 = 0;
				if ( *_t111 != 0) goto 0x1fcf5906;
				E00007FFC7FFC1FCF9100(0,  &_v248, _t111, 0, r8d);
				E00007FFC7FFC1FD0E5B0(__ecx, _t56, 0, 0,  &_v248,  &_v248, _t112, _t113, r8d,  &_v184); // executed
				_t105 = _v224;
				if (_t105 - 0x10 < 0) goto 0x1fcf5978;
				if (_t105 + 1 - 0x1000 < 0) goto 0x1fcf5972;
				if (_v248 -  *((intOrPtr*)(_v248 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcf5972;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_t108 = _v160;
				if (_t108 - 0x10 < 0) goto 0x1fcf59bf;
				if (_t108 + 1 - 0x1000 < 0) goto 0x1fcf59b9;
				if (_v184 -  *((intOrPtr*)(_v184 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcf59b9;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFC7FFC1FD15E20(E00007FFC7FFC1FD156E4(), __ecx, _v56 ^ _t114);
			}



































                                                                                                                                                0x7ffc1fcf57cd
                                                                                                                                                0x7ffc1fcf57d7
                                                                                                                                                0x7ffc1fcf57e2
                                                                                                                                                0x7ffc1fcf57e7
                                                                                                                                                0x7ffc1fcf57eb
                                                                                                                                                0x7ffc1fcf57f0
                                                                                                                                                0x7ffc1fcf57f5
                                                                                                                                                0x7ffc1fcf57fa
                                                                                                                                                0x7ffc1fcf580a
                                                                                                                                                0x7ffc1fcf5813
                                                                                                                                                0x7ffc1fcf581b
                                                                                                                                                0x7ffc1fcf582d
                                                                                                                                                0x7ffc1fcf583f
                                                                                                                                                0x7ffc1fcf5851
                                                                                                                                                0x7ffc1fcf5863
                                                                                                                                                0x7ffc1fcf5876
                                                                                                                                                0x7ffc1fcf587e
                                                                                                                                                0x7ffc1fcf5892
                                                                                                                                                0x7ffc1fcf589a
                                                                                                                                                0x7ffc1fcf58a2
                                                                                                                                                0x7ffc1fcf58a8
                                                                                                                                                0x7ffc1fcf58ba
                                                                                                                                                0x7ffc1fcf58c8
                                                                                                                                                0x7ffc1fcf58ca
                                                                                                                                                0x7ffc1fcf58e7
                                                                                                                                                0x7ffc1fcf58ef
                                                                                                                                                0x7ffc1fcf58f4
                                                                                                                                                0x7ffc1fcf58f9
                                                                                                                                                0x7ffc1fcf5902
                                                                                                                                                0x7ffc1fcf590c
                                                                                                                                                0x7ffc1fcf5919
                                                                                                                                                0x7ffc1fcf5931
                                                                                                                                                0x7ffc1fcf5937
                                                                                                                                                0x7ffc1fcf5940
                                                                                                                                                0x7ffc1fcf5954
                                                                                                                                                0x7ffc1fcf5969
                                                                                                                                                0x7ffc1fcf596b
                                                                                                                                                0x7ffc1fcf5971
                                                                                                                                                0x7ffc1fcf5972
                                                                                                                                                0x7ffc1fcf5978
                                                                                                                                                0x7ffc1fcf5984
                                                                                                                                                0x7ffc1fcf599b
                                                                                                                                                0x7ffc1fcf59b0
                                                                                                                                                0x7ffc1fcf59b2
                                                                                                                                                0x7ffc1fcf59b8
                                                                                                                                                0x7ffc1fcf59db

                                                                                                                                                APIs
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF596B
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF59B2
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3668304517-0
                                                                                                                                                • Opcode ID: 41ca4bf3ab4fb79ddc749f48be2a6fec773797c27113f2cbb63c340d580bc36e
                                                                                                                                                • Instruction ID: 101556590d4474136108a5fd72aacd123815fbca11bc662ec9c50804a97c1087
                                                                                                                                                • Opcode Fuzzy Hash: 41ca4bf3ab4fb79ddc749f48be2a6fec773797c27113f2cbb63c340d580bc36e
                                                                                                                                                • Instruction Fuzzy Hash: EA515872A18FC985EA249F15F4503AAB361F7C97A0F404625DBAD43B99DF3CD090CB40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF59E0 Relevance: 3.1, APIs: 2, Instructions: 107COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 41%
                                                                                                                                                			E00007FFC7FFC1FCF59E0(intOrPtr __ecx, long long __rdx, long long __r9, intOrPtr* _a40, intOrPtr* _a48) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v104;
				long long _v112;
				char _v120;
				long long _v144;
				long long _v152;
				long long _v160;
				long long _v168;
				char _v184;
				long long _v208;
				long long _v216;
				intOrPtr _v224;
				intOrPtr _v232;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t46;
				signed long long _t58;
				intOrPtr* _t60;
				intOrPtr _t89;
				intOrPtr _t92;
				intOrPtr* _t95;
				void* _t96;
				void* _t97;
				signed long long _t98;

				_t58 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_v56 = _t58 ^ _t98;
				_t95 = __rdx;
				_v224 = __ecx;
				_v208 = __rdx;
				_v232 = r14d;
				_v216 = __r9;
				_t60 = _a40;
				if ( *((long long*)(_t60 + 0x18)) - 0x10 < 0) goto 0x1fcf5a2f;
				_v120 =  *_t60;
				_v112 =  *((intOrPtr*)(_t60 + 0x10));
				_v104 =  *_a48;
				_v152 = 0xae;
				_v144 =  &_v120;
				asm("movaps xmm0, [esp+0x80]");
				asm("movdqa [esp+0x60], xmm0");
				_v152 = __r9;
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x1fcf5a92;
				_v144 = 0;
				E00007FFC7FFC1FCF49B0(0xffffffff,  &_v88, __rdx, _t96);
				_v184 = 0;
				_v168 = 0;
				_v160 = 0xf;
				_v184 = 0;
				if ( *_t95 != 0) goto 0x1fcf5ad8;
				E00007FFC7FFC1FCF9100(0,  &_v184, _t95, 0, r8d);
				E00007FFC7FFC1FD0E5B0(__ecx, _t46, 0, 0,  &_v184,  &_v184, _t96, _t97, r8d,  &_v88); // executed
				_t89 = _v160;
				if (_t89 - 0x10 < 0) goto 0x1fcf5b4a;
				if (_t89 + 1 - 0x1000 < 0) goto 0x1fcf5b44;
				if (_v184 -  *((intOrPtr*)(_v184 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcf5b44;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_t92 = _v64;
				if (_t92 - 0x10 < 0) goto 0x1fcf5b91;
				if (_t92 + 1 - 0x1000 < 0) goto 0x1fcf5b8b;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcf5b8b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFC7FFC1FD15E20(E00007FFC7FFC1FD156E4(), __ecx, _v56 ^ _t98);
			}































                                                                                                                                                0x7ffc1fcf59ed
                                                                                                                                                0x7ffc1fcf59f7
                                                                                                                                                0x7ffc1fcf5a02
                                                                                                                                                0x7ffc1fcf5a07
                                                                                                                                                0x7ffc1fcf5a0b
                                                                                                                                                0x7ffc1fcf5a10
                                                                                                                                                0x7ffc1fcf5a15
                                                                                                                                                0x7ffc1fcf5a1a
                                                                                                                                                0x7ffc1fcf5a2a
                                                                                                                                                0x7ffc1fcf5a33
                                                                                                                                                0x7ffc1fcf5a3b
                                                                                                                                                0x7ffc1fcf5a4e
                                                                                                                                                0x7ffc1fcf5a56
                                                                                                                                                0x7ffc1fcf5a6a
                                                                                                                                                0x7ffc1fcf5a72
                                                                                                                                                0x7ffc1fcf5a7a
                                                                                                                                                0x7ffc1fcf5a80
                                                                                                                                                0x7ffc1fcf5a9a
                                                                                                                                                0x7ffc1fcf5a9c
                                                                                                                                                0x7ffc1fcf5ab9
                                                                                                                                                0x7ffc1fcf5ac1
                                                                                                                                                0x7ffc1fcf5ac6
                                                                                                                                                0x7ffc1fcf5acb
                                                                                                                                                0x7ffc1fcf5ad4
                                                                                                                                                0x7ffc1fcf5ade
                                                                                                                                                0x7ffc1fcf5aeb
                                                                                                                                                0x7ffc1fcf5b03
                                                                                                                                                0x7ffc1fcf5b09
                                                                                                                                                0x7ffc1fcf5b12
                                                                                                                                                0x7ffc1fcf5b26
                                                                                                                                                0x7ffc1fcf5b3b
                                                                                                                                                0x7ffc1fcf5b3d
                                                                                                                                                0x7ffc1fcf5b43
                                                                                                                                                0x7ffc1fcf5b44
                                                                                                                                                0x7ffc1fcf5b4a
                                                                                                                                                0x7ffc1fcf5b56
                                                                                                                                                0x7ffc1fcf5b6d
                                                                                                                                                0x7ffc1fcf5b82
                                                                                                                                                0x7ffc1fcf5b84
                                                                                                                                                0x7ffc1fcf5b8a
                                                                                                                                                0x7ffc1fcf5bad

                                                                                                                                                APIs
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF5B3D
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF5B84
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3668304517-0
                                                                                                                                                • Opcode ID: ad514d73b89011e46b085491cf622546eba65de83bbec79c6894594fd54f9bf6
                                                                                                                                                • Instruction ID: cba94a344cb1ced3eed13354ca0b3971713c1171ebd6901ec508658c2ae7e737
                                                                                                                                                • Opcode Fuzzy Hash: ad514d73b89011e46b085491cf622546eba65de83bbec79c6894594fd54f9bf6
                                                                                                                                                • Instruction Fuzzy Hash: 9B416972A08FD981EA209F29F4403AEA261FB857A0F404635DAAD43BD9DF3CD0A4C740
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF5600 Relevance: 3.1, APIs: 2, Instructions: 105COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 41%
                                                                                                                                                			E00007FFC7FFC1FCF5600(intOrPtr __ecx, long long __rdx, long long __r9, intOrPtr* _a40) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v96;
				char _v104;
				long long _v128;
				long long _v136;
				long long _v144;
				long long _v152;
				char _v168;
				long long _v192;
				long long _v200;
				intOrPtr _v208;
				intOrPtr _v216;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t44;
				signed long long _t56;
				intOrPtr* _t58;
				intOrPtr _t85;
				intOrPtr _t88;
				intOrPtr* _t91;
				void* _t92;
				void* _t93;
				signed long long _t94;

				_t56 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_v56 = _t56 ^ _t94;
				_t91 = __rdx;
				_v208 = __ecx;
				_v192 = __rdx;
				_v216 = r14d;
				_v200 = __r9;
				_t58 = _a40;
				if ( *((long long*)(_t58 + 0x18)) - 0x10 < 0) goto 0x1fcf564f;
				_v104 =  *_t58;
				_v96 =  *((intOrPtr*)(_t58 + 0x10));
				_v136 = 0xe;
				_v128 =  &_v104;
				asm("movaps xmm0, [esp+0x80]");
				asm("movdqa [esp+0x60], xmm0");
				_v136 = __r9;
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x1fcf56a0;
				_v128 = 0;
				E00007FFC7FFC1FCF49B0(0xffffffff,  &_v88, __rdx, _t92);
				_v168 = 0;
				_v152 = 0;
				_v144 = 0xf;
				_v168 = 0;
				if ( *_t91 != 0) goto 0x1fcf56e6;
				E00007FFC7FFC1FCF9100(0,  &_v168, _t91, 0, r8d);
				E00007FFC7FFC1FD0E5B0(__ecx, _t44, 0, 0,  &_v168,  &_v168, _t92, _t93, r8d,  &_v88); // executed
				_t85 = _v144;
				if (_t85 - 0x10 < 0) goto 0x1fcf5758;
				if (_t85 + 1 - 0x1000 < 0) goto 0x1fcf5752;
				if (_v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcf5752;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_t88 = _v64;
				if (_t88 - 0x10 < 0) goto 0x1fcf579f;
				if (_t88 + 1 - 0x1000 < 0) goto 0x1fcf5799;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcf5799;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFC7FFC1FD15E20(E00007FFC7FFC1FD156E4(), __ecx, _v56 ^ _t94);
			}






























                                                                                                                                                0x7ffc1fcf560d
                                                                                                                                                0x7ffc1fcf5617
                                                                                                                                                0x7ffc1fcf5622
                                                                                                                                                0x7ffc1fcf5627
                                                                                                                                                0x7ffc1fcf562b
                                                                                                                                                0x7ffc1fcf5630
                                                                                                                                                0x7ffc1fcf5635
                                                                                                                                                0x7ffc1fcf563a
                                                                                                                                                0x7ffc1fcf564a
                                                                                                                                                0x7ffc1fcf5653
                                                                                                                                                0x7ffc1fcf565b
                                                                                                                                                0x7ffc1fcf5663
                                                                                                                                                0x7ffc1fcf5677
                                                                                                                                                0x7ffc1fcf567f
                                                                                                                                                0x7ffc1fcf5687
                                                                                                                                                0x7ffc1fcf568d
                                                                                                                                                0x7ffc1fcf56a8
                                                                                                                                                0x7ffc1fcf56aa
                                                                                                                                                0x7ffc1fcf56c7
                                                                                                                                                0x7ffc1fcf56cf
                                                                                                                                                0x7ffc1fcf56d4
                                                                                                                                                0x7ffc1fcf56d9
                                                                                                                                                0x7ffc1fcf56e2
                                                                                                                                                0x7ffc1fcf56ec
                                                                                                                                                0x7ffc1fcf56f9
                                                                                                                                                0x7ffc1fcf5711
                                                                                                                                                0x7ffc1fcf5717
                                                                                                                                                0x7ffc1fcf5720
                                                                                                                                                0x7ffc1fcf5734
                                                                                                                                                0x7ffc1fcf5749
                                                                                                                                                0x7ffc1fcf574b
                                                                                                                                                0x7ffc1fcf5751
                                                                                                                                                0x7ffc1fcf5752
                                                                                                                                                0x7ffc1fcf5758
                                                                                                                                                0x7ffc1fcf5764
                                                                                                                                                0x7ffc1fcf577b
                                                                                                                                                0x7ffc1fcf5790
                                                                                                                                                0x7ffc1fcf5792
                                                                                                                                                0x7ffc1fcf5798
                                                                                                                                                0x7ffc1fcf57bb

                                                                                                                                                APIs
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF574B
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF5792
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3668304517-0
                                                                                                                                                • Opcode ID: b3b97f288cdd98ae770e53d96356200d97bc8a0cca4bd8b25c9d459359fb4e94
                                                                                                                                                • Instruction ID: aa62fcba6853901f0ce039017a579c583af091381a03f595c620f00afe4d17bd
                                                                                                                                                • Opcode Fuzzy Hash: b3b97f288cdd98ae770e53d96356200d97bc8a0cca4bd8b25c9d459359fb4e94
                                                                                                                                                • Instruction Fuzzy Hash: BA418AB2A18BD981EA249F15F4403AEA2A1FBD57B0F404636DAAC43BD9DF3CD094C750
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF5DB0 Relevance: 3.1, APIs: 2, Instructions: 101COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 37%
                                                                                                                                                			E00007FFC7FFC1FCF5DB0(intOrPtr __ecx, long long __rdx, long long __r9, intOrPtr* _a40) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v128;
				long long _v136;
				char _v152;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				intOrPtr _v208;
				intOrPtr _v216;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t41;
				signed long long _t52;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr* _t85;
				void* _t86;
				void* _t87;
				void* _t88;
				void* _t96;

				_t96 = _t88;
				_t52 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_v56 = _t52 ^ _t88 - 0x000000e8;
				_t85 = __rdx;
				_v208 = __ecx;
				_v176 = __rdx;
				_v216 = r14d;
				_v184 = __r9;
				 *((long long*)(_t96 - 0x78)) =  *_a40;
				_v200 = 5;
				_v192 = _t96 - 0x78;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x70], xmm0");
				_v200 = __r9;
				asm("o16 nop [eax+eax]");
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x1fcf5e30;
				_v192 = 0;
				E00007FFC7FFC1FCF49B0(0xffffffff,  &_v88, __rdx, _t86);
				_v152 = 0;
				_v136 = 0;
				_v128 = 0xf;
				_v152 = 0;
				if ( *_t85 != 0) goto 0x1fcf5e76;
				E00007FFC7FFC1FCF9100(0,  &_v152, _t85, 0, r8d);
				E00007FFC7FFC1FD0E5B0(__ecx, _t41, 0, 0,  &_v152,  &_v152, _t86, _t87, r8d,  &_v88); // executed
				_t79 = _v128;
				if (_t79 - 0x10 < 0) goto 0x1fcf5eeb;
				if (_t79 + 1 - 0x1000 < 0) goto 0x1fcf5ee5;
				if (_v152 -  *((intOrPtr*)(_v152 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcf5ee5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_t82 = _v64;
				if (_t82 - 0x10 < 0) goto 0x1fcf5f32;
				if (_t82 + 1 - 0x1000 < 0) goto 0x1fcf5f2c;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcf5f2c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFC7FFC1FD15E20(E00007FFC7FFC1FD156E4(), __ecx, _v56 ^ _t88 - 0x000000e8);
			}




























                                                                                                                                                0x7ffc1fcf5db0
                                                                                                                                                0x7ffc1fcf5dbf
                                                                                                                                                0x7ffc1fcf5dc9
                                                                                                                                                0x7ffc1fcf5dd4
                                                                                                                                                0x7ffc1fcf5dd9
                                                                                                                                                0x7ffc1fcf5ddd
                                                                                                                                                0x7ffc1fcf5de2
                                                                                                                                                0x7ffc1fcf5de7
                                                                                                                                                0x7ffc1fcf5df7
                                                                                                                                                0x7ffc1fcf5dfb
                                                                                                                                                0x7ffc1fcf5e08
                                                                                                                                                0x7ffc1fcf5e0d
                                                                                                                                                0x7ffc1fcf5e12
                                                                                                                                                0x7ffc1fcf5e18
                                                                                                                                                0x7ffc1fcf5e27
                                                                                                                                                0x7ffc1fcf5e38
                                                                                                                                                0x7ffc1fcf5e3a
                                                                                                                                                0x7ffc1fcf5e51
                                                                                                                                                0x7ffc1fcf5e59
                                                                                                                                                0x7ffc1fcf5e5e
                                                                                                                                                0x7ffc1fcf5e66
                                                                                                                                                0x7ffc1fcf5e72
                                                                                                                                                0x7ffc1fcf5e7c
                                                                                                                                                0x7ffc1fcf5e89
                                                                                                                                                0x7ffc1fcf5ea1
                                                                                                                                                0x7ffc1fcf5ea7
                                                                                                                                                0x7ffc1fcf5eb3
                                                                                                                                                0x7ffc1fcf5ec7
                                                                                                                                                0x7ffc1fcf5edc
                                                                                                                                                0x7ffc1fcf5ede
                                                                                                                                                0x7ffc1fcf5ee4
                                                                                                                                                0x7ffc1fcf5ee5
                                                                                                                                                0x7ffc1fcf5eeb
                                                                                                                                                0x7ffc1fcf5ef7
                                                                                                                                                0x7ffc1fcf5f0e
                                                                                                                                                0x7ffc1fcf5f23
                                                                                                                                                0x7ffc1fcf5f25
                                                                                                                                                0x7ffc1fcf5f2b
                                                                                                                                                0x7ffc1fcf5f4e

                                                                                                                                                APIs
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF5EDE
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF5F25
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3668304517-0
                                                                                                                                                • Opcode ID: a838bf753037ffa15af3f1695615c431d1f2d397897dd096f79ef80fbeb0c1be
                                                                                                                                                • Instruction ID: 5e4f2c4b82d430363a3addf6f99cb5b7646d779c6316d4206d387ee9c6837014
                                                                                                                                                • Opcode Fuzzy Hash: a838bf753037ffa15af3f1695615c431d1f2d397897dd096f79ef80fbeb0c1be
                                                                                                                                                • Instruction Fuzzy Hash: B6419162A18ED982EA209F24F4403AEA2A1FB957B0F505235D7AD437D9DF3CD451C700
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCFCD20 Relevance: 3.1, APIs: 2, Instructions: 101COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 40%
                                                                                                                                                			E00007FFC7FFC1FCFCD20(intOrPtr __ecx, long long __rdx, void* __rbp, long long __r9, intOrPtr* _a40) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v128;
				long long _v136;
				char _v152;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				intOrPtr _v208;
				intOrPtr _v216;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t42;
				signed long long _t53;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr* _t85;
				void* _t86;
				void* _t87;
				void* _t88;
				void* _t96;

				_t87 = __rbp;
				_t96 = _t88;
				_t53 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_v56 = _t53 ^ _t88 - 0x000000e8;
				_t85 = __rdx;
				_v208 = __ecx;
				_v176 = __rdx;
				_v216 = r14d;
				_v184 = __r9;
				 *((intOrPtr*)(_t96 - 0x78)) =  *_a40;
				_v200 = 2;
				_v192 = _t96 - 0x78;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x70], xmm0");
				_v200 = __r9;
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x1fcfcd96;
				_v192 = 0;
				E00007FFC7FFC1FCF49B0(0xffffffff,  &_v88, __rdx, _t86);
				_v152 = 0;
				_v136 = 0;
				_v128 = 0xf;
				_v152 = 0;
				if ( *_t85 != 0) goto 0x1fcfcde0;
				E00007FFC7FFC1FCF9100(0,  &_v152, _t85, 0, r8d);
				E00007FFC7FFC1FD0E5B0(__ecx, _t42, 0, 0,  &_v152,  &_v152, _t86, _t87, r8d,  &_v88); // executed
				_t79 = _v128;
				if (_t79 - 0x10 < 0) goto 0x1fcfce55;
				if (_t79 + 1 - 0x1000 < 0) goto 0x1fcfce4f;
				if (_v152 -  *((intOrPtr*)(_v152 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfce4f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_t82 = _v64;
				if (_t82 - 0x10 < 0) goto 0x1fcfce9c;
				if (_t82 + 1 - 0x1000 < 0) goto 0x1fcfce96;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfce96;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFC7FFC1FD15E20(E00007FFC7FFC1FD156E4(), __ecx, _v56 ^ _t88 - 0x000000e8);
			}




























                                                                                                                                                0x7ffc1fcfcd20
                                                                                                                                                0x7ffc1fcfcd20
                                                                                                                                                0x7ffc1fcfcd2f
                                                                                                                                                0x7ffc1fcfcd39
                                                                                                                                                0x7ffc1fcfcd44
                                                                                                                                                0x7ffc1fcfcd49
                                                                                                                                                0x7ffc1fcfcd4d
                                                                                                                                                0x7ffc1fcfcd52
                                                                                                                                                0x7ffc1fcfcd57
                                                                                                                                                0x7ffc1fcfcd66
                                                                                                                                                0x7ffc1fcfcd6a
                                                                                                                                                0x7ffc1fcfcd77
                                                                                                                                                0x7ffc1fcfcd7c
                                                                                                                                                0x7ffc1fcfcd81
                                                                                                                                                0x7ffc1fcfcd87
                                                                                                                                                0x7ffc1fcfcd9e
                                                                                                                                                0x7ffc1fcfcda0
                                                                                                                                                0x7ffc1fcfcdb7
                                                                                                                                                0x7ffc1fcfcdbf
                                                                                                                                                0x7ffc1fcfcdc4
                                                                                                                                                0x7ffc1fcfcdcc
                                                                                                                                                0x7ffc1fcfcdd8
                                                                                                                                                0x7ffc1fcfcde6
                                                                                                                                                0x7ffc1fcfcdf3
                                                                                                                                                0x7ffc1fcfce0b
                                                                                                                                                0x7ffc1fcfce11
                                                                                                                                                0x7ffc1fcfce1d
                                                                                                                                                0x7ffc1fcfce31
                                                                                                                                                0x7ffc1fcfce46
                                                                                                                                                0x7ffc1fcfce48
                                                                                                                                                0x7ffc1fcfce4e
                                                                                                                                                0x7ffc1fcfce4f
                                                                                                                                                0x7ffc1fcfce55
                                                                                                                                                0x7ffc1fcfce61
                                                                                                                                                0x7ffc1fcfce78
                                                                                                                                                0x7ffc1fcfce8d
                                                                                                                                                0x7ffc1fcfce8f
                                                                                                                                                0x7ffc1fcfce95
                                                                                                                                                0x7ffc1fcfceb8

                                                                                                                                                APIs
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFCE48
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFCE8F
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3668304517-0
                                                                                                                                                • Opcode ID: d4ed7fb66bb2c9ba107551a03052bf810ff580d7d2684cd89f16e94b5866e2b0
                                                                                                                                                • Instruction ID: cd0202dba8e6cb0ffb76a36567ec4126b860293e3c30b1da9de3052214cfba6c
                                                                                                                                                • Opcode Fuzzy Hash: d4ed7fb66bb2c9ba107551a03052bf810ff580d7d2684cd89f16e94b5866e2b0
                                                                                                                                                • Instruction Fuzzy Hash: 7D41A172A08ED982EA20DF28F4403AEA2A1FB857B0F505235D6AD43BD9DF3CD051CB40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF5460 Relevance: 3.1, APIs: 2, Instructions: 101COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 37%
                                                                                                                                                			E00007FFC7FFC1FCF5460(intOrPtr __ecx, long long __rdx, long long __r9, intOrPtr* _a40) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v128;
				long long _v136;
				char _v152;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				intOrPtr _v208;
				intOrPtr _v216;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t41;
				signed long long _t52;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr* _t85;
				void* _t86;
				void* _t87;
				void* _t88;
				void* _t96;

				_t96 = _t88;
				_t52 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_v56 = _t52 ^ _t88 - 0x000000e8;
				_t85 = __rdx;
				_v208 = __ecx;
				_v176 = __rdx;
				_v216 = r14d;
				_v184 = __r9;
				 *((long long*)(_t96 - 0x78)) =  *_a40;
				_v200 = 0xd;
				_v192 = _t96 - 0x78;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x70], xmm0");
				_v200 = __r9;
				asm("o16 nop [eax+eax]");
				if ( *((char*)(__r9 + 0xffffffff)) != 0) goto 0x1fcf54e0;
				_v192 = 0;
				E00007FFC7FFC1FCF49B0(0xffffffff,  &_v88, __rdx, _t86);
				_v152 = 0;
				_v136 = 0;
				_v128 = 0xf;
				_v152 = 0;
				if ( *_t85 != 0) goto 0x1fcf5526;
				E00007FFC7FFC1FCF9100(0,  &_v152, _t85, 0, r8d);
				E00007FFC7FFC1FD0E5B0(__ecx, _t41, 0, 0,  &_v152,  &_v152, _t86, _t87, r8d,  &_v88); // executed
				_t79 = _v128;
				if (_t79 - 0x10 < 0) goto 0x1fcf559b;
				if (_t79 + 1 - 0x1000 < 0) goto 0x1fcf5595;
				if (_v152 -  *((intOrPtr*)(_v152 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcf5595;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_t82 = _v64;
				if (_t82 - 0x10 < 0) goto 0x1fcf55e2;
				if (_t82 + 1 - 0x1000 < 0) goto 0x1fcf55dc;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcf55dc;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFC7FFC1FD15E20(E00007FFC7FFC1FD156E4(), __ecx, _v56 ^ _t88 - 0x000000e8);
			}




























                                                                                                                                                0x7ffc1fcf5460
                                                                                                                                                0x7ffc1fcf546f
                                                                                                                                                0x7ffc1fcf5479
                                                                                                                                                0x7ffc1fcf5484
                                                                                                                                                0x7ffc1fcf5489
                                                                                                                                                0x7ffc1fcf548d
                                                                                                                                                0x7ffc1fcf5492
                                                                                                                                                0x7ffc1fcf5497
                                                                                                                                                0x7ffc1fcf54a7
                                                                                                                                                0x7ffc1fcf54ab
                                                                                                                                                0x7ffc1fcf54b8
                                                                                                                                                0x7ffc1fcf54bd
                                                                                                                                                0x7ffc1fcf54c2
                                                                                                                                                0x7ffc1fcf54c8
                                                                                                                                                0x7ffc1fcf54d7
                                                                                                                                                0x7ffc1fcf54e8
                                                                                                                                                0x7ffc1fcf54ea
                                                                                                                                                0x7ffc1fcf5501
                                                                                                                                                0x7ffc1fcf5509
                                                                                                                                                0x7ffc1fcf550e
                                                                                                                                                0x7ffc1fcf5516
                                                                                                                                                0x7ffc1fcf5522
                                                                                                                                                0x7ffc1fcf552c
                                                                                                                                                0x7ffc1fcf5539
                                                                                                                                                0x7ffc1fcf5551
                                                                                                                                                0x7ffc1fcf5557
                                                                                                                                                0x7ffc1fcf5563
                                                                                                                                                0x7ffc1fcf5577
                                                                                                                                                0x7ffc1fcf558c
                                                                                                                                                0x7ffc1fcf558e
                                                                                                                                                0x7ffc1fcf5594
                                                                                                                                                0x7ffc1fcf5595
                                                                                                                                                0x7ffc1fcf559b
                                                                                                                                                0x7ffc1fcf55a7
                                                                                                                                                0x7ffc1fcf55be
                                                                                                                                                0x7ffc1fcf55d3
                                                                                                                                                0x7ffc1fcf55d5
                                                                                                                                                0x7ffc1fcf55db
                                                                                                                                                0x7ffc1fcf55fe

                                                                                                                                                APIs
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF558E
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF55D5
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3668304517-0
                                                                                                                                                • Opcode ID: 1b262f16a3cbe13ea6eb7262430d883ccc970adad349daea530cfed625344f8e
                                                                                                                                                • Instruction ID: 2e83bd51d702eabc9377fdc4e8c7cbe91914e2d8ae40963d9a4a31720b9315ba
                                                                                                                                                • Opcode Fuzzy Hash: 1b262f16a3cbe13ea6eb7262430d883ccc970adad349daea530cfed625344f8e
                                                                                                                                                • Instruction Fuzzy Hash: 8F418162A18ED942EA209F24F4403AEA3A1FB957B0F505235D7AC437D9DF3CD451CB50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD08050 Relevance: 3.1, APIs: 2, Instructions: 54threadCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 33%
                                                                                                                                                			E00007FFC7FFC1FD08050(long long __rax, long long __rbx, long long __rcx, void* __rdx, long long __r8, void* __r9, long long _a8, long long _a16, void* _a24) {
				long long _v40;
				void* __rdi;
				void* __rsi;
				long _t12;
				void* _t21;
				intOrPtr* _t25;

				_a16 = __rbx;
				_a8 = __rcx;
				_t25 = __r8;
				_t12 = GetCurrentThreadId();
				r10d =  *(__r8 + 4);
				_t21 = r10d - _t12;
				if (_t21 != 0) goto 0x1fd08082;
				 *((intOrPtr*)(__r8)) =  *((intOrPtr*)(__r8)) + 1;
				goto 0x1fd08093;
				asm("lock bts dword [ebx+0x8], 0x1f");
				if (_t21 < 0) goto 0x1fd080f6;
				 *(__r8 + 4) = _t12;
				 *((intOrPtr*)(__r8)) = 1;
				_v40 = __r8;
				E00007FFC7FFC1FD06090(__rax, __r8, __rcx, __rdx, __rcx, __r9, __r9); // executed
				 *_t25 =  *_t25 - 1;
				if (_t21 != 0) goto 0x1fd080e6;
				 *((intOrPtr*)(_t25 + 4)) = 0;
				asm("lock xadd [ecx], eax");
				asm("bt eax, 0x1e");
				if (_t21 < 0) goto 0x1fd080e6;
				if (0x80000000 - 0x80000000 <= 0) goto 0x1fd080e6;
				asm("lock bts dword [ecx], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x1fd080e6;
				E00007FFC7FFC1FD0D940(_t25 + 8);
				SetEvent(??);
				return 1;
			}









                                                                                                                                                0x7ffc1fd08050
                                                                                                                                                0x7ffc1fd08055
                                                                                                                                                0x7ffc1fd08065
                                                                                                                                                0x7ffc1fd0806e
                                                                                                                                                0x7ffc1fd08074
                                                                                                                                                0x7ffc1fd08079
                                                                                                                                                0x7ffc1fd0807c
                                                                                                                                                0x7ffc1fd0807e
                                                                                                                                                0x7ffc1fd08080
                                                                                                                                                0x7ffc1fd08082
                                                                                                                                                0x7ffc1fd08088
                                                                                                                                                0x7ffc1fd0808a
                                                                                                                                                0x7ffc1fd0808d
                                                                                                                                                0x7ffc1fd08093
                                                                                                                                                0x7ffc1fd080a6
                                                                                                                                                0x7ffc1fd080ac
                                                                                                                                                0x7ffc1fd080af
                                                                                                                                                0x7ffc1fd080b3
                                                                                                                                                0x7ffc1fd080bf
                                                                                                                                                0x7ffc1fd080c3
                                                                                                                                                0x7ffc1fd080c7
                                                                                                                                                0x7ffc1fd080ce
                                                                                                                                                0x7ffc1fd080d0
                                                                                                                                                0x7ffc1fd080d5
                                                                                                                                                0x7ffc1fd080d7
                                                                                                                                                0x7ffc1fd080df
                                                                                                                                                0x7ffc1fd080f5

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CurrentEventThread
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2592414440-0
                                                                                                                                                • Opcode ID: 834fed51e2728882df6bb9cdc2855ed8d83aedfefd05cddf5e5c8f44ad8cabbe
                                                                                                                                                • Instruction ID: 7d916e9040ad7ccf7fd19779ddc64b4e4b9cc0ea0d2c2382b16283b959c1f01d
                                                                                                                                                • Opcode Fuzzy Hash: 834fed51e2728882df6bb9cdc2855ed8d83aedfefd05cddf5e5c8f44ad8cabbe
                                                                                                                                                • Instruction Fuzzy Hash: 6211B23190CB6D85E709AF35E40527A6360EB55BB4F18C030CE5C57295DE3DD462E7E4
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD117C0 Relevance: 3.0, APIs: 2, Instructions: 47stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _localtime64strftime
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1396910471-0
                                                                                                                                                • Opcode ID: 5b3d6727782fdf8fe32fba85827f6283c99371045998f41104964c7c4878100e
                                                                                                                                                • Instruction ID: 2750018e6274e64662917fd322f55b84b1e116e0d4577808217e411a1b37f0fc
                                                                                                                                                • Opcode Fuzzy Hash: 5b3d6727782fdf8fe32fba85827f6283c99371045998f41104964c7c4878100e
                                                                                                                                                • Instruction Fuzzy Hash: 10215122A08F8886E7209F24E44036AB7A0F7997A4F445335DB9D47799DF7CD1A4CB40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Non-executed Functions

                                                                                                                                                Function 00007FFC1FD14820 Relevance: 21.1, APIs: 14, Instructions: 134COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Locinfo@std@@$??0_??1_Cvtvec@@Getcvt@_Lockit@std@@$??0facet@locale@std@@?c_str@?$_Bid@locale@std@@D@std@@Facet_Getfalse@_Getgloballocale@locale@std@@Gettrue@_Locimp@12@RegisterYarn@localeconvmallocstd::_
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2189335433-0
                                                                                                                                                • Opcode ID: f33d98d7c94fbf605588ee834dde04b49e0d331855461d2d59b937172c80e46e
                                                                                                                                                • Instruction ID: 166468af339efb7916542770ddabd46395c97243808a95a01265eab5e40ab21c
                                                                                                                                                • Opcode Fuzzy Hash: f33d98d7c94fbf605588ee834dde04b49e0d331855461d2d59b937172c80e46e
                                                                                                                                                • Instruction Fuzzy Hash: 2E514C22A0DF5D81E719AF11E5443BA63A1FF8ABA0F494135CA8D03754DF7CE565C3A0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD16758 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 313767242-0
                                                                                                                                                • Opcode ID: ec673b4035b9770a6a4f4f059dcc0db7cd818e2d541853e018e626a61b69cb06
                                                                                                                                                • Instruction ID: e394c0c2004b14d0a02ed9d560acca5159ecc1efc6a0a55ce1fa0cb41d1d96c1
                                                                                                                                                • Opcode Fuzzy Hash: ec673b4035b9770a6a4f4f059dcc0db7cd818e2d541853e018e626a61b69cb06
                                                                                                                                                • Instruction Fuzzy Hash: 10316E72608F9989EB64AF60E8503FD3360FB84758F44443ADA4E47A88DF78D558C7A0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF14A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54libraryloaderCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 48%
                                                                                                                                                			E00007FFC7FFC1FCF14A0(signed int __ebx) {
				void* __rbx;
				void* _t13;
				void* _t15;
				void* _t28;
				void* _t32;
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t36;

				asm("cpuid");
				r8d = 0;
				if (0 - 1 < 0) goto 0x1fcf1589;
				asm("cpuid");
				asm("bt ecx, 0x9");
				if (0 - 1 >= 0) goto 0x1fcf14ff;
				 *0x1fd3ecb0 = E00007FFC7FFC1FD214B0;
				 *0x1fd3ecb8 = E00007FFC7FFC1FD21B10;
				 *0x1fd3ecc0 = E00007FFC7FFC1FD20610;
				 *0x1fd3ecc8 = E00007FFC7FFC1FD20C50;
				_t15 = r8d - 7;
				if (_t15 < 0) goto 0x1fcf1589;
				asm("bt ecx, 0x1b");
				if (_t15 >= 0) goto 0x1fcf1589;
				GetModuleHandleW(??);
				if (E00007FFC7FFC1FD20C50 == 0) goto 0x1fcf1589;
				GetProcAddress(??, ??);
				if (E00007FFC7FFC1FD20C50 == 0) goto 0x1fcf1589;
				E00007FFC7FFC1FD20C50(_t13, E00007FFC7FFC1FD20C50, _t28, E00007FFC7FFC1FD20C50, "GetEnabledExtendedFeatures", _t32, _t33, _t34, _t35, _t36);
				if (E00007FFC7FFC1FD20C50 != 6) goto 0x1fcf1589;
				asm("cpuid");
				if ((__ebx & 0x00000020) == 0) goto 0x1fcf1589;
				 *0x1fd3ecb0 = 0x1fd22ee0;
				 *0x1fd3ecb8 = 0x1fd23570;
				 *0x1fd3ecc0 = 0x1fd22150;
				 *0x1fd3ecc8 = 0x1fd22760;
				return 7;
			}












                                                                                                                                                0x7ffc1fcf14aa
                                                                                                                                                0x7ffc1fcf14ac
                                                                                                                                                0x7ffc1fcf14b2
                                                                                                                                                0x7ffc1fcf14bf
                                                                                                                                                0x7ffc1fcf14c1
                                                                                                                                                0x7ffc1fcf14c5
                                                                                                                                                0x7ffc1fcf14ce
                                                                                                                                                0x7ffc1fcf14dc
                                                                                                                                                0x7ffc1fcf14ea
                                                                                                                                                0x7ffc1fcf14f8
                                                                                                                                                0x7ffc1fcf14ff
                                                                                                                                                0x7ffc1fcf1503
                                                                                                                                                0x7ffc1fcf1509
                                                                                                                                                0x7ffc1fcf150d
                                                                                                                                                0x7ffc1fcf1516
                                                                                                                                                0x7ffc1fcf151f
                                                                                                                                                0x7ffc1fcf152b
                                                                                                                                                0x7ffc1fcf1534
                                                                                                                                                0x7ffc1fcf153b
                                                                                                                                                0x7ffc1fcf1541
                                                                                                                                                0x7ffc1fcf154a
                                                                                                                                                0x7ffc1fcf154f
                                                                                                                                                0x7ffc1fcf1558
                                                                                                                                                0x7ffc1fcf1566
                                                                                                                                                0x7ffc1fcf1574
                                                                                                                                                0x7ffc1fcf1582
                                                                                                                                                0x7ffc1fcf158e

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                • String ID: GetEnabledExtendedFeatures$kernel32.dll
                                                                                                                                                • API String ID: 1646373207-4263775254
                                                                                                                                                • Opcode ID: 10f3bcb67617dfe9785c86ee06e55d0bd729038df4dad0ba893b2cdb0de9f2b4
                                                                                                                                                • Instruction ID: 886045f3ac94276d5cfa4b4a63f9d49e65129bcebdeb844a3cce5eede6ab307d
                                                                                                                                                • Opcode Fuzzy Hash: 10f3bcb67617dfe9785c86ee06e55d0bd729038df4dad0ba893b2cdb0de9f2b4
                                                                                                                                                • Instruction Fuzzy Hash: 4421D564E0DF2E81FB59AF14F8642B972A8BF85371F404539D50E423B0EE6CA179D2E4
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD24F10 Relevance: 4.5, APIs: 3, Instructions: 44memoryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Heap$AllocProcessstd::bad_alloc::bad_alloc
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3165967205-0
                                                                                                                                                • Opcode ID: ab9649f2aad928caa710bf297edcc6490b7c81ae8223c45655c70d04ab203448
                                                                                                                                                • Instruction ID: e3873237437b2e5460435dbe83783047efabbc3474014886d73acd8d2ef2622e
                                                                                                                                                • Opcode Fuzzy Hash: ab9649f2aad928caa710bf297edcc6490b7c81ae8223c45655c70d04ab203448
                                                                                                                                                • Instruction Fuzzy Hash: 2AF03073A09F4982DB09AB16F85407973A0AB89BD4B088035DA5D03755EE3CD564C750
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCFE730 Relevance: 56.5, APIs: 24, Strings: 8, Instructions: 451COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 21%
                                                                                                                                                			E00007FFC7FFC1FCFE730(void* __eax, void* __esi, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __rbp, void* __r8, long long _a8, long long _a24, long long _a32) {
				void* _v24;
				signed int _v32;
				intOrPtr _v72;
				char _v96;
				long long _v104;
				long long _v112;
				long long _v120;
				char _v128;
				long long _v136;
				long long _v144;
				long long _v152;
				char _v160;
				intOrPtr _v168;
				char _v192;
				intOrPtr _v200;
				char _v224;
				long long _v232;
				long long _v240;
				char _v256;
				long long _v264;
				long long _v272;
				short _v288;
				long long _v296;
				long long _v304;
				char _v320;
				long long _v328;
				long long _v336;
				char _v352;
				long long _v360;
				long long _v368;
				char _v384;
				long long _v392;
				long long _v400;
				char _v416;
				void* _v504;
				void* _v520;
				long long _v544;
				long long _v552;
				long long _v560;
				long long _v568;
				long long _v576;
				long long _v584;
				long long _v592;
				long long _v600;
				long long _v616;
				long long _v624;
				long long _v640;
				char _v656;
				char _v664;
				long long _v672;
				void* _v680;
				char _v688;
				char _v696;
				long long _v704;
				long long _v712;
				long long _v720;
				long long _v728;
				signed long long _t255;
				intOrPtr* _t257;
				intOrPtr _t258;
				long long _t313;
				intOrPtr _t317;
				void* _t340;
				intOrPtr* _t364;
				long long _t368;
				long long _t371;
				long long _t377;
				long long _t380;
				signed long long _t387;
				intOrPtr _t390;
				intOrPtr _t395;
				long long _t400;
				intOrPtr _t403;
				long long _t407;
				long long _t412;
				long long _t413;
				intOrPtr* _t414;
				void* _t416;
				void* _t417;
				long long _t427;

				_t416 = __rbp;
				_a8 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t418 = _t417 - 0x2e0;
				_t255 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_v32 = _t255 ^ _t417 - 0x000002e0;
				asm("xorps xmm0, xmm0");
				asm("movdqu [esp+0x88], xmm0");
				_t407 = __rcx + 0x70;
				_v672 = _t407;
				0x1fd15430();
				if (__eax != 0) goto 0x1fcfef5b;
				_t364 =  *((intOrPtr*)(__rcx + 0x60));
				_t257 =  *_t364;
				if (_t257 == _t364) goto 0x1fcfef63;
				if ( *((intOrPtr*)(_t257 + 0x10)) == __rdx) goto 0x1fcfe7b7;
				_t317 =  *_t257;
				_t258 = _t317;
				if (_t317 == _t364) goto 0x1fcfef63;
				goto 0x1fcfe7a0;
				_t412 =  *((intOrPtr*)(_t258 + 0x18));
				_v680 = _t412;
				if (_t412 == 0) goto 0x1fcfe7d7;
				asm("lock inc dword [esi+0x8]");
				_t413 =  *((intOrPtr*)(_t258 + 0x18));
				_v680 = _t413;
				_t313 = _v672;
				_t427 =  *((intOrPtr*)(_t258 + 0x10));
				_v624 = _t427;
				_v616 = _t413;
				0x1fd15436();
				_v640 = _t407;
				0x1fd15430();
				if (__eax != 0) goto 0x1fcfefad;
				if ( *((intOrPtr*)(_t427 + 0xf0)) == 0) goto 0x1fcfeef3;
				FlushFileBuffers(??);
				CloseHandle(??);
				E00007FFC7FFC1FCFD4C0(_t258, _t313,  &_v384, _t427 + 0x40, _t413);
				E00007FFC7FFC1FCFD4C0(_t258, _t313,  &_v416, _t427 + 0x60, _t413);
				_t260 =  >=  ? _v416 :  &_v416;
				_v160 =  >=  ? _v416 :  &_v416;
				_v152 = _v400;
				_t263 =  >=  ? _v384 :  &_v384;
				_v144 =  >=  ? _v384 :  &_v384;
				_v136 = _v368;
				_v600 = 0x1ce;
				_v592 =  &_v160;
				asm("movaps xmm0, [esp+0xa0]");
				asm("movdqa [esp+0xf0], xmm0");
				_v584 = "{}\\temp_{}";
				_v576 = 0xa;
				E00007FFC7FFC1FCF49B0(_t313,  &_v192, _t407, _t413);
				_t368 = _v392;
				if (_t368 - 0x10 < 0) goto 0x1fcfe95f;
				if (_t368 + 1 - 0x1000 < 0) goto 0x1fcfe95a;
				if (_v416 -  *((intOrPtr*)(_v416 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfe95a;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v400 = _t313;
				_v392 = 0xf;
				_v416 = 0;
				_t371 = _v360;
				if (_t371 - 0x10 < 0) goto 0x1fcfe9c2;
				if (_t371 + 1 - 0x1000 < 0) goto 0x1fcfe9bd;
				if (_v384 -  *((intOrPtr*)(_v384 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfe9bd;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v368 = _t313;
				_v360 = 0xf;
				_v384 = 0;
				E00007FFC7FFC1FCFD4C0(_v384 -  *((intOrPtr*)(_v384 - 8)) + 0xfffffff8, _t313,  &_v320, _t427 + 0x40, _t413);
				E00007FFC7FFC1FCFD4C0(_v384 -  *((intOrPtr*)(_v384 - 8)) + 0xfffffff8, _t313,  &_v352, _t427 + 0x60, _t413);
				_t274 =  >=  ? _v352 :  &_v352;
				_v128 =  >=  ? _v352 :  &_v352;
				_v120 = _v336;
				_t277 =  >=  ? _v320 :  &_v320;
				_v112 =  >=  ? _v320 :  &_v320;
				_v104 = _v304;
				_v568 = 0x1ce;
				_v560 =  &_v128;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movdqa [esp+0x100], xmm0");
				_v552 = "{}\\{}";
				_v544 = 5;
				E00007FFC7FFC1FCF49B0(_t313,  &_v256, _t407, _t413);
				_t377 = _v328;
				if (_t377 - 0x10 < 0) goto 0x1fcfeb12;
				if (_t377 + 1 - 0x1000 < 0) goto 0x1fcfeb0d;
				if (_v352 -  *((intOrPtr*)(_v352 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfeb0d;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v336 = _t313;
				_v328 = 0xf;
				_v352 = 0;
				_t380 = _v296;
				if (_t380 - 0x10 < 0) goto 0x1fcfeb74;
				if (_t380 + 1 - 0x1000 < 0) goto 0x1fcfeb6f;
				if (_v320 -  *((intOrPtr*)(_v320 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfeb6f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v304 = _t313;
				_v296 = 0xf;
				_v320 = 0;
				if ( *((intOrPtr*)(_t427 + 0x100)) == 0) goto 0x1fcfeba2;
				DeleteDC(??);
				 *((long long*)(_t427 + 0xf0)) = _t313;
				 *((long long*)(_t427 + 0x100)) = _t313;
				 *((char*)(_t427 + 0xa1)) = 0;
				_v688 = _t313;
				E00007FFC7FFC1FCFD4C0(_v320 -  *((intOrPtr*)(_v320 - 8)) + 0xfffffff8, _t313,  &_v224, _t427 + 0x80, _t413);
				_t385 =  >=  ? _v224 :  &_v224;
				E00007FFC7FFC1FD03FF0(0, _t313,  &_v288,  >=  ? _v224 :  &_v224, _t413, _t416);
				_t340 =  >=  ? _v288 :  &_v288;
				r8d = 0;
				r15b = OpenPrinterW(??, ??, ??) > 0;
				_v696 = r15b;
				_t387 = _v264;
				if (_t387 - 8 < 0) goto 0x1fcfec76;
				if (2 + _t387 * 2 - 0x1000 < 0) goto 0x1fcfec71;
				if (_v288 -  *((intOrPtr*)(_v288 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfec71;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v272 = _t313;
				_v264 = 7;
				_v288 = 0;
				_t390 = _v200;
				if (_t390 - 0x10 < 0) goto 0x1fcfecd8;
				if (_t390 + 1 - 0x1000 < 0) goto 0x1fcfecd3;
				if (_v224 -  *((intOrPtr*)(_v224 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfecd3;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v664 = _v688;
				_v656 =  &_v688;
				E00007FFC7FFC1FCFD4C0( &_v688, _t313,  &_v96, _t427 + 0x80, _t413);
				_v704 =  &_v696;
				_v712 =  &_v664;
				_v720 =  &_v656;
				_v728 =  &_v96;
				r8d = 0x210;
				E00007FFC7FFC1FCFD2C0(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", _t416, "OpenPrinterW (\'{}\', {:#x} -> {:#x}, NULL) -> {}");
				_t395 = _v72;
				if (_t395 - 0x10 < 0) goto 0x1fcfed91;
				if (_t395 + 1 - 0x1000 < 0) goto 0x1fcfed8c;
				if (_v96 -  *((intOrPtr*)(_v96 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfed8c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				if (r15b == 0) goto 0x1fcfedc1;
				_v728 = 5;
				r9d = 0;
				r8d = 0;
				0x1fd15406();
				CloseHandle(??);
				_v728 =  &_v192;
				r8d = 0x24d;
				E00007FFC7FFC1FCF5600(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "finalizing PCL \'{}\'");
				if (E00007FFC7FFC1FD03F10( &_v192) == 0) goto 0x1fcfefb5;
				if (E00007FFC7FFC1FD03F10( &_v256) == 0) goto 0x1fcfee1f;
				E00007FFC7FFC1FD02D50( &_v256);
				if (E00007FFC7FFC1FD02DE0(0, _t313,  &_v192,  &_v256) == 0) goto 0x1fcfefdd;
				_t414 = _v680;
				_t400 = _v232;
				if (_t400 - 0x10 < 0) goto 0x1fcfee90;
				if (_t400 + 1 - 0x1000 < 0) goto 0x1fcfee8b;
				if (_v256 -  *((intOrPtr*)(_v256 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfee8b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v240 = _t313;
				_v232 = 0xf;
				_v256 = 0;
				_t403 = _v168;
				if (_t403 - 0x10 < 0) goto 0x1fcfeef3;
				if (_t403 + 1 - 0x1000 < 0) goto 0x1fcfeeed;
				if (_v192 -  *((intOrPtr*)(_v192 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfeeed;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				0x1fd15436();
				if (_t414 == 0) goto 0x1fcfef2d;
				asm("lock xadd [esi+0x8], eax");
				if (0xffffffff != 1) goto 0x1fcfef2d;
				 *((intOrPtr*)( *_t414))();
				asm("lock xadd [esi+0xc], ebx");
				if (0xffffffff != 1) goto 0x1fcfef2d;
				return E00007FFC7FFC1FD15E20( *((intOrPtr*)( *_t414 + 8))(), 1, _v32 ^ _t418);
			}



















































































                                                                                                                                                0x7ffc1fcfe730
                                                                                                                                                0x7ffc1fcfe730
                                                                                                                                                0x7ffc1fcfe735
                                                                                                                                                0x7ffc1fcfe73a
                                                                                                                                                0x7ffc1fcfe745
                                                                                                                                                0x7ffc1fcfe74c
                                                                                                                                                0x7ffc1fcfe756
                                                                                                                                                0x7ffc1fcfe764
                                                                                                                                                0x7ffc1fcfe767
                                                                                                                                                0x7ffc1fcfe770
                                                                                                                                                0x7ffc1fcfe777
                                                                                                                                                0x7ffc1fcfe77f
                                                                                                                                                0x7ffc1fcfe786
                                                                                                                                                0x7ffc1fcfe78c
                                                                                                                                                0x7ffc1fcfe790
                                                                                                                                                0x7ffc1fcfe796
                                                                                                                                                0x7ffc1fcfe7a4
                                                                                                                                                0x7ffc1fcfe7a6
                                                                                                                                                0x7ffc1fcfe7a9
                                                                                                                                                0x7ffc1fcfe7af
                                                                                                                                                0x7ffc1fcfe7b5
                                                                                                                                                0x7ffc1fcfe7b7
                                                                                                                                                0x7ffc1fcfe7bb
                                                                                                                                                0x7ffc1fcfe7c3
                                                                                                                                                0x7ffc1fcfe7c5
                                                                                                                                                0x7ffc1fcfe7c9
                                                                                                                                                0x7ffc1fcfe7cd
                                                                                                                                                0x7ffc1fcfe7d2
                                                                                                                                                0x7ffc1fcfe7d7
                                                                                                                                                0x7ffc1fcfe7db
                                                                                                                                                0x7ffc1fcfe7e3
                                                                                                                                                0x7ffc1fcfe7ee
                                                                                                                                                0x7ffc1fcfe7f3
                                                                                                                                                0x7ffc1fcfe7fb
                                                                                                                                                0x7ffc1fcfe802
                                                                                                                                                0x7ffc1fcfe812
                                                                                                                                                0x7ffc1fcfe818
                                                                                                                                                0x7ffc1fcfe825
                                                                                                                                                0x7ffc1fcfe837
                                                                                                                                                0x7ffc1fcfe849
                                                                                                                                                0x7ffc1fcfe860
                                                                                                                                                0x7ffc1fcfe869
                                                                                                                                                0x7ffc1fcfe879
                                                                                                                                                0x7ffc1fcfe892
                                                                                                                                                0x7ffc1fcfe89b
                                                                                                                                                0x7ffc1fcfe8ab
                                                                                                                                                0x7ffc1fcfe8b3
                                                                                                                                                0x7ffc1fcfe8c7
                                                                                                                                                0x7ffc1fcfe8cf
                                                                                                                                                0x7ffc1fcfe8d7
                                                                                                                                                0x7ffc1fcfe8e7
                                                                                                                                                0x7ffc1fcfe8ef
                                                                                                                                                0x7ffc1fcfe913
                                                                                                                                                0x7ffc1fcfe919
                                                                                                                                                0x7ffc1fcfe925
                                                                                                                                                0x7ffc1fcfe93c
                                                                                                                                                0x7ffc1fcfe951
                                                                                                                                                0x7ffc1fcfe953
                                                                                                                                                0x7ffc1fcfe959
                                                                                                                                                0x7ffc1fcfe95a
                                                                                                                                                0x7ffc1fcfe961
                                                                                                                                                0x7ffc1fcfe969
                                                                                                                                                0x7ffc1fcfe975
                                                                                                                                                0x7ffc1fcfe97c
                                                                                                                                                0x7ffc1fcfe988
                                                                                                                                                0x7ffc1fcfe99f
                                                                                                                                                0x7ffc1fcfe9b4
                                                                                                                                                0x7ffc1fcfe9b6
                                                                                                                                                0x7ffc1fcfe9bc
                                                                                                                                                0x7ffc1fcfe9bd
                                                                                                                                                0x7ffc1fcfe9c2
                                                                                                                                                0x7ffc1fcfe9ca
                                                                                                                                                0x7ffc1fcfe9d6
                                                                                                                                                0x7ffc1fcfe9ea
                                                                                                                                                0x7ffc1fcfe9fc
                                                                                                                                                0x7ffc1fcfea13
                                                                                                                                                0x7ffc1fcfea1c
                                                                                                                                                0x7ffc1fcfea2c
                                                                                                                                                0x7ffc1fcfea45
                                                                                                                                                0x7ffc1fcfea4e
                                                                                                                                                0x7ffc1fcfea5e
                                                                                                                                                0x7ffc1fcfea66
                                                                                                                                                0x7ffc1fcfea7a
                                                                                                                                                0x7ffc1fcfea82
                                                                                                                                                0x7ffc1fcfea8a
                                                                                                                                                0x7ffc1fcfea9a
                                                                                                                                                0x7ffc1fcfeaa2
                                                                                                                                                0x7ffc1fcfeac6
                                                                                                                                                0x7ffc1fcfeacc
                                                                                                                                                0x7ffc1fcfead8
                                                                                                                                                0x7ffc1fcfeaef
                                                                                                                                                0x7ffc1fcfeb04
                                                                                                                                                0x7ffc1fcfeb06
                                                                                                                                                0x7ffc1fcfeb0c
                                                                                                                                                0x7ffc1fcfeb0d
                                                                                                                                                0x7ffc1fcfeb12
                                                                                                                                                0x7ffc1fcfeb1a
                                                                                                                                                0x7ffc1fcfeb26
                                                                                                                                                0x7ffc1fcfeb2e
                                                                                                                                                0x7ffc1fcfeb3a
                                                                                                                                                0x7ffc1fcfeb51
                                                                                                                                                0x7ffc1fcfeb66
                                                                                                                                                0x7ffc1fcfeb68
                                                                                                                                                0x7ffc1fcfeb6e
                                                                                                                                                0x7ffc1fcfeb6f
                                                                                                                                                0x7ffc1fcfeb74
                                                                                                                                                0x7ffc1fcfeb7c
                                                                                                                                                0x7ffc1fcfeb88
                                                                                                                                                0x7ffc1fcfeb9a
                                                                                                                                                0x7ffc1fcfeb9c
                                                                                                                                                0x7ffc1fcfeba2
                                                                                                                                                0x7ffc1fcfeba9
                                                                                                                                                0x7ffc1fcfebb0
                                                                                                                                                0x7ffc1fcfebb8
                                                                                                                                                0x7ffc1fcfebcc
                                                                                                                                                0x7ffc1fcfebe3
                                                                                                                                                0x7ffc1fcfebf4
                                                                                                                                                0x7ffc1fcfec0a
                                                                                                                                                0x7ffc1fcfec13
                                                                                                                                                0x7ffc1fcfec22
                                                                                                                                                0x7ffc1fcfec26
                                                                                                                                                0x7ffc1fcfec2b
                                                                                                                                                0x7ffc1fcfec37
                                                                                                                                                0x7ffc1fcfec53
                                                                                                                                                0x7ffc1fcfec68
                                                                                                                                                0x7ffc1fcfec6a
                                                                                                                                                0x7ffc1fcfec70
                                                                                                                                                0x7ffc1fcfec71
                                                                                                                                                0x7ffc1fcfec76
                                                                                                                                                0x7ffc1fcfec7e
                                                                                                                                                0x7ffc1fcfec8a
                                                                                                                                                0x7ffc1fcfec92
                                                                                                                                                0x7ffc1fcfec9e
                                                                                                                                                0x7ffc1fcfecb5
                                                                                                                                                0x7ffc1fcfecca
                                                                                                                                                0x7ffc1fcfeccc
                                                                                                                                                0x7ffc1fcfecd2
                                                                                                                                                0x7ffc1fcfecd3
                                                                                                                                                0x7ffc1fcfecdd
                                                                                                                                                0x7ffc1fcfece7
                                                                                                                                                0x7ffc1fcfecfb
                                                                                                                                                0x7ffc1fcfed06
                                                                                                                                                0x7ffc1fcfed10
                                                                                                                                                0x7ffc1fcfed1a
                                                                                                                                                0x7ffc1fcfed27
                                                                                                                                                0x7ffc1fcfed33
                                                                                                                                                0x7ffc1fcfed45
                                                                                                                                                0x7ffc1fcfed4b
                                                                                                                                                0x7ffc1fcfed57
                                                                                                                                                0x7ffc1fcfed6e
                                                                                                                                                0x7ffc1fcfed83
                                                                                                                                                0x7ffc1fcfed85
                                                                                                                                                0x7ffc1fcfed8b
                                                                                                                                                0x7ffc1fcfed8c
                                                                                                                                                0x7ffc1fcfed94
                                                                                                                                                0x7ffc1fcfed96
                                                                                                                                                0x7ffc1fcfed9e
                                                                                                                                                0x7ffc1fcfeda1
                                                                                                                                                0x7ffc1fcfedb0
                                                                                                                                                0x7ffc1fcfedba
                                                                                                                                                0x7ffc1fcfedc9
                                                                                                                                                0x7ffc1fcfedd5
                                                                                                                                                0x7ffc1fcfede7
                                                                                                                                                0x7ffc1fcfedfb
                                                                                                                                                0x7ffc1fcfee10
                                                                                                                                                0x7ffc1fcfee1a
                                                                                                                                                0x7ffc1fcfee36
                                                                                                                                                0x7ffc1fcfee45
                                                                                                                                                0x7ffc1fcfee4a
                                                                                                                                                0x7ffc1fcfee56
                                                                                                                                                0x7ffc1fcfee6d
                                                                                                                                                0x7ffc1fcfee82
                                                                                                                                                0x7ffc1fcfee84
                                                                                                                                                0x7ffc1fcfee8a
                                                                                                                                                0x7ffc1fcfee8b
                                                                                                                                                0x7ffc1fcfee90
                                                                                                                                                0x7ffc1fcfee98
                                                                                                                                                0x7ffc1fcfeea4
                                                                                                                                                0x7ffc1fcfeeac
                                                                                                                                                0x7ffc1fcfeeb8
                                                                                                                                                0x7ffc1fcfeecf
                                                                                                                                                0x7ffc1fcfeee4
                                                                                                                                                0x7ffc1fcfeee6
                                                                                                                                                0x7ffc1fcfeeec
                                                                                                                                                0x7ffc1fcfeeed
                                                                                                                                                0x7ffc1fcfeef6
                                                                                                                                                0x7ffc1fcfeeff
                                                                                                                                                0x7ffc1fcfef08
                                                                                                                                                0x7ffc1fcfef10
                                                                                                                                                0x7ffc1fcfef18
                                                                                                                                                0x7ffc1fcfef1a
                                                                                                                                                0x7ffc1fcfef22
                                                                                                                                                0x7ffc1fcfef5a

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$ExceptionThrow$C_error@std@@CloseHandleMtx_lockMtx_unlockThrow_$BuffersConcurrency::cancel_current_taskDeleteFileFlushOpenPrinter__std_exception_copymemmove
                                                                                                                                                • String ID: OpenPrinterW ('{}', {:#x} -> {:#x}, NULL) -> {}$c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$couldn't rename file$file not found$finalizing PCL '{}'$port object {:#x} is not present in the list${}\temp_{}${}\{}
                                                                                                                                                • API String ID: 2160768893-1265162037
                                                                                                                                                • Opcode ID: 8d3aa403157e80102d7702836a88bff4699d280cf87d949fd7bc0e9d31e86c8c
                                                                                                                                                • Instruction ID: a194a1dfa271648c5beac512dc80f930c23a2813b08fa458c048b17c956b77cd
                                                                                                                                                • Opcode Fuzzy Hash: 8d3aa403157e80102d7702836a88bff4699d280cf87d949fd7bc0e9d31e86c8c
                                                                                                                                                • Instruction Fuzzy Hash: 29224A72608FDA80EA74DF14F4943EAA361FB857A0F404232DA9D43AA9DF7CD095DB50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD02420 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 260fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$C_error@std@@Mtx_lockMtx_unlockThrow_$ExceptionThrow$CloseFileHandleOpenPrinterWrite
                                                                                                                                                • String ID: OpenPrinterW ('{}', {:#x} -> {:#x}, NULL) -> {}$c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$no file handle to write$port object {:#x} is not present in the list
                                                                                                                                                • API String ID: 2224752147-625230079
                                                                                                                                                • Opcode ID: bec96de1d5c64782ee2e06c121ecddc0c74bbb1cfe5fca5b33dcac675fce2d95
                                                                                                                                                • Instruction ID: 9c41eeba9de3f32c7f6cbff4450c3729b3099c77d8f9806afa58e2625a6473a9
                                                                                                                                                • Opcode Fuzzy Hash: bec96de1d5c64782ee2e06c121ecddc0c74bbb1cfe5fca5b33dcac675fce2d95
                                                                                                                                                • Instruction Fuzzy Hash: 48B1AC32A08EAA85EB18EF64E4403BD6761EB857A4F504132EA5D03BA9DF3CD495C790
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD25590 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 250COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 25%
                                                                                                                                                			E00007FFC7FFC1FD25590(void* __ecx, void* __edx, long long __rbx, long long* __rcx, long long __rsi, long long __rbp, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed int _v56;
				char _v144;
				long long _v152;
				void* _t78;
				void* _t83;
				void* _t95;
				char _t100;
				signed long long _t109;
				intOrPtr* _t119;
				intOrPtr* _t121;
				intOrPtr* _t122;
				long long _t138;
				intOrPtr _t144;
				intOrPtr _t156;
				intOrPtr* _t157;
				intOrPtr _t160;
				intOrPtr* _t162;
				intOrPtr _t167;
				void* _t169;
				long long* _t174;
				long long _t175;
				intOrPtr _t176;
				intOrPtr _t177;

				_t78 = __ecx;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t109 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_v56 = _t109 ^ _t169 - 0x00000090;
				_t174 = __rcx;
				 *__rcx = 0x1fd2ef28;
				_t162 =  *((intOrPtr*)(__rcx + 0x38));
				_t167 =  *((intOrPtr*)(__rcx + 0x40));
				r13d = 0;
				_t83 = _t162 - _t167;
				if (_t83 == 0) goto 0x1fd25744;
				asm("lock xadd [ecx], eax");
				asm("bt eax, 0x1e");
				if (_t83 < 0) goto 0x1fd25611;
				if (0x80000000 - 0x80000000 <= 0) goto 0x1fd25611;
				asm("lock bts dword [ecx], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x1fd25611;
				E00007FFC7FFC1FD0D940( *((intOrPtr*)(_t162 + 8)));
				SetEvent(??);
				_t176 =  *_t162;
				if ( *((intOrPtr*)(_t176 + 0x10)) == 0) goto 0x1fd25737;
				E00007FFC7FFC1FD26690( *((intOrPtr*)(_t176 + 0x10)), 0x1fd2ef28, __rbx, _t176, _t162);
				if ( *((intOrPtr*)(_t176 + 0x10)) != 0) goto 0x1fd25635;
				goto 0x1fd25706;
				 *((intOrPtr*)(_t176 + 0x10)) = r13d;
				r8d = 0;
				ReleaseSemaphore(??, ??, ??);
				_t119 =  *((intOrPtr*)(_t176 + 0x18));
				_t156 =  *((intOrPtr*)(_t176 + 0x20));
				if (_t119 == _t156) goto 0x1fd2567f;
				asm("o16 nop [eax+eax]");
				 *((char*)( *_t119 + 0x14)) = 1;
				r8d = 0;
				ReleaseSemaphore(??, ??, ??);
				if (_t119 + 8 != _t156) goto 0x1fd25660;
				_t177 =  *((intOrPtr*)(_t176 + 0x20));
				_t157 =  *((intOrPtr*)(_t176 + 0x18));
				if (_t157 == _t177) goto 0x1fd256ea;
				_t121 =  *_t157;
				if (_t121 == 0) goto 0x1fd256dd;
				asm("lock xadd [ebx+0x18], eax");
				if (0xffffffff != 1) goto 0x1fd256dd;
				if ( *((intOrPtr*)(_t121 + 8)) - 1 - 0xfffffffd > 0) goto 0x1fd256bc;
				CloseHandle(??);
				if ( *_t121 - 1 - 0xfffffffd > 0) goto 0x1fd256d0;
				CloseHandle(??);
				E00007FFC7FFC1FD156E4();
				if (_t157 + 8 != _t177) goto 0x1fd25690;
				 *((long long*)(_t176 + 0x20)) =  *((intOrPtr*)(_t176 + 0x18));
				_t95 =  *((intOrPtr*)(_t176 + 0x30)) - 1 - 0xfffffffd;
				if (_t95 > 0) goto 0x1fd25702;
				CloseHandle(??);
				 *((long long*)(_t176 + 0x30)) = _t175;
				asm("lock inc ecx");
				asm("bt eax, 0x1e");
				if (_t95 < 0) goto 0x1fd25737;
				if (0x80000000 - 0x80000000 <= 0) goto 0x1fd25737;
				asm("lock inc ecx");
				if (0x80000000 - 0x80000000 < 0) goto 0x1fd25737;
				E00007FFC7FFC1FD0D940(_t176);
				SetEvent(??);
				if (_t162 + 0x10 != _t167) goto 0x1fd255e2;
				_t122 =  *((intOrPtr*)(_t174 + 0x50));
				_t160 =  *((intOrPtr*)(_t174 + 0x58));
				if (_t122 == _t160) goto 0x1fd257c6;
				_t138 =  *_t122 + 0x30;
				_v152 = _t138;
				_v144 = 0;
				if (_t138 == 0) goto 0x1fd2588b;
				E00007FFC7FFC1FD26690(_t138,  *((intOrPtr*)(_t176 + 0x30)) - 1, _t122, _t138,  *_t122);
				_v144 = 1;
				E00007FFC7FFC1FD267A0();
				_t100 = _v144;
				if (_t100 == 0) goto 0x1fd257bd;
				asm("lock xadd [ecx], eax");
				asm("bt eax, 0x1e");
				if (_t100 < 0) goto 0x1fd257bd;
				if (0x80000000 - 0x80000000 <= 0) goto 0x1fd257bd;
				asm("lock bts dword [ecx], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x1fd257bd;
				E00007FFC7FFC1FD0D940(_v152);
				SetEvent(??);
				if (_t122 + 0x10 != _t160) goto 0x1fd25753;
				if ( *((intOrPtr*)(_t174 + 0x68)) - 1 - 0xfffffffd > 0) goto 0x1fd257dc;
				CloseHandle(??);
				E00007FFC7FFC1FD193E0(_t174 + 0x50);
				_t144 =  *((intOrPtr*)(_t174 + 0x38));
				if (_t144 == 0) goto 0x1fd25832;
				if (( *((intOrPtr*)(_t174 + 0x48)) - _t144 & 0xfffffff0) - 0x1000 < 0) goto 0x1fd2581d;
				if (_t144 -  *((intOrPtr*)(_t144 - 8)) - 8 - 0x1f > 0) goto 0x1fd25884;
				E00007FFC7FFC1FD156E4();
				 *((long long*)(_t174 + 0x38)) = _t175;
				 *((long long*)(_t174 + 0x40)) = _t175;
				 *((long long*)(_t174 + 0x48)) = _t175;
				E00007FFC7FFC1FD252C0(0x20, _t122 + 0x10, _t174 + 0x28);
				if ( *((intOrPtr*)(_t174 + 0x10)) - 1 - 0xfffffffd > 0) goto 0x1fd25853;
				return E00007FFC7FFC1FD15E20(CloseHandle(??), _t78, _v56 ^ _t169 - 0x00000090);
			}



























                                                                                                                                                0x7ffc1fd25590
                                                                                                                                                0x7ffc1fd25590
                                                                                                                                                0x7ffc1fd25595
                                                                                                                                                0x7ffc1fd2559a
                                                                                                                                                0x7ffc1fd255af
                                                                                                                                                0x7ffc1fd255b9
                                                                                                                                                0x7ffc1fd255c1
                                                                                                                                                0x7ffc1fd255cb
                                                                                                                                                0x7ffc1fd255ce
                                                                                                                                                0x7ffc1fd255d2
                                                                                                                                                0x7ffc1fd255d6
                                                                                                                                                0x7ffc1fd255d9
                                                                                                                                                0x7ffc1fd255dc
                                                                                                                                                0x7ffc1fd255eb
                                                                                                                                                0x7ffc1fd255ef
                                                                                                                                                0x7ffc1fd255f3
                                                                                                                                                0x7ffc1fd255fa
                                                                                                                                                0x7ffc1fd255fc
                                                                                                                                                0x7ffc1fd25601
                                                                                                                                                0x7ffc1fd25603
                                                                                                                                                0x7ffc1fd2560b
                                                                                                                                                0x7ffc1fd25611
                                                                                                                                                0x7ffc1fd2561a
                                                                                                                                                0x7ffc1fd25623
                                                                                                                                                0x7ffc1fd2562e
                                                                                                                                                0x7ffc1fd25630
                                                                                                                                                0x7ffc1fd25635
                                                                                                                                                0x7ffc1fd25639
                                                                                                                                                0x7ffc1fd25640
                                                                                                                                                0x7ffc1fd25646
                                                                                                                                                0x7ffc1fd2564a
                                                                                                                                                0x7ffc1fd25651
                                                                                                                                                0x7ffc1fd25657
                                                                                                                                                0x7ffc1fd25666
                                                                                                                                                0x7ffc1fd2566a
                                                                                                                                                0x7ffc1fd25670
                                                                                                                                                0x7ffc1fd2567d
                                                                                                                                                0x7ffc1fd2567f
                                                                                                                                                0x7ffc1fd25683
                                                                                                                                                0x7ffc1fd2568a
                                                                                                                                                0x7ffc1fd25690
                                                                                                                                                0x7ffc1fd25696
                                                                                                                                                0x7ffc1fd2569d
                                                                                                                                                0x7ffc1fd256a5
                                                                                                                                                0x7ffc1fd256b3
                                                                                                                                                0x7ffc1fd256b5
                                                                                                                                                0x7ffc1fd256c7
                                                                                                                                                0x7ffc1fd256c9
                                                                                                                                                0x7ffc1fd256d8
                                                                                                                                                0x7ffc1fd256e4
                                                                                                                                                0x7ffc1fd256ea
                                                                                                                                                0x7ffc1fd256f6
                                                                                                                                                0x7ffc1fd256fa
                                                                                                                                                0x7ffc1fd256fc
                                                                                                                                                0x7ffc1fd25702
                                                                                                                                                0x7ffc1fd2570b
                                                                                                                                                0x7ffc1fd25710
                                                                                                                                                0x7ffc1fd25714
                                                                                                                                                0x7ffc1fd2571b
                                                                                                                                                0x7ffc1fd2571d
                                                                                                                                                0x7ffc1fd25723
                                                                                                                                                0x7ffc1fd25728
                                                                                                                                                0x7ffc1fd25730
                                                                                                                                                0x7ffc1fd2573e
                                                                                                                                                0x7ffc1fd25744
                                                                                                                                                0x7ffc1fd25749
                                                                                                                                                0x7ffc1fd25751
                                                                                                                                                0x7ffc1fd25756
                                                                                                                                                0x7ffc1fd2575a
                                                                                                                                                0x7ffc1fd2575f
                                                                                                                                                0x7ffc1fd25767
                                                                                                                                                0x7ffc1fd2576d
                                                                                                                                                0x7ffc1fd25772
                                                                                                                                                0x7ffc1fd2577f
                                                                                                                                                0x7ffc1fd25785
                                                                                                                                                0x7ffc1fd2578a
                                                                                                                                                0x7ffc1fd25796
                                                                                                                                                0x7ffc1fd2579a
                                                                                                                                                0x7ffc1fd2579e
                                                                                                                                                0x7ffc1fd257a5
                                                                                                                                                0x7ffc1fd257a7
                                                                                                                                                0x7ffc1fd257ac
                                                                                                                                                0x7ffc1fd257ae
                                                                                                                                                0x7ffc1fd257b6
                                                                                                                                                0x7ffc1fd257c4
                                                                                                                                                0x7ffc1fd257d3
                                                                                                                                                0x7ffc1fd257d5
                                                                                                                                                0x7ffc1fd257e1
                                                                                                                                                0x7ffc1fd257e6
                                                                                                                                                0x7ffc1fd257ee
                                                                                                                                                0x7ffc1fd25803
                                                                                                                                                0x7ffc1fd25818
                                                                                                                                                0x7ffc1fd2581d
                                                                                                                                                0x7ffc1fd25823
                                                                                                                                                0x7ffc1fd25828
                                                                                                                                                0x7ffc1fd2582d
                                                                                                                                                0x7ffc1fd25837
                                                                                                                                                0x7ffc1fd2584a
                                                                                                                                                0x7ffc1fd25883

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CloseHandle$Event$ReleaseSemaphore$Create__std_exception_destroy_invalid_parameter_noinfo_noreturnstd::bad_exception::bad_exception
                                                                                                                                                • String ID: boost unique_lock has no mutex
                                                                                                                                                • API String ID: 1979981141-1332336223
                                                                                                                                                • Opcode ID: b1e33c968da0e301f0dc29320e21d6ab030312b58868281888e10f00e01fd81a
                                                                                                                                                • Instruction ID: e9ba3677a780fc51f1dc8f94615fc8caf6e5706cb9a50fd15f81efade2933e99
                                                                                                                                                • Opcode Fuzzy Hash: b1e33c968da0e301f0dc29320e21d6ab030312b58868281888e10f00e01fd81a
                                                                                                                                                • Instruction Fuzzy Hash: 20B1A022A09E5E86EB18AF25D408B797364FB85BB4F944231CA2E43391DF3CD455C3E0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF92D0 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 266COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 72%
                                                                                                                                                			E00007FFC7FFC1FCF92D0(long long __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi) {
				void* _t20;
				void* _t21;
				intOrPtr _t38;
				long long _t55;
				long long _t62;
				unsigned long long _t63;
				void* _t66;
				void* _t70;
				void* _t71;

				_t34 = __rax;
				 *((long long*)(_t66 + 8)) = __rbx;
				 *((long long*)(_t66 + 0x10)) = _t62;
				 *((long long*)(_t66 + 0x18)) = __rsi;
				 *((long long*)(_t66 + 0x20)) = __rdi;
				_t63 =  *((intOrPtr*)(__rcx + 0x18));
				_t71 = __rcx;
				_t38 =  *((intOrPtr*)(__rcx + 8));
				_t55 =  >  ? __rdx : (_t63 >> 1) + _t63;
				if (_t55 - 0x1000 < 0) goto 0x1fcf9337;
				if (_t55 + 0x27 - _t55 <= 0) goto 0x1fcf93b9;
				_t21 = E00007FFC7FFC1FD156A8(_t20, __rax, _t55 + 0x27);
				if (__rax == 0) goto 0x1fcf93b2;
				_t8 = _t34 + 0x27; // 0x27
				 *((long long*)((_t8 & 0xffffffe0) - 8)) = __rax;
				goto 0x1fcf934b;
				if (_t55 == 0) goto 0x1fcf9349;
				E00007FFC7FFC1FD156A8(_t21, __rax, _t55);
				goto 0x1fcf934b;
				memmove(_t70, ??);
				 *((long long*)(_t71 + 8)) = __rax;
				 *((long long*)(_t71 + 0x18)) = _t55;
				if (_t38 == _t71 + 0x20) goto 0x1fcf9397;
				if (_t63 - 0x1000 < 0) goto 0x1fcf938c;
				if (_t38 -  *((intOrPtr*)(_t38 - 8)) - 8 - 0x1f > 0) goto 0x1fcf93b2;
				return E00007FFC7FFC1FD156E4();
			}












                                                                                                                                                0x7ffc1fcf92d0
                                                                                                                                                0x7ffc1fcf92d0
                                                                                                                                                0x7ffc1fcf92d5
                                                                                                                                                0x7ffc1fcf92da
                                                                                                                                                0x7ffc1fcf92df
                                                                                                                                                0x7ffc1fcf92ea
                                                                                                                                                0x7ffc1fcf92ee
                                                                                                                                                0x7ffc1fcf92f1
                                                                                                                                                0x7ffc1fcf9301
                                                                                                                                                0x7ffc1fcf930c
                                                                                                                                                0x7ffc1fcf9315
                                                                                                                                                0x7ffc1fcf931b
                                                                                                                                                0x7ffc1fcf9323
                                                                                                                                                0x7ffc1fcf9329
                                                                                                                                                0x7ffc1fcf9331
                                                                                                                                                0x7ffc1fcf9335
                                                                                                                                                0x7ffc1fcf933a
                                                                                                                                                0x7ffc1fcf933f
                                                                                                                                                0x7ffc1fcf9347
                                                                                                                                                0x7ffc1fcf9355
                                                                                                                                                0x7ffc1fcf935e
                                                                                                                                                0x7ffc1fcf9362
                                                                                                                                                0x7ffc1fcf9369
                                                                                                                                                0x7ffc1fcf9372
                                                                                                                                                0x7ffc1fcf9387
                                                                                                                                                0x7ffc1fcf93b1

                                                                                                                                                APIs
                                                                                                                                                • memmove.VCRUNTIME140 ref: 00007FFC1FCF9355
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF93B2
                                                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFC1FCF93B9
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF94A6
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF9554
                                                                                                                                                  • Part of subcall function 00007FFC1FD156A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFC1FCF8F4E), ref: 00007FFC1FD156C2
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF95B3
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF962E
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF968D
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF96E1
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskmallocmemmove
                                                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_addport '{}', {:#x}, '{}'$system
                                                                                                                                                • API String ID: 2599383951-1193261317
                                                                                                                                                • Opcode ID: 4935a0c16d97e0630a2bf55e0609a616481e8775f26f51872745fbdf5378563e
                                                                                                                                                • Instruction ID: 1d8119b043842351bfab297294338e3d8e2cc0f3612612d1498fca791b31cab1
                                                                                                                                                • Opcode Fuzzy Hash: 4935a0c16d97e0630a2bf55e0609a616481e8775f26f51872745fbdf5378563e
                                                                                                                                                • Instruction Fuzzy Hash: 8FB1C162A09E9981FE24AF25F8543BEA251EB85BF0F404231DAAD07BD9DF7CD090D750
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD007D0 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 168registryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 23%
                                                                                                                                                			E00007FFC7FFC1FD007D0(long long __rbx, long long __rcx, long long __rdi, long long __rsi, long long _a16, long long _a24, long long _a32) {
				void* _v8;
				signed int _v16;
				signed long long _v24;
				intOrPtr _v32;
				char _v48;
				long long _v56;
				long long _v64;
				char _v80;
				char _v88;
				intOrPtr _v96;
				long long _v104;
				void* __rbp;
				long _t58;
				void* _t74;
				signed long long _t100;
				void* _t143;
				signed long long _t144;
				long long _t150;
				long long _t156;
				signed long long _t161;
				long long _t165;
				intOrPtr* _t166;
				long long _t168;
				void* _t171;

				_t168 = __rsi;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t100 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_v16 = _t100 ^ _t171 - 0x00000080;
				_t165 = __rcx;
				_v88 = __rsi;
				if ( *((long long*)(__rcx + 0x18)) - 0x10 < 0) goto 0x1fd0080e;
				E00007FFC7FFC1FD03FF0(_t74, __rbx,  &_v48,  *((intOrPtr*)(__rcx)), __rsi, _t171);
				_t143 =  >=  ? _v48 :  &_v48;
				_v104 =  &_v88;
				r9d = 0x2001b;
				r8d = 0;
				_t58 = RegOpenKeyExW(??, ??, ??, ??, ??);
				_t144 = _v24;
				if (_t144 - 8 < 0) goto 0x1fd00889;
				if (2 + _t144 * 2 - 0x1000 < 0) goto 0x1fd00884;
				if (_v48 -  *((intOrPtr*)(_v48 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fd00884;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				if (_t58 == 0) goto 0x1fd008b5;
				_v104 = _t165;
				r8d = 0x229;
				E00007FFC7FFC1FCF5600(4, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t open registry key \'HKLM\\{}\'");
				goto 0x1fd00a63;
				_t166 =  *((intOrPtr*)(_t165 + 0x60));
				_t117 =  *_t166;
				if ( *_t166 == _t166) goto 0x1fd00a59;
				E00007FFC7FFC1FCFD4C0(_v48 -  *((intOrPtr*)(_v48 - 8)) + 0xfffffff8,  *_t166,  &_v80,  *((intOrPtr*)( *_t166 + 0x10)), _t168);
				_v104 =  &_v80;
				r8d = 0x22d;
				E00007FFC7FFC1FCF5600(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "set \'name\' value to \'{}\'");
				_t150 = _v56;
				if (_t150 - 0x10 < 0) goto 0x1fd00936;
				if (_t150 + 1 - 0x1000 < 0) goto 0x1fd00931;
				if (_v80 -  *((intOrPtr*)(_v80 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x1fd00a44;
				E00007FFC7FFC1FD156E4();
				E00007FFC7FFC1FCFD4C0(_v80 -  *((intOrPtr*)(_v80 - 8)) + 0xfffffff8,  *_t166,  &_v80,  *((intOrPtr*)( *_t166 + 0x10)), _t168);
				_t155 =  >=  ? _v80 :  &_v80;
				E00007FFC7FFC1FD03FF0(_t58, _t117,  &_v48,  >=  ? _v80 :  &_v80, _t168, _t171);
				_t156 = _v56;
				if (_t156 - 0x10 < 0) goto 0x1fd00997;
				if (_t156 + 1 - 0x1000 < 0) goto 0x1fd00992;
				if (_v80 -  *((intOrPtr*)(_v80 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x1fd00a4b;
				E00007FFC7FFC1FD156E4();
				_v64 = _t168;
				_v56 = 0xf;
				_v80 = 0;
				_t133 =  >=  ? _v48 :  &_v48;
				_v96 = _v32 + _v32;
				_v104 =  >=  ? _v48 :  &_v48;
				r9d = 1;
				r8d = 0;
				if (RegSetValueExW(??, ??, ??, ??, ??, ??) == 0) goto 0x1fd00a00;
				r8d = 0x232;
				E00007FFC7FFC1FCF52D0(4, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinter.cpp", "couldn\'t set \'name\' value for key");
				_t161 = _v24;
				if (_t161 - 8 < 0) goto 0x1fd00a3c;
				if (2 + _t161 * 2 - 0x1000 < 0) goto 0x1fd00a37;
				if (_v48 -  *((intOrPtr*)(_v48 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x1fd00a52;
				E00007FFC7FFC1FD156E4();
				goto 0x1fd008bc;
				__imp___invalid_parameter_noinfo_noreturn();
				__imp___invalid_parameter_noinfo_noreturn();
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFC7FFC1FD15E20(RegCloseKey(??), 4, _v16 ^ _t171 - 0x00000080);
			}



























                                                                                                                                                0x7ffc1fd007d0
                                                                                                                                                0x7ffc1fd007d0
                                                                                                                                                0x7ffc1fd007d5
                                                                                                                                                0x7ffc1fd007da
                                                                                                                                                0x7ffc1fd007ea
                                                                                                                                                0x7ffc1fd007f4
                                                                                                                                                0x7ffc1fd007f8
                                                                                                                                                0x7ffc1fd007fd
                                                                                                                                                0x7ffc1fd00809
                                                                                                                                                0x7ffc1fd00812
                                                                                                                                                0x7ffc1fd00820
                                                                                                                                                0x7ffc1fd00829
                                                                                                                                                0x7ffc1fd0082e
                                                                                                                                                0x7ffc1fd00834
                                                                                                                                                0x7ffc1fd0083e
                                                                                                                                                0x7ffc1fd00846
                                                                                                                                                0x7ffc1fd0084e
                                                                                                                                                0x7ffc1fd00866
                                                                                                                                                0x7ffc1fd0087b
                                                                                                                                                0x7ffc1fd0087d
                                                                                                                                                0x7ffc1fd00883
                                                                                                                                                0x7ffc1fd00884
                                                                                                                                                0x7ffc1fd0088b
                                                                                                                                                0x7ffc1fd0088d
                                                                                                                                                0x7ffc1fd00899
                                                                                                                                                0x7ffc1fd008ab
                                                                                                                                                0x7ffc1fd008b0
                                                                                                                                                0x7ffc1fd008b5
                                                                                                                                                0x7ffc1fd008b9
                                                                                                                                                0x7ffc1fd008bf
                                                                                                                                                0x7ffc1fd008cd
                                                                                                                                                0x7ffc1fd008d7
                                                                                                                                                0x7ffc1fd008e3
                                                                                                                                                0x7ffc1fd008f5
                                                                                                                                                0x7ffc1fd008fb
                                                                                                                                                0x7ffc1fd00903
                                                                                                                                                0x7ffc1fd00916
                                                                                                                                                0x7ffc1fd0092b
                                                                                                                                                0x7ffc1fd00931
                                                                                                                                                0x7ffc1fd0093e
                                                                                                                                                0x7ffc1fd0094d
                                                                                                                                                0x7ffc1fd00956
                                                                                                                                                0x7ffc1fd0095c
                                                                                                                                                0x7ffc1fd00964
                                                                                                                                                0x7ffc1fd00977
                                                                                                                                                0x7ffc1fd0098c
                                                                                                                                                0x7ffc1fd00992
                                                                                                                                                0x7ffc1fd00997
                                                                                                                                                0x7ffc1fd0099b
                                                                                                                                                0x7ffc1fd009a3
                                                                                                                                                0x7ffc1fd009b5
                                                                                                                                                0x7ffc1fd009ba
                                                                                                                                                0x7ffc1fd009be
                                                                                                                                                0x7ffc1fd009c3
                                                                                                                                                0x7ffc1fd009c9
                                                                                                                                                0x7ffc1fd009df
                                                                                                                                                0x7ffc1fd009e8
                                                                                                                                                0x7ffc1fd009fa
                                                                                                                                                0x7ffc1fd00a00
                                                                                                                                                0x7ffc1fd00a08
                                                                                                                                                0x7ffc1fd00a20
                                                                                                                                                0x7ffc1fd00a35
                                                                                                                                                0x7ffc1fd00a37
                                                                                                                                                0x7ffc1fd00a3f
                                                                                                                                                0x7ffc1fd00a44
                                                                                                                                                0x7ffc1fd00a4b
                                                                                                                                                0x7ffc1fd00a52
                                                                                                                                                0x7ffc1fd00a58
                                                                                                                                                0x7ffc1fd00a87

                                                                                                                                                APIs
                                                                                                                                                • RegOpenKeyExW.ADVAPI32 ref: 00007FFC1FD0083E
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD0087D
                                                                                                                                                • RegCloseKey.ADVAPI32 ref: 00007FFC1FD00A5D
                                                                                                                                                  • Part of subcall function 00007FFC1FCF5600: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF574B
                                                                                                                                                  • Part of subcall function 00007FFC1FCF5600: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF5792
                                                                                                                                                • RegSetValueExW.ADVAPI32 ref: 00007FFC1FD009D7
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD00A44
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD00A4B
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD00A52
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$CloseOpenValue
                                                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinter.cpp$couldn't open registry key 'HKLM\{}'$couldn't set 'name' value for key$name$set 'name' value to '{}'
                                                                                                                                                • API String ID: 31251203-1549987888
                                                                                                                                                • Opcode ID: bfc47aa9bbd094ba7857c614fb36abe5f43cbc3e9204feff1063875bfdf9c3d6
                                                                                                                                                • Instruction ID: 44e34ac22a72005bfea2d50d64e5bd667db54a4b082406d022cf4e79f1d01656
                                                                                                                                                • Opcode Fuzzy Hash: bfc47aa9bbd094ba7857c614fb36abe5f43cbc3e9204feff1063875bfdf9c3d6
                                                                                                                                                • Instruction Fuzzy Hash: FD717D62B14E6A94FB18EFA4E4443BD2361FB447B4F445231DA2D13AD9DF78D0A1C3A0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD177F0 Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 311COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 32%
                                                                                                                                                			E00007FFC7FFC1FD177F0(void* __esi, void* __eflags, intOrPtr* __rax, void* __rbx, signed char* __rcx, void* __rdx, void* __r8, void* __r9) {
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t102;
				void* _t106;
				void* _t111;
				void* _t112;
				signed int _t118;
				signed int _t119;
				signed int _t123;
				void* _t128;
				void* _t129;
				void* _t134;
				signed int _t136;
				void* _t137;
				intOrPtr* _t163;
				signed long long _t164;
				intOrPtr* _t166;
				signed char* _t167;
				signed char* _t169;
				intOrPtr* _t171;
				signed char* _t172;
				signed long long _t179;
				signed char* _t191;
				long long _t192;
				long long _t194;
				long long* _t214;
				signed long long _t224;
				signed int _t237;
				intOrPtr _t239;
				signed long long _t243;
				void* _t245;
				signed long long _t248;
				void* _t250;
				signed int* _t251;
				void* _t253;
				void* _t254;
				void* _t256;
				void* _t258;
				signed long long _t259;
				intOrPtr _t264;
				long long _t268;
				intOrPtr* _t276;
				intOrPtr _t283;
				void* _t284;
				void* _t287;
				signed int* _t288;
				void* _t290;
				signed char* _t291;
				signed int _t292;
				long long _t294;

				_t163 = __rax;
				_t128 = __eflags;
				_push(__rbx);
				_t191 = __rcx;
				_t102 = E00007FFC7FFC1FD175D0(__rcx, __rdx, __r8, __r9);
				_t258 = _t256 - 0x20 + 0x20;
				_pop(_t192);
				goto 0x1fd17810;
				asm("int3");
				asm("int3");
				 *((long long*)(_t258 + 0x18)) = _t192;
				_t254 = _t258 - 0x27;
				_t259 = _t258 - 0xe0;
				_t164 =  *0x1fd3ec78; // 0x18cf064c5a8d
				 *(_t254 + 0x17) = _t164 ^ _t259;
				_t291 = _t191;
				_t288 =  *_t163;
				__imp__AcquireSRWLockShared(_t250, _t253);
				_t251 =  &(_t288[0xc]);
				_t263 =  *_t251 & 0xfffffffe;
				if (_t128 == 0) goto 0x1fd178ed;
				asm("o16 nop [eax+eax]");
				_t5 = _t263 + 0x20; // 0x20
				_t166 = _t5;
				_t129 =  *((long long*)(_t166 + 0x18)) - 0x10;
				if (_t129 < 0) goto 0x1fd1786e;
				_t167 =  *_t166;
				_t118 = _t167[_t291 - _t167] & 0x000000ff;
				if (_t129 != 0) goto 0x1fd17887;
				if (_t118 != 0) goto 0x1fd17874;
				if (( *_t167 & 0x000000ff) - _t118 >= 0) goto 0x1fd17891;
				_t264 =  *((intOrPtr*)(( *_t251 & 0xfffffffe) + 0x10));
				goto 0x1fd17898;
				_t283 = _t264;
				if ( *((intOrPtr*)(_t264 + 8)) != 0) goto 0x1fd17860;
				if (_t283 == _t251) goto 0x1fd178ed;
				_t10 = _t283 + 0x20; // 0x20
				_t276 = _t10;
				_t134 =  *((long long*)(_t276 + 0x18)) - 0x10;
				if (_t134 < 0) goto 0x1fd178b0;
				_t169 = _t291;
				asm("o16 nop [eax+eax]");
				r8d =  *_t169 & 0x000000ff;
				_t123 = _t169[ *_t276 - _t291] & 0x000000ff;
				r8d = r8d - _t123;
				if (_t134 != 0) goto 0x1fd178d5;
				if (_t123 != 0) goto 0x1fd178c0;
				_t136 = r8d;
				if (_t136 < 0) goto 0x1fd178ed;
				__imp__ReleaseSRWLockShared();
				goto 0x1fd17bd5;
				__imp__ReleaseSRWLockShared();
				 *(_t254 - 0x79) = _t288;
				__imp__AcquireSRWLockExclusive();
				_t267 =  *_t251 & 0xfffffffe;
				if (_t136 == 0) goto 0x1fd17959;
				_t15 = _t267 + 0x20; // 0x20
				_t171 = _t15;
				_t137 =  *((long long*)(_t171 + 0x18)) - 0x10;
				if (_t137 < 0) goto 0x1fd1791f;
				_t172 =  *_t171;
				asm("o16 nop [eax+eax]");
				_t119 = _t172[_t291 - _t172] & 0x000000ff;
				if (_t137 != 0) goto 0x1fd17943;
				if (_t119 != 0) goto 0x1fd17930;
				if (( *_t172 & 0x000000ff) - _t119 >= 0) goto 0x1fd1794d;
				_t268 =  *((intOrPtr*)(( *_t251 & 0xfffffffe) + 0x10));
				goto 0x1fd17954;
				_t194 = _t268;
				if ( *((intOrPtr*)(_t268 + 8)) != 0) goto 0x1fd17911;
				if (_t194 == _t251) goto 0x1fd179a2;
				if (_t291[0xffffffffffffffff] != 0) goto 0x1fd17970;
				if ( *((long long*)(_t194 + 0x38)) - 0x10 < 0) goto 0x1fd17989;
				if ( *((intOrPtr*)(_t194 + 0x30)) != 0xffffffff) goto 0x1fd179a2;
				0x1fd27101();
				if (_t102 == 0) goto 0x1fd17bc8;
				if (_t288[0xa] >= 0) goto 0x1fd17bfe;
				r15d = 0;
				 *((long long*)(_t254 - 0x39)) = _t294;
				 *((long long*)(_t254 - 0x31)) = 0xf;
				 *((intOrPtr*)(_t254 - 0x49)) = r15b;
				if (_t291[0xffffffffffffffff] != r15b) goto 0x1fd179c7;
				E00007FFC7FFC1FCF9100(_t194, _t254 - 0x49, _t291, 0xffffffff, _t291);
				asm("xorps xmm0, xmm0");
				asm("movdqa [ebp-0x29], xmm0");
				 *((long long*)(_t254 - 0x19)) = _t294;
				 *((intOrPtr*)(_t254 - 0x11)) = r12d;
				E00007FFC7FFC1FCFD4C0(0, _t194, _t254 - 9, _t254 - 0x49, _t251);
				if (_t288[6] - _t288[0xa] + 1 > 0) goto 0x1fd17a25;
				_t106 = E00007FFC7FFC1FD172E0(_t288[0xa] + 1, _t194,  &(_t288[2]), _t288[6], 0, _t251, _t254, _t294, _t290);
				_t237 = _t288[6];
				_t41 = _t237 - 1; // 0xe
				_t288[8] = _t288[8] & _t41;
				_t45 = _t237 - 1; // 0xe
				_t179 = _t45 & _t288[0xa] + _t288[8];
				_t292 = _t179 * 8;
				if ( *((long long*)(_t288[4] + _t292)) != 0) goto 0x1fd17a61;
				E00007FFC7FFC1FD156A8(_t106, _t179, _t288[4]);
				 *(_t292 + _t288[4]) = _t179;
				_t214 =  *((intOrPtr*)(_t288[4] + _t292));
				 *_t214 = _t294;
				 *((long long*)(_t214 + 8)) = _t294;
				 *((long long*)(_t214 + 0x10)) = _t294;
				 *((intOrPtr*)(_t214 + 0x18)) =  *((intOrPtr*)(_t254 - 0x11));
				E00007FFC7FFC1FCFD4C0(_t179, _t194, _t214 + 0x20, _t254 - 9, _t251);
				_t288[0xa] = _t288[0xa] + 1;
				E00007FFC7FFC1FCF8A60(_t254 - 9);
				_t239 =  *((intOrPtr*)(_t254 - 0x31));
				if (_t239 - 0x10 < 0) goto 0x1fd17ad0;
				if (_t239 + 1 - 0x1000 < 0) goto 0x1fd17aca;
				if ( *((intOrPtr*)(_t254 - 0x49)) -  *((intOrPtr*)( *((intOrPtr*)(_t254 - 0x49)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fd17aca;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t111 = E00007FFC7FFC1FD156E4();
				_t248 =  *((intOrPtr*)(_t288[4] + (_t288[6] - 0x00000001 & _t288[0xa] - 0x00000001 + _t288[8]) * 8));
				 *(_t254 - 0x61) = 0;
				 *((long long*)(_t254 - 0x59)) = _t294;
				 *((long long*)(_t254 - 0x69)) = _t194;
				 *(_t254 - 0x79) = _t251;
				 *(_t254 - 0x71) = _t251;
				 *((long long*)(_t259 + 0x30)) = _t294;
				 *((long long*)(_t259 + 0x28)) = _t254 - 0x61;
				 *((long long*)(_t259 + 0x20)) = _t254 - 0x71;
				_t112 = E00007FFC7FFC1FD16B00(_t111, _t194, _t254 - 0x49, _t254 - 0x79, _t248, _t251, _t254, _t254 - 0x69, _t248, _t287, _t284, _t245);
				if ( *((char*)(_t254 - 0x41)) == 0) goto 0x1fd17bc4;
				_t243 =  *((intOrPtr*)(_t254 - 0x59));
				r8d =  *(_t254 - 0x61) & 0x000000ff;
				if (r8b != 0) goto 0x1fd17b70;
				if ( *(_t243 + 0x10) != 0) goto 0x1fd17b70;
				_t224 =  *_t243 & 0xfffffffe;
				if (_t243 !=  *((intOrPtr*)(_t224 + 0x10))) goto 0x1fd17b70;
				if (_t224 ==  *((intOrPtr*)(( *_t224 & 0xfffffffe) + 0x10))) goto 0x1fd17b60;
				if (_t243 != _t251) goto 0x1fd17b82;
				 *_t251 =  *_t251 & 0x00000001;
				 *_t251 =  *_t251 | _t248;
				_t251[2] = _t248;
				goto 0x1fd17ba1;
				if (r8b == 0) goto 0x1fd17b97;
				 *(_t243 + 8) = _t248;
				if (_t243 != _t251[2]) goto 0x1fd17ba5;
				_t251[2] = _t248;
				goto 0x1fd17ba5;
				 *(_t243 + 0x10) = _t248;
				if (_t243 != _t251[4]) goto 0x1fd17ba5;
				_t251[4] = _t248;
				 *_t248 =  *_t248 & 0x00000001;
				 *_t248 =  *_t248 | _t243;
				 *((long long*)(_t248 + 0x10)) = _t294;
				 *((long long*)(_t248 + 8)) = _t294;
				E00007FFC7FFC1FD17CF0(_t112, 0x40, _t251, _t248);
				goto 0x1fd17bc8;
				__imp__ReleaseSRWLockExclusive();
				return E00007FFC7FFC1FD15E20( *((intOrPtr*)( *((intOrPtr*)(_t254 - 0x49)) + 0x18)), 0x40,  *(_t254 + 0x17) ^ _t259);
			}






















































                                                                                                                                                0x7ffc1fd177f0
                                                                                                                                                0x7ffc1fd177f0
                                                                                                                                                0x7ffc1fd177f0
                                                                                                                                                0x7ffc1fd177f6
                                                                                                                                                0x7ffc1fd177f9
                                                                                                                                                0x7ffc1fd17804
                                                                                                                                                0x7ffc1fd17808
                                                                                                                                                0x7ffc1fd17809
                                                                                                                                                0x7ffc1fd1780e
                                                                                                                                                0x7ffc1fd1780f
                                                                                                                                                0x7ffc1fd17810
                                                                                                                                                0x7ffc1fd17820
                                                                                                                                                0x7ffc1fd17825
                                                                                                                                                0x7ffc1fd1782c
                                                                                                                                                0x7ffc1fd17836
                                                                                                                                                0x7ffc1fd1783a
                                                                                                                                                0x7ffc1fd1783d
                                                                                                                                                0x7ffc1fd17840
                                                                                                                                                0x7ffc1fd17846
                                                                                                                                                0x7ffc1fd17850
                                                                                                                                                0x7ffc1fd17854
                                                                                                                                                0x7ffc1fd1785a
                                                                                                                                                0x7ffc1fd17860
                                                                                                                                                0x7ffc1fd17860
                                                                                                                                                0x7ffc1fd17864
                                                                                                                                                0x7ffc1fd17869
                                                                                                                                                0x7ffc1fd1786b
                                                                                                                                                0x7ffc1fd17877
                                                                                                                                                0x7ffc1fd1787e
                                                                                                                                                0x7ffc1fd17885
                                                                                                                                                0x7ffc1fd17889
                                                                                                                                                0x7ffc1fd1788b
                                                                                                                                                0x7ffc1fd1788f
                                                                                                                                                0x7ffc1fd17891
                                                                                                                                                0x7ffc1fd1789b
                                                                                                                                                0x7ffc1fd178a0
                                                                                                                                                0x7ffc1fd178a2
                                                                                                                                                0x7ffc1fd178a2
                                                                                                                                                0x7ffc1fd178a6
                                                                                                                                                0x7ffc1fd178ab
                                                                                                                                                0x7ffc1fd178b0
                                                                                                                                                0x7ffc1fd178b6
                                                                                                                                                0x7ffc1fd178c0
                                                                                                                                                0x7ffc1fd178c4
                                                                                                                                                0x7ffc1fd178c9
                                                                                                                                                0x7ffc1fd178cc
                                                                                                                                                0x7ffc1fd178d3
                                                                                                                                                0x7ffc1fd178d5
                                                                                                                                                0x7ffc1fd178d8
                                                                                                                                                0x7ffc1fd178e1
                                                                                                                                                0x7ffc1fd178e8
                                                                                                                                                0x7ffc1fd178f0
                                                                                                                                                0x7ffc1fd178f7
                                                                                                                                                0x7ffc1fd178fe
                                                                                                                                                0x7ffc1fd1790b
                                                                                                                                                0x7ffc1fd1790f
                                                                                                                                                0x7ffc1fd17911
                                                                                                                                                0x7ffc1fd17911
                                                                                                                                                0x7ffc1fd17915
                                                                                                                                                0x7ffc1fd1791a
                                                                                                                                                0x7ffc1fd1791c
                                                                                                                                                0x7ffc1fd17925
                                                                                                                                                0x7ffc1fd17933
                                                                                                                                                0x7ffc1fd1793a
                                                                                                                                                0x7ffc1fd17941
                                                                                                                                                0x7ffc1fd17945
                                                                                                                                                0x7ffc1fd17947
                                                                                                                                                0x7ffc1fd1794b
                                                                                                                                                0x7ffc1fd1794d
                                                                                                                                                0x7ffc1fd17957
                                                                                                                                                0x7ffc1fd17963
                                                                                                                                                0x7ffc1fd17978
                                                                                                                                                0x7ffc1fd17983
                                                                                                                                                0x7ffc1fd17990
                                                                                                                                                0x7ffc1fd17995
                                                                                                                                                0x7ffc1fd1799c
                                                                                                                                                0x7ffc1fd179ae
                                                                                                                                                0x7ffc1fd179b4
                                                                                                                                                0x7ffc1fd179b7
                                                                                                                                                0x7ffc1fd179bb
                                                                                                                                                0x7ffc1fd179c3
                                                                                                                                                0x7ffc1fd179ce
                                                                                                                                                0x7ffc1fd179da
                                                                                                                                                0x7ffc1fd179e0
                                                                                                                                                0x7ffc1fd179e3
                                                                                                                                                0x7ffc1fd179e8
                                                                                                                                                0x7ffc1fd179ec
                                                                                                                                                0x7ffc1fd179f8
                                                                                                                                                0x7ffc1fd17a0d
                                                                                                                                                0x7ffc1fd17a18
                                                                                                                                                0x7ffc1fd17a1d
                                                                                                                                                0x7ffc1fd17a25
                                                                                                                                                0x7ffc1fd17a29
                                                                                                                                                0x7ffc1fd17a31
                                                                                                                                                0x7ffc1fd17a35
                                                                                                                                                0x7ffc1fd17a38
                                                                                                                                                0x7ffc1fd17a49
                                                                                                                                                0x7ffc1fd17a50
                                                                                                                                                0x7ffc1fd17a59
                                                                                                                                                0x7ffc1fd17a61
                                                                                                                                                0x7ffc1fd17a65
                                                                                                                                                0x7ffc1fd17a68
                                                                                                                                                0x7ffc1fd17a6c
                                                                                                                                                0x7ffc1fd17a73
                                                                                                                                                0x7ffc1fd17a7e
                                                                                                                                                0x7ffc1fd17a83
                                                                                                                                                0x7ffc1fd17a8b
                                                                                                                                                0x7ffc1fd17a91
                                                                                                                                                0x7ffc1fd17a99
                                                                                                                                                0x7ffc1fd17aac
                                                                                                                                                0x7ffc1fd17ac1
                                                                                                                                                0x7ffc1fd17ac3
                                                                                                                                                0x7ffc1fd17ac9
                                                                                                                                                0x7ffc1fd17aca
                                                                                                                                                0x7ffc1fd17ae9
                                                                                                                                                0x7ffc1fd17aed
                                                                                                                                                0x7ffc1fd17af1
                                                                                                                                                0x7ffc1fd17af5
                                                                                                                                                0x7ffc1fd17af9
                                                                                                                                                0x7ffc1fd17afd
                                                                                                                                                0x7ffc1fd17b01
                                                                                                                                                0x7ffc1fd17b0a
                                                                                                                                                0x7ffc1fd17b13
                                                                                                                                                0x7ffc1fd17b27
                                                                                                                                                0x7ffc1fd17b30
                                                                                                                                                0x7ffc1fd17b36
                                                                                                                                                0x7ffc1fd17b3a
                                                                                                                                                0x7ffc1fd17b42
                                                                                                                                                0x7ffc1fd17b49
                                                                                                                                                0x7ffc1fd17b4e
                                                                                                                                                0x7ffc1fd17b56
                                                                                                                                                0x7ffc1fd17b6e
                                                                                                                                                0x7ffc1fd17b73
                                                                                                                                                0x7ffc1fd17b75
                                                                                                                                                0x7ffc1fd17b79
                                                                                                                                                0x7ffc1fd17b7c
                                                                                                                                                0x7ffc1fd17b80
                                                                                                                                                0x7ffc1fd17b85
                                                                                                                                                0x7ffc1fd17b87
                                                                                                                                                0x7ffc1fd17b8f
                                                                                                                                                0x7ffc1fd17b91
                                                                                                                                                0x7ffc1fd17b95
                                                                                                                                                0x7ffc1fd17b97
                                                                                                                                                0x7ffc1fd17b9f
                                                                                                                                                0x7ffc1fd17ba1
                                                                                                                                                0x7ffc1fd17ba5
                                                                                                                                                0x7ffc1fd17ba9
                                                                                                                                                0x7ffc1fd17bac
                                                                                                                                                0x7ffc1fd17bb0
                                                                                                                                                0x7ffc1fd17bba
                                                                                                                                                0x7ffc1fd17bc2
                                                                                                                                                0x7ffc1fd17bce
                                                                                                                                                0x7ffc1fd17bfd

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Lock$ReleaseShared$AcquireExclusive$Initialize_invalid_parameter_noinfo_noreturnmemcmp
                                                                                                                                                • String ID: Too many log attribute names$libs\log\src\attribute_name.cpp$pe$unsigned int __cdecl boost::log::v2s_mt_nt6::attribute_name::repository::get_id_from_string(const char *)
                                                                                                                                                • API String ID: 37642638-3676269262
                                                                                                                                                • Opcode ID: f2e996f03ceaece648ea7f80ab3622e4507e75226b30919e8351a5e2205849c6
                                                                                                                                                • Instruction ID: a866b7ea0e676123b8bf9513a9545f0f3e62bca019d55cc95ae648ddef05d51e
                                                                                                                                                • Opcode Fuzzy Hash: f2e996f03ceaece648ea7f80ab3622e4507e75226b30919e8351a5e2205849c6
                                                                                                                                                • Instruction Fuzzy Hash: 9ED1DF32B08F5E85EB28AF21D4406BD27A5FB46BA4F114636DA6E037E4DF38D165C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCFF6B0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 277COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 31%
                                                                                                                                                			E00007FFC7FFC1FCFF6B0(void* __edi, void* __esi, long long __rbx, signed int __rcx, long long __rdx, intOrPtr* __r8) {
				void* __rsi;
				void* __rbp;
				void* __r14;
				void* _t89;
				signed char _t110;
				void* _t115;
				signed long long _t146;
				intOrPtr _t149;
				long long _t163;
				intOrPtr _t183;
				intOrPtr _t217;
				intOrPtr _t220;
				void* _t229;
				void* _t233;
				int _t236;
				long long _t238;
				int _t240;
				void* _t241;
				void* _t243;
				signed long long _t244;
				intOrPtr _t249;
				void* _t251;
				void* _t257;
				void* _t258;
				char* _t259;
				int _t261;
				intOrPtr _t262;
				int _t265;
				void* _t267;
				intOrPtr _t268;
				long long _t269;

				 *((long long*)(_t243 + 8)) = __rbx;
				_t241 = _t243 - 0xb0;
				_t244 = _t243 - 0x1b0;
				_t146 =  *0x1fd3ec78; // 0x18cf064c5a8d
				 *(_t241 + 0xa0) = _t146 ^ _t244;
				_t179 = __r8;
				_t259 = __rdx;
				 *((long long*)(_t244 + 0x30)) = __rdx;
				r15d = 0;
				 *(_t244 + 0x20) = r15d;
				_t149 =  *((intOrPtr*)( *[gs:0x58] + __rcx * 8));
				_t115 =  *0x1fd41ac4 -  *((intOrPtr*)(__rdx + _t149)); // 0x0
				if (_t115 > 0) goto 0x1fcffabc;
				if ( *((long long*)(__r8 + 0x18)) - 0x10 < 0) goto 0x1fcff72b;
				if ( *((intOrPtr*)(__r8 + 0x10)) == 0) goto 0x1fcff763;
				_t89 = memchr(_t267, _t265, _t261);
				if (_t149 == 0) goto 0x1fcff763;
				_t150 = _t149 -  *__r8;
				if (_t149 -  *__r8 == 0xffffffff) goto 0x1fcff763;
				E00007FFC7FFC1FD03170(_t89, __r8, _t241 + 0x80, __r8, _t236, _t258);
				r14d = 1;
				goto 0x1fcff776;
				E00007FFC7FFC1FCFD4C0(_t149 -  *__r8, __r8, _t241 + 0x40, __r8, _t236);
				r14d = 2;
				 *(_t244 + 0x20) = r14d;
				E00007FFC7FFC1FCFD4C0(_t150, _t179, _t241 + 0x60, _t150, _t236);
				if ((r14b & 0x00000002) == 0) goto 0x1fcff7e0;
				r14d = r14d & 0xfffffffd;
				_t217 =  *((intOrPtr*)(_t241 + 0x58));
				if (_t217 - 0x10 < 0) goto 0x1fcff7d0;
				if (_t217 + 1 - 0x1000 < 0) goto 0x1fcff7cb;
				if ( *((intOrPtr*)(_t241 + 0x40)) -  *((intOrPtr*)( *((intOrPtr*)(_t241 + 0x40)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcff7cb;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				 *(_t241 + 0x50) = _t267;
				 *((long long*)(_t241 + 0x58)) = 0xf;
				 *((char*)(_t241 + 0x40)) = 0;
				if ((r14b & 0x00000001) == 0) goto 0x1fcff847;
				r14d = r14d & 0xfffffffe;
				_t220 =  *((intOrPtr*)(_t241 + 0x98));
				if (_t220 - 0x10 < 0) goto 0x1fcff82e;
				if (_t220 + 1 - 0x1000 < 0) goto 0x1fcff829;
				if ( *((intOrPtr*)(_t241 + 0x80)) -  *((intOrPtr*)( *((intOrPtr*)(_t241 + 0x80)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcff829;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				 *(_t241 + 0x90) = _t267;
				 *((long long*)(_t241 + 0x98)) = 0xf;
				 *((char*)(_t241 + 0x80)) = 0;
				 *((long long*)(_t244 + 0x40)) = 0x1fd2c490;
				 *((long long*)(_t244 + 0x50)) = 0x1fd2c498;
				__imp__??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ();
				r14d = r14d | 0x00000008;
				 *(_t244 + 0x20) = r14d;
				r8d = 0;
				__imp__??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z();
				 *((long long*)(_t244 +  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) + 0x40)) = 0x1fd2c488;
				 *((intOrPtr*)(_t244 +  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) + 0x3c)) =  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) - 0x98;
				__imp__??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ();
				 *((long long*)(_t244 + 0x58)) = 0x1fd2c408;
				 *(_t241 - 0x40) = _t267;
				 *(_t241 - 0x38) = r15d;
				_t262 =  *((intOrPtr*)(_t241 + 0x60));
				_t233 =  >=  ? _t262 : _t241 + 0x60;
				_t200 =  >=  ? _t262 : _t241 + 0x60;
				_t238 =  *((intOrPtr*)(_t241 + 0x70)) + ( >=  ? _t262 : _t241 + 0x60);
				 *((long long*)(_t244 + 0x28)) = _t238;
				if (_t233 == _t238) goto 0x1fcff980;
				_t268 =  *0x1fd3e010; // 0x9
				_t163 = _t238;
				if (sil - 0x20 < 0) goto 0x1fcff96a;
				_t182 =  >=  ?  *0x1fd3e000 : 0x1fd3e000;
				if (_t268 == 0) goto 0x1fcff950;
				memchr(_t229, _t236, _t240);
				if (_t163 == 0) goto 0x1fcff950;
				if (_t163 - 0x1fd3e000 != 0xffffffff) goto 0x1fcff965;
				E00007FFC7FFC1FCFC670(sil & 0xffffffff,  >=  ?  *0x1fd3e000 : 0x1fd3e000, _t244 + 0x50);
				_t269 =  *0x1fd3e010; // 0x9
				if (_t233 + 1 !=  *((intOrPtr*)(_t244 + 0x28))) goto 0x1fcff910;
				_t110 =  *(_t241 - 0x38);
				_t257 =  *(_t241 - 0x40);
				_t183 =  *((intOrPtr*)(_t241 + 0x78));
				r15d = 0;
				 *_t259 = _t269;
				 *((long long*)(_t259 + 0x10)) = _t269;
				 *((long long*)(_t259 + 0x18)) = 0xf;
				 *_t259 = 0;
				r14d = r14d | 0x00000020;
				 *(_t244 + 0x20) = r14d;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp+0x40], xmm0");
				if ((_t110 & 0x00000022) == 2) goto 0x1fcff9cf;
				_t249 =  *((intOrPtr*)( *((intOrPtr*)(_t241 - 0x68))));
				if (_t249 == 0) goto 0x1fcff9cf;
				_t250 =  <  ? _t257 : _t249;
				_t251 = ( <  ? _t257 : _t249) -  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x78))));
				goto 0x1fcff9ff;
				if ((_t110 & 0x00000004) != 0) goto 0x1fcff9f7;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t241 - 0x70)))) == 0) goto 0x1fcff9f7;
				goto 0x1fcff9ff;
				if ( *((intOrPtr*)(_t241 + 0x40)) == 0) goto 0x1fcffa0d;
				E00007FFC7FFC1FCF9100(_t183, _t259,  *((intOrPtr*)(_t241 + 0x40)),  *((intOrPtr*)(_t241 + 0x48)), _t265);
				 *((long long*)(_t244 +  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) + 0x40)) = 0x1fd2c488;
				 *((intOrPtr*)(_t244 +  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) + 0x3c)) =  *((intOrPtr*)( *((intOrPtr*)(_t244 + 0x40)) + 4)) - 0x98;
				E00007FFC7FFC1FCFD8F0();
				__imp__??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ();
				__imp__??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ();
				if (_t183 - 0x10 < 0) goto 0x1fcffa8f;
				if (_t183 + 1 - 0x1000 < 0) goto 0x1fcffa87;
				if (_t262 -  *((intOrPtr*)(_t262 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcffa87;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFC7FFC1FD15E20(E00007FFC7FFC1FD156E4(), _t103,  *(_t241 + 0xa0) ^ _t244);
			}


































                                                                                                                                                0x7ffc1fcff6b0
                                                                                                                                                0x7ffc1fcff6c0
                                                                                                                                                0x7ffc1fcff6c8
                                                                                                                                                0x7ffc1fcff6cf
                                                                                                                                                0x7ffc1fcff6d9
                                                                                                                                                0x7ffc1fcff6e0
                                                                                                                                                0x7ffc1fcff6e3
                                                                                                                                                0x7ffc1fcff6e6
                                                                                                                                                0x7ffc1fcff6eb
                                                                                                                                                0x7ffc1fcff6ee
                                                                                                                                                0x7ffc1fcff707
                                                                                                                                                0x7ffc1fcff70e
                                                                                                                                                0x7ffc1fcff714
                                                                                                                                                0x7ffc1fcff726
                                                                                                                                                0x7ffc1fcff72e
                                                                                                                                                0x7ffc1fcff738
                                                                                                                                                0x7ffc1fcff740
                                                                                                                                                0x7ffc1fcff742
                                                                                                                                                0x7ffc1fcff749
                                                                                                                                                0x7ffc1fcff755
                                                                                                                                                0x7ffc1fcff75b
                                                                                                                                                0x7ffc1fcff761
                                                                                                                                                0x7ffc1fcff76a
                                                                                                                                                0x7ffc1fcff770
                                                                                                                                                0x7ffc1fcff776
                                                                                                                                                0x7ffc1fcff782
                                                                                                                                                0x7ffc1fcff78c
                                                                                                                                                0x7ffc1fcff78e
                                                                                                                                                0x7ffc1fcff792
                                                                                                                                                0x7ffc1fcff79a
                                                                                                                                                0x7ffc1fcff7ad
                                                                                                                                                0x7ffc1fcff7c2
                                                                                                                                                0x7ffc1fcff7c4
                                                                                                                                                0x7ffc1fcff7ca
                                                                                                                                                0x7ffc1fcff7cb
                                                                                                                                                0x7ffc1fcff7d0
                                                                                                                                                0x7ffc1fcff7d4
                                                                                                                                                0x7ffc1fcff7dc
                                                                                                                                                0x7ffc1fcff7e4
                                                                                                                                                0x7ffc1fcff7e6
                                                                                                                                                0x7ffc1fcff7ea
                                                                                                                                                0x7ffc1fcff7f5
                                                                                                                                                0x7ffc1fcff80b
                                                                                                                                                0x7ffc1fcff820
                                                                                                                                                0x7ffc1fcff822
                                                                                                                                                0x7ffc1fcff828
                                                                                                                                                0x7ffc1fcff829
                                                                                                                                                0x7ffc1fcff82e
                                                                                                                                                0x7ffc1fcff835
                                                                                                                                                0x7ffc1fcff840
                                                                                                                                                0x7ffc1fcff84e
                                                                                                                                                0x7ffc1fcff85a
                                                                                                                                                0x7ffc1fcff863
                                                                                                                                                0x7ffc1fcff86a
                                                                                                                                                0x7ffc1fcff86e
                                                                                                                                                0x7ffc1fcff873
                                                                                                                                                0x7ffc1fcff880
                                                                                                                                                0x7ffc1fcff897
                                                                                                                                                0x7ffc1fcff8ab
                                                                                                                                                0x7ffc1fcff8b4
                                                                                                                                                0x7ffc1fcff8c1
                                                                                                                                                0x7ffc1fcff8c9
                                                                                                                                                0x7ffc1fcff8d0
                                                                                                                                                0x7ffc1fcff8d7
                                                                                                                                                0x7ffc1fcff8e3
                                                                                                                                                0x7ffc1fcff8eb
                                                                                                                                                0x7ffc1fcff8f3
                                                                                                                                                0x7ffc1fcff8f6
                                                                                                                                                0x7ffc1fcff8fe
                                                                                                                                                0x7ffc1fcff904
                                                                                                                                                0x7ffc1fcff90b
                                                                                                                                                0x7ffc1fcff917
                                                                                                                                                0x7ffc1fcff928
                                                                                                                                                0x7ffc1fcff933
                                                                                                                                                0x7ffc1fcff93d
                                                                                                                                                0x7ffc1fcff945
                                                                                                                                                0x7ffc1fcff94e
                                                                                                                                                0x7ffc1fcff959
                                                                                                                                                0x7ffc1fcff95e
                                                                                                                                                0x7ffc1fcff970
                                                                                                                                                0x7ffc1fcff972
                                                                                                                                                0x7ffc1fcff975
                                                                                                                                                0x7ffc1fcff979
                                                                                                                                                0x7ffc1fcff97d
                                                                                                                                                0x7ffc1fcff980
                                                                                                                                                0x7ffc1fcff984
                                                                                                                                                0x7ffc1fcff989
                                                                                                                                                0x7ffc1fcff992
                                                                                                                                                0x7ffc1fcff997
                                                                                                                                                0x7ffc1fcff99b
                                                                                                                                                0x7ffc1fcff9a0
                                                                                                                                                0x7ffc1fcff9a3
                                                                                                                                                0x7ffc1fcff9ad
                                                                                                                                                0x7ffc1fcff9b3
                                                                                                                                                0x7ffc1fcff9b9
                                                                                                                                                0x7ffc1fcff9c6
                                                                                                                                                0x7ffc1fcff9ca
                                                                                                                                                0x7ffc1fcff9cd
                                                                                                                                                0x7ffc1fcff9d2
                                                                                                                                                0x7ffc1fcff9de
                                                                                                                                                0x7ffc1fcff9f5
                                                                                                                                                0x7ffc1fcffa02
                                                                                                                                                0x7ffc1fcffa07
                                                                                                                                                0x7ffc1fcffa1d
                                                                                                                                                0x7ffc1fcffa31
                                                                                                                                                0x7ffc1fcffa3a
                                                                                                                                                0x7ffc1fcffa44
                                                                                                                                                0x7ffc1fcffa4e
                                                                                                                                                0x7ffc1fcffa59
                                                                                                                                                0x7ffc1fcffa69
                                                                                                                                                0x7ffc1fcffa7e
                                                                                                                                                0x7ffc1fcffa80
                                                                                                                                                0x7ffc1fcffa86
                                                                                                                                                0x7ffc1fcffabb

                                                                                                                                                APIs
                                                                                                                                                • memchr.VCRUNTIME140 ref: 00007FFC1FCFF738
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFF7C4
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFF822
                                                                                                                                                • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FFC1FCFF863
                                                                                                                                                • ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140 ref: 00007FFC1FCFF880
                                                                                                                                                • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FFC1FCFF8B4
                                                                                                                                                • memchr.VCRUNTIME140 ref: 00007FFC1FCFF93D
                                                                                                                                                • ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FFC1FCFFA44
                                                                                                                                                • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FFC1FCFFA4E
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFFA80
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: U?$char_traits@$D@std@@@std@@$_invalid_parameter_noinfo_noreturn$memchr$??0?$basic_ios@??0?$basic_iostream@??0?$basic_streambuf@??1?$basic_ios@??1?$basic_iostream@D@std@@@1@@V?$basic_streambuf@
                                                                                                                                                • String ID: monitor_closeport {:#x}
                                                                                                                                                • API String ID: 4289661960-2839211239
                                                                                                                                                • Opcode ID: c82c8cd502e6721fab7b8271672f7f60528b4d1c490a7fec126fe6135d168e8b
                                                                                                                                                • Instruction ID: 5cadbd1d006e203585780b86a1adb11a050d50dca1ed4fe37ed9ab6547cc5a76
                                                                                                                                                • Opcode Fuzzy Hash: c82c8cd502e6721fab7b8271672f7f60528b4d1c490a7fec126fe6135d168e8b
                                                                                                                                                • Instruction Fuzzy Hash: BDC1C062A08F9A85FB249F24E8503B96761FB457B4F144232DA5C07BE8CF3CE495D7A0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF3FD0 Relevance: 18.4, APIs: 5, Strings: 7, Instructions: 418COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 21%
                                                                                                                                                			E00007FFC7FFC1FCF3FD0() {
				void* _t109;
				signed int _t119;
				void* _t120;
				signed int _t123;
				void* _t127;
				signed int _t129;
				signed int _t138;
				void* _t172;
				signed long long _t186;
				signed long long _t187;
				long long _t188;
				intOrPtr* _t189;
				long long _t190;
				long long _t192;
				intOrPtr* _t195;
				intOrPtr* _t196;
				long long _t200;
				intOrPtr* _t203;
				long long _t204;
				long long _t206;
				signed long long _t208;
				signed long long _t209;
				long long* _t211;
				signed long long _t212;
				signed char* _t216;
				signed char* _t217;
				void* _t218;
				long long* _t219;
				intOrPtr* _t221;
				void* _t235;
				intOrPtr _t239;
				void* _t252;
				long long _t254;
				long long _t275;
				char* _t277;
				void* _t280;
				signed char* _t281;
				signed char* _t282;
				signed char* _t283;
				int _t285;
				long long* _t286;
				void* _t287;
				void* _t289;
				signed long long _t290;
				void* _t300;
				void* _t303;
				long long _t304;
				long long _t306;
				long long _t307;
				intOrPtr _t309;
				long long _t310;
				signed long long _t312;
				int _t313;
				char* _t314;
				long long _t316;
				void* _t317;
				long long _t319;
				void* _t321;
				intOrPtr _t323;

				_t303 = _t289;
				_t290 = _t289 - 0x118;
				_t186 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_t187 = _t186 ^ _t290;
				 *(_t303 - 0x30) = _t187;
				_t314 =  *_t221;
				_t286 = _t254;
				_t319 =  *((intOrPtr*)(_t221 + 8)) + _t314;
				 *((long long*)(_t290 + 0x58)) = _t254;
				 *((long long*)(_t290 + 0x50)) = _t319;
				if (_t314 == _t319) goto 0x1fcf4608;
				 *((long long*)(_t303 + 0x18)) = _t206;
				 *((long long*)(_t303 - 0x28)) = _t275;
				 *((long long*)(_t303 - 0x30)) = _t304;
				 *((long long*)(_t303 - 0x38)) = _t310;
				if ( *_t314 == 0x7b) goto 0x1fcf405c;
				memchr(_t317, _t313, _t285);
				_t312 = _t187;
				if (_t187 == 0) goto 0x1fcf45be;
				if (_t314 == _t312) goto 0x1fcf4160;
				memchr(_t287, ??);
				if (_t187 == 0) goto 0x1fcf4106;
				_t277 = _t187 + 1;
				if (_t277 == _t312) goto 0x1fcf418b;
				if ( *_t277 != 0x7d) goto 0x1fcf418b;
				_t208 =  *(_t286 + 0x18);
				_t321 = _t277 - _t314;
				_t188 =  *((intOrPtr*)(_t208 + 0x10));
				 *((long long*)(_t290 + 0x20)) = _t188;
				_t306 = _t188 + _t321;
				if (_t306 -  *((intOrPtr*)(_t208 + 0x18)) <= 0) goto 0x1fcf40c1;
				_t189 =  *_t208;
				 *_t189();
				 *((long long*)(_t208 + 0x10)) = _t306;
				if (_t321 == 0) goto 0x1fcf40de;
				memmove(??, ??, ??);
				_t20 = _t277 + 1; // 0x2
				 *(_t286 + 0x18) = _t208;
				memchr(??, ??, ??);
				if (_t189 != 0) goto 0x1fcf4084;
				_t209 =  *(_t286 + 0x18);
				_t280 = _t312 - _t20;
				_t190 =  *((intOrPtr*)(_t209 + 0x10));
				 *((long long*)(_t290 + 0x20)) = _t190;
				_t307 = _t190 + _t280;
				if (_t307 -  *((intOrPtr*)(_t209 + 0x18)) <= 0) goto 0x1fcf412e;
				 *((intOrPtr*)( *_t209))();
				 *((long long*)(_t209 + 0x10)) = _t307;
				if (_t280 == 0) goto 0x1fcf414b;
				memmove(??, ??, ??);
				 *(_t286 + 0x18) = _t209;
				_t33 = _t312 + 1; // 0x1
				_t281 = _t33;
				if (_t281 ==  *((intOrPtr*)(_t290 + 0x50))) goto 0x1fcf45d9;
				_t138 =  *_t281 & 0x000000ff;
				if (_t138 != 0x7d) goto 0x1fcf422a;
				r8d =  *((intOrPtr*)(_t286 + 0x10));
				if (r8d < 0) goto 0x1fcf41a1;
				 *((intOrPtr*)(_t286 + 0x10)) = _t280 + 1;
				goto 0x1fcf41b3;
				E00007FFC7FFC1FD150C0(0x43ffffff, "unmatched \'}\' in format string");
				_t323 =  *((intOrPtr*)(_t290 + 0x50));
				goto 0x1fcf414f;
				_t109 = E00007FFC7FFC1FD150C0(0x43ffffff, "cannot switch from manual to automatic argument indexing");
				r8d = 0;
				_t211 = _t286 + 0x18;
				E00007FFC7FFC1FCF2960(_t109, _t290 + 0x28, _t211, _t280);
				asm("movups xmm0, [eax]");
				asm("inc ecx");
				asm("movsd xmm1, [eax+0x10]");
				asm("repne inc ecx");
				_t192 =  *_t286;
				_t235 = _t281 - _t192;
				 *((long long*)(_t290 + 0x38)) = 0;
				 *((long long*)(_t290 + 0x40)) = _t211;
				 *_t286 = _t192 + _t235;
				 *((intOrPtr*)(_t286 + 8)) =  *((intOrPtr*)(_t286 + 8)) - _t235;
				 *((long long*)(_t290 + 0x28)) =  *_t211;
				_t195 =  *((intOrPtr*)(_t211 + 0x28));
				 *((long long*)(_t290 + 0x30)) = _t195;
				 *((long long*)(_t290 + 0x48)) = _t286;
				E00007FFC7FFC1FCF4AF0();
				 *_t211 =  *_t195;
				goto 0x1fcf45b0;
				if (_t138 != 0x7b) goto 0x1fcf4265;
				_t212 =  *(_t286 + 0x18);
				_t309 =  *((intOrPtr*)(_t212 + 0x10));
				_t316 = _t309 + 1;
				if (_t316 -  *((intOrPtr*)(_t212 + 0x18)) <= 0) goto 0x1fcf424d;
				_t196 =  *_t212;
				 *_t196();
				_t239 =  *((intOrPtr*)(_t212 + 8));
				 *((long long*)(_t212 + 0x10)) = _t316;
				 *((char*)(_t309 + _t239)) =  *_t281 & 0x000000ff;
				 *(_t286 + 0x18) = _t212;
				goto 0x1fcf45b0;
				if (_t138 == 0x3a) goto 0x1fcf43e0;
				if (_t239 - 0x30 - 9 > 0) goto 0x1fcf4342;
				if (_t138 == 0x30) goto 0x1fcf42d4;
				if (0 - 0xccccccc > 0) goto 0x1fcf42be;
				_t282 =  &(_t281[1]);
				if (_t282 == _t323) goto 0x1fcf42a5;
				if (( *_t282 & 0x000000ff) - 0x30 - 9 <= 0) goto 0x1fcf4280;
				if (_t196 + _t212 * 2 - 0x7fffffff <= 0) goto 0x1fcf42d7;
				E00007FFC7FFC1FD150C0(_t212, "number is too big");
				goto 0x1fcf42d7;
				E00007FFC7FFC1FD150C0(_t212, "number is too big");
				goto 0x1fcf42d7;
				_t283 =  &(_t282[1]);
				if (_t283 == _t323) goto 0x1fcf432e;
				_t119 =  *_t283 & 0x000000ff;
				if (_t119 == 0x7d) goto 0x1fcf42e7;
				if (_t119 != 0x3a) goto 0x1fcf432e;
				if ( *((intOrPtr*)(_t286 + 0x10)) <= 0) goto 0x1fcf42fe;
				_t120 = E00007FFC7FFC1FD150C0(_t212, "cannot switch from automatic to manual argument indexing");
				goto 0x1fcf4305;
				 *((intOrPtr*)(_t286 + 0x10)) = 0xffffffff;
				r8d = 0x80000000;
				E00007FFC7FFC1FCF2960(_t120, _t303 - 0xffffffffffffffe8, _t286 + 0x18, _t286 + 0x48);
				asm("movups xmm0, [eax]");
				asm("movups [esi+0x48], xmm0");
				asm("movsd xmm1, [eax+0x10]");
				asm("movsd [esi+0x58], xmm1");
				goto 0x1fcf43bb;
				E00007FFC7FFC1FD150C0(_t283, "invalid format string");
				goto 0x1fcf43bb;
				_t172 = _t138 - 0x41 - 0x39;
				if (_t172 > 0) goto 0x1fcf43cf;
				asm("dec eax");
				if (_t172 >= 0) goto 0x1fcf43cf;
				_t216 =  &(_t283[1]);
				if (_t216 == _t323) goto 0x1fcf4387;
				_t123 =  *_t216 & 0x000000ff;
				if (_t123 - 0x61 < 0) goto 0x1fcf4373;
				if (_t123 - 0x7a <= 0) goto 0x1fcf4360;
				if (_t123 - 0x41 < 0) goto 0x1fcf437b;
				if (_t123 - 0x5a <= 0) goto 0x1fcf4360;
				if (_t123 == 0x5f) goto 0x1fcf4360;
				if (_t123 - 0x30 < 0) goto 0x1fcf4387;
				if (_t123 - 0x39 <= 0) goto 0x1fcf4360;
				 *(_t290 + 0x60) = _t283;
				_t300 = _t290 + 0x60;
				 *((long long*)(_t290 + 0x68)) = _t216 - _t283;
				E00007FFC7FFC1FCF8EE0(_t216, _t286 + 0x18, _t290 + 0x28, _t303 - 0x38, _t300);
				asm("movups xmm0, [eax]");
				asm("movups [esi+0x48], xmm0");
				asm("movsd xmm1, [eax+0x10]");
				asm("movsd [esi+0x58], xmm1");
				if (_t216 != _t323) goto 0x1fcf4425;
				goto 0x1fcf45e0;
				E00007FFC7FFC1FD150C0(_t216, "invalid format string");
				goto 0x1fcf4422;
				r8d =  *((intOrPtr*)(_t286 + 0x10));
				if (r8d < 0) goto 0x1fcf43f2;
				 *((intOrPtr*)(_t286 + 0x10)) = _t300 + 1;
				goto 0x1fcf4404;
				_t127 = E00007FFC7FFC1FD150C0(_t216, "cannot switch from manual to automatic argument indexing");
				r8d = 0;
				E00007FFC7FFC1FCF2960(_t127, _t303, _t286 + 0x18, _t300);
				asm("movups xmm0, [eax]");
				asm("movups [esi+0x48], xmm0");
				asm("movsd xmm1, [eax+0x10]");
				asm("movsd [esi+0x58], xmm1");
				_t217 = _t216;
				_t129 =  *_t217 & 0x000000ff;
				if (_t129 != 0x7d) goto 0x1fcf4482;
				_t200 =  *_t286;
				_t218 = _t217 - _t200;
				 *((long long*)(_t290 + 0x38)) = 0;
				 *((long long*)(_t290 + 0x48)) = _t286;
				 *_t286 = _t200 + _t218;
				 *((intOrPtr*)(_t286 + 8)) =  *((intOrPtr*)(_t286 + 8)) - _t218;
				_t219 = _t286 + 0x18;
				 *((long long*)(_t290 + 0x28)) =  *(_t286 + 0x18);
				_t203 =  *((intOrPtr*)(_t219 + 0x28));
				 *((long long*)(_t290 + 0x30)) = _t203;
				 *((long long*)(_t290 + 0x40)) = _t219;
				E00007FFC7FFC1FCF4AF0();
				 *_t219 =  *_t203;
				goto 0x1fcf45b0;
				if (_t129 != 0x3a) goto 0x1fcf43c3;
				_t204 =  *_t286;
				_t252 = _t219 + 1 - _t204;
				 *_t286 = _t204 + _t252;
				 *((intOrPtr*)(_t286 + 8)) =  *((intOrPtr*)(_t286 + 8)) - _t252;
				if ( *((intOrPtr*)(_t286 + 0x58)) + 0xfffffffe - 0xe > 0) goto 0x1fcf44e2;
				goto __rcx;
			}






























































                                                                                                                                                0x7ffc1fcf3fd0
                                                                                                                                                0x7ffc1fcf3fdd
                                                                                                                                                0x7ffc1fcf3fe4
                                                                                                                                                0x7ffc1fcf3feb
                                                                                                                                                0x7ffc1fcf3fee
                                                                                                                                                0x7ffc1fcf3ff2
                                                                                                                                                0x7ffc1fcf3ff5
                                                                                                                                                0x7ffc1fcf3ffc
                                                                                                                                                0x7ffc1fcf3fff
                                                                                                                                                0x7ffc1fcf4004
                                                                                                                                                0x7ffc1fcf400c
                                                                                                                                                0x7ffc1fcf4012
                                                                                                                                                0x7ffc1fcf4016
                                                                                                                                                0x7ffc1fcf401a
                                                                                                                                                0x7ffc1fcf401e
                                                                                                                                                0x7ffc1fcf403a
                                                                                                                                                0x7ffc1fcf404b
                                                                                                                                                0x7ffc1fcf4050
                                                                                                                                                0x7ffc1fcf4056
                                                                                                                                                0x7ffc1fcf405f
                                                                                                                                                0x7ffc1fcf4073
                                                                                                                                                0x7ffc1fcf407e
                                                                                                                                                0x7ffc1fcf4084
                                                                                                                                                0x7ffc1fcf408a
                                                                                                                                                0x7ffc1fcf4093
                                                                                                                                                0x7ffc1fcf4099
                                                                                                                                                0x7ffc1fcf40a0
                                                                                                                                                0x7ffc1fcf40a3
                                                                                                                                                0x7ffc1fcf40a7
                                                                                                                                                0x7ffc1fcf40ac
                                                                                                                                                0x7ffc1fcf40b4
                                                                                                                                                0x7ffc1fcf40b6
                                                                                                                                                0x7ffc1fcf40bf
                                                                                                                                                0x7ffc1fcf40ca
                                                                                                                                                0x7ffc1fcf40d1
                                                                                                                                                0x7ffc1fcf40d9
                                                                                                                                                0x7ffc1fcf40de
                                                                                                                                                0x7ffc1fcf40e2
                                                                                                                                                0x7ffc1fcf40f4
                                                                                                                                                0x7ffc1fcf40ff
                                                                                                                                                0x7ffc1fcf4106
                                                                                                                                                0x7ffc1fcf410d
                                                                                                                                                0x7ffc1fcf4110
                                                                                                                                                0x7ffc1fcf4114
                                                                                                                                                0x7ffc1fcf4119
                                                                                                                                                0x7ffc1fcf4121
                                                                                                                                                0x7ffc1fcf412c
                                                                                                                                                0x7ffc1fcf4137
                                                                                                                                                0x7ffc1fcf413e
                                                                                                                                                0x7ffc1fcf4146
                                                                                                                                                0x7ffc1fcf414b
                                                                                                                                                0x7ffc1fcf4160
                                                                                                                                                0x7ffc1fcf4160
                                                                                                                                                0x7ffc1fcf4167
                                                                                                                                                0x7ffc1fcf416d
                                                                                                                                                0x7ffc1fcf4173
                                                                                                                                                0x7ffc1fcf4179
                                                                                                                                                0x7ffc1fcf4180
                                                                                                                                                0x7ffc1fcf4186
                                                                                                                                                0x7ffc1fcf4189
                                                                                                                                                0x7ffc1fcf4195
                                                                                                                                                0x7ffc1fcf419a
                                                                                                                                                0x7ffc1fcf419f
                                                                                                                                                0x7ffc1fcf41ab
                                                                                                                                                0x7ffc1fcf41b0
                                                                                                                                                0x7ffc1fcf41b3
                                                                                                                                                0x7ffc1fcf41bf
                                                                                                                                                0x7ffc1fcf41d0
                                                                                                                                                0x7ffc1fcf41d3
                                                                                                                                                0x7ffc1fcf41d7
                                                                                                                                                0x7ffc1fcf41dc
                                                                                                                                                0x7ffc1fcf41e2
                                                                                                                                                0x7ffc1fcf41e5
                                                                                                                                                0x7ffc1fcf41e8
                                                                                                                                                0x7ffc1fcf41f4
                                                                                                                                                0x7ffc1fcf41f9
                                                                                                                                                0x7ffc1fcf41fc
                                                                                                                                                0x7ffc1fcf4207
                                                                                                                                                0x7ffc1fcf420c
                                                                                                                                                0x7ffc1fcf4210
                                                                                                                                                0x7ffc1fcf4215
                                                                                                                                                0x7ffc1fcf421a
                                                                                                                                                0x7ffc1fcf4222
                                                                                                                                                0x7ffc1fcf4225
                                                                                                                                                0x7ffc1fcf422d
                                                                                                                                                0x7ffc1fcf422f
                                                                                                                                                0x7ffc1fcf4233
                                                                                                                                                0x7ffc1fcf4237
                                                                                                                                                0x7ffc1fcf4240
                                                                                                                                                0x7ffc1fcf4242
                                                                                                                                                0x7ffc1fcf424b
                                                                                                                                                0x7ffc1fcf424d
                                                                                                                                                0x7ffc1fcf4251
                                                                                                                                                0x7ffc1fcf4258
                                                                                                                                                0x7ffc1fcf425c
                                                                                                                                                0x7ffc1fcf4260
                                                                                                                                                0x7ffc1fcf4268
                                                                                                                                                0x7ffc1fcf4273
                                                                                                                                                0x7ffc1fcf427e
                                                                                                                                                0x7ffc1fcf4286
                                                                                                                                                0x7ffc1fcf428e
                                                                                                                                                0x7ffc1fcf429a
                                                                                                                                                0x7ffc1fcf42a3
                                                                                                                                                0x7ffc1fcf42ab
                                                                                                                                                0x7ffc1fcf42b7
                                                                                                                                                0x7ffc1fcf42bc
                                                                                                                                                0x7ffc1fcf42cd
                                                                                                                                                0x7ffc1fcf42d2
                                                                                                                                                0x7ffc1fcf42d4
                                                                                                                                                0x7ffc1fcf42da
                                                                                                                                                0x7ffc1fcf42dc
                                                                                                                                                0x7ffc1fcf42e1
                                                                                                                                                0x7ffc1fcf42e5
                                                                                                                                                0x7ffc1fcf42eb
                                                                                                                                                0x7ffc1fcf42f7
                                                                                                                                                0x7ffc1fcf42fc
                                                                                                                                                0x7ffc1fcf42fe
                                                                                                                                                0x7ffc1fcf4309
                                                                                                                                                0x7ffc1fcf4310
                                                                                                                                                0x7ffc1fcf4318
                                                                                                                                                0x7ffc1fcf431b
                                                                                                                                                0x7ffc1fcf431f
                                                                                                                                                0x7ffc1fcf4324
                                                                                                                                                0x7ffc1fcf4329
                                                                                                                                                0x7ffc1fcf4338
                                                                                                                                                0x7ffc1fcf4340
                                                                                                                                                0x7ffc1fcf4345
                                                                                                                                                0x7ffc1fcf4348
                                                                                                                                                0x7ffc1fcf4352
                                                                                                                                                0x7ffc1fcf4356
                                                                                                                                                0x7ffc1fcf4360
                                                                                                                                                0x7ffc1fcf4366
                                                                                                                                                0x7ffc1fcf4368
                                                                                                                                                0x7ffc1fcf436d
                                                                                                                                                0x7ffc1fcf4371
                                                                                                                                                0x7ffc1fcf4375
                                                                                                                                                0x7ffc1fcf4379
                                                                                                                                                0x7ffc1fcf437d
                                                                                                                                                0x7ffc1fcf4381
                                                                                                                                                0x7ffc1fcf4385
                                                                                                                                                0x7ffc1fcf438a
                                                                                                                                                0x7ffc1fcf4396
                                                                                                                                                0x7ffc1fcf439b
                                                                                                                                                0x7ffc1fcf43a5
                                                                                                                                                0x7ffc1fcf43aa
                                                                                                                                                0x7ffc1fcf43ad
                                                                                                                                                0x7ffc1fcf43b1
                                                                                                                                                0x7ffc1fcf43b6
                                                                                                                                                0x7ffc1fcf43c1
                                                                                                                                                0x7ffc1fcf43ca
                                                                                                                                                0x7ffc1fcf43d9
                                                                                                                                                0x7ffc1fcf43de
                                                                                                                                                0x7ffc1fcf43e0
                                                                                                                                                0x7ffc1fcf43e7
                                                                                                                                                0x7ffc1fcf43ed
                                                                                                                                                0x7ffc1fcf43f0
                                                                                                                                                0x7ffc1fcf43fc
                                                                                                                                                0x7ffc1fcf4401
                                                                                                                                                0x7ffc1fcf440c
                                                                                                                                                0x7ffc1fcf4411
                                                                                                                                                0x7ffc1fcf4414
                                                                                                                                                0x7ffc1fcf4418
                                                                                                                                                0x7ffc1fcf441d
                                                                                                                                                0x7ffc1fcf4422
                                                                                                                                                0x7ffc1fcf4425
                                                                                                                                                0x7ffc1fcf442a
                                                                                                                                                0x7ffc1fcf442c
                                                                                                                                                0x7ffc1fcf4433
                                                                                                                                                0x7ffc1fcf4436
                                                                                                                                                0x7ffc1fcf4442
                                                                                                                                                0x7ffc1fcf4447
                                                                                                                                                0x7ffc1fcf444f
                                                                                                                                                0x7ffc1fcf445b
                                                                                                                                                0x7ffc1fcf445f
                                                                                                                                                0x7ffc1fcf4464
                                                                                                                                                0x7ffc1fcf4468
                                                                                                                                                0x7ffc1fcf446d
                                                                                                                                                0x7ffc1fcf4472
                                                                                                                                                0x7ffc1fcf447a
                                                                                                                                                0x7ffc1fcf447d
                                                                                                                                                0x7ffc1fcf4484
                                                                                                                                                0x7ffc1fcf448a
                                                                                                                                                0x7ffc1fcf4498
                                                                                                                                                0x7ffc1fcf449e
                                                                                                                                                0x7ffc1fcf44a1
                                                                                                                                                0x7ffc1fcf44ae
                                                                                                                                                0x7ffc1fcf44bd

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memchr$memmove$ExceptionThrow
                                                                                                                                                • String ID: cannot switch from automatic to manual argument indexing$cannot switch from manual to automatic argument indexing$invalid format string$missing '}' in format string$number is too big$unknown format specifier$unmatched '}' in format string
                                                                                                                                                • API String ID: 2627924257-2192562433
                                                                                                                                                • Opcode ID: b96c33d5ff3ea411e7be1b182a251db825c6e0ec77769b07ecf12c77f270e386
                                                                                                                                                • Instruction ID: e47c2d0501ddf334f43be8d6cf75458a7bbc403b034b01594e43d2451ef4e4b0
                                                                                                                                                • Opcode Fuzzy Hash: b96c33d5ff3ea411e7be1b182a251db825c6e0ec77769b07ecf12c77f270e386
                                                                                                                                                • Instruction Fuzzy Hash: A8128A32A08F6A86EB20DF25F0502ADB7A1EB45BA4F844172DB8D43B95DF3CE165D350
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD172E0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 130COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,Severity,?,00007FFC1FD17A1D), ref: 00007FFC1FD17395
                                                                                                                                                • memmove.VCRUNTIME140(00000000,Severity,?,00007FFC1FD17A1D), ref: 00007FFC1FD173D3
                                                                                                                                                • memmove.VCRUNTIME140(00000000,Severity,?,00007FFC1FD17A1D), ref: 00007FFC1FD173EA
                                                                                                                                                • memset.VCRUNTIME140(00000000,Severity,?,00007FFC1FD17A1D), ref: 00007FFC1FD173FF
                                                                                                                                                • memmove.VCRUNTIME140(00000000,Severity,?,00007FFC1FD17A1D), ref: 00007FFC1FD17417
                                                                                                                                                • memmove.VCRUNTIME140(00000000,Severity,?,00007FFC1FD17A1D), ref: 00007FFC1FD17431
                                                                                                                                                • memset.VCRUNTIME140(00000000,Severity,?,00007FFC1FD17A1D), ref: 00007FFC1FD1743F
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,Severity,?,00007FFC1FD17A1D), ref: 00007FFC1FD174A7
                                                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFC1FD174AE
                                                                                                                                                  • Part of subcall function 00007FFC1FD156A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFC1FCF8F4E), ref: 00007FFC1FD156C2
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memmove$_invalid_parameter_noinfo_noreturnmemset$Concurrency::cancel_current_taskmalloc
                                                                                                                                                • String ID: Severity
                                                                                                                                                • API String ID: 851562609-253145917
                                                                                                                                                • Opcode ID: 7b03311ce28347fc951801e34c8f2264ffcee07e6eb34c493ea4c24e23c17c92
                                                                                                                                                • Instruction ID: c22093a50c1e088bfe12e22c58da2ec7f23fbcd3cfcac58ec8f0372ed4bc5e08
                                                                                                                                                • Opcode Fuzzy Hash: 7b03311ce28347fc951801e34c8f2264ffcee07e6eb34c493ea4c24e23c17c92
                                                                                                                                                • Instruction Fuzzy Hash: 1641DF22A09EAE91EB18EF61D4402B82711EB46BF4F554A31DE2D07BE5CF3CD161C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF4660 Relevance: 16.8, APIs: 10, Strings: 1, Instructions: 254COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 00007FFC1FCF4709
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memmove$memset
                                                                                                                                                • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
                                                                                                                                                • API String ID: 3790616698-2272463933
                                                                                                                                                • Opcode ID: 0796b21e98d85cc1bbbf4d138e3ca6c1e9572e6ebb6caef51cc878d98f77fec9
                                                                                                                                                • Instruction ID: 28bbc6511bfdb07c173b908474f10e26eb67fe27258f9f7aa654d0f6df0bc07c
                                                                                                                                                • Opcode Fuzzy Hash: 0796b21e98d85cc1bbbf4d138e3ca6c1e9572e6ebb6caef51cc878d98f77fec9
                                                                                                                                                • Instruction Fuzzy Hash: 71A12A62708ADA46FB358F1AE65037DFB95DB15BD0F084076CB8E87B92CA2DE521C350
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD06680 Relevance: 16.7, APIs: 11, Instructions: 204COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 23%
                                                                                                                                                			E00007FFC7FFC1FD06680(void* __rcx, signed int __rdx, void* __r10) {
				signed int _t46;
				void* _t58;
				intOrPtr _t71;
				intOrPtr _t72;
				intOrPtr _t73;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr _t76;
				intOrPtr _t77;

				r9b = 0x20;
				_t71 =  *((intOrPtr*)(__rcx + 8));
				r8d = 2;
				goto 0x1fd1e730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				r9b = 0x30;
				_t72 =  *((intOrPtr*)(_t71 + 8));
				r8d = 2;
				goto 0x1fd1e730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				r9b = 0x20;
				_t73 =  *((intOrPtr*)(_t72 + 8));
				r8d = 2;
				r10d =  *((intOrPtr*)( *((intOrPtr*)(_t72 + 0x10)) + 0xc));
				r10d = r10d - (__rdx + __rdx * 2 << 2);
				goto 0x1fd1e730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				r9b = 0x30;
				_t74 =  *((intOrPtr*)(_t73 + 8));
				r8d = 2;
				r10d =  *((intOrPtr*)( *((intOrPtr*)(_t73 + 0x10)) + 0xc));
				_t46 = __rdx + __rdx * 2 << 2;
				r10d = r10d - _t46;
				goto 0x1fd1e730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				r9b = 0x20;
				_t75 =  *((intOrPtr*)(_t74 + 8));
				r8d = 2;
				goto 0x1fd1e730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				r9b = 0x30;
				_t76 =  *((intOrPtr*)(_t75 + 8));
				r8d = 2;
				goto 0x1fd1e730;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t77 =  *((intOrPtr*)(_t76 + 8));
				r8d = 0x2b;
				_t58 =  ==  ? r8d : 0x2d;
				if ( *((char*)( *((intOrPtr*)(_t77 + 0x10)) + 0x1c)) == 0) goto 0x1fd067b5;
				goto E00007FFC7FFC1FD103C0;
				return _t46;
			}












                                                                                                                                                0x7ffc1fd06684
                                                                                                                                                0x7ffc1fd06687
                                                                                                                                                0x7ffc1fd0668b
                                                                                                                                                0x7ffc1fd06694
                                                                                                                                                0x7ffc1fd06699
                                                                                                                                                0x7ffc1fd0669a
                                                                                                                                                0x7ffc1fd0669b
                                                                                                                                                0x7ffc1fd0669c
                                                                                                                                                0x7ffc1fd0669d
                                                                                                                                                0x7ffc1fd0669e
                                                                                                                                                0x7ffc1fd0669f
                                                                                                                                                0x7ffc1fd066a4
                                                                                                                                                0x7ffc1fd066a7
                                                                                                                                                0x7ffc1fd066ab
                                                                                                                                                0x7ffc1fd066b4
                                                                                                                                                0x7ffc1fd066b9
                                                                                                                                                0x7ffc1fd066ba
                                                                                                                                                0x7ffc1fd066bb
                                                                                                                                                0x7ffc1fd066bc
                                                                                                                                                0x7ffc1fd066bd
                                                                                                                                                0x7ffc1fd066be
                                                                                                                                                0x7ffc1fd066bf
                                                                                                                                                0x7ffc1fd066c4
                                                                                                                                                0x7ffc1fd066c7
                                                                                                                                                0x7ffc1fd066cb
                                                                                                                                                0x7ffc1fd066d1
                                                                                                                                                0x7ffc1fd066e6
                                                                                                                                                0x7ffc1fd066ed
                                                                                                                                                0x7ffc1fd066f2
                                                                                                                                                0x7ffc1fd066f3
                                                                                                                                                0x7ffc1fd066f4
                                                                                                                                                0x7ffc1fd066f5
                                                                                                                                                0x7ffc1fd066f6
                                                                                                                                                0x7ffc1fd066f7
                                                                                                                                                0x7ffc1fd066f8
                                                                                                                                                0x7ffc1fd066f9
                                                                                                                                                0x7ffc1fd066fa
                                                                                                                                                0x7ffc1fd066fb
                                                                                                                                                0x7ffc1fd066fc
                                                                                                                                                0x7ffc1fd066fd
                                                                                                                                                0x7ffc1fd066fe
                                                                                                                                                0x7ffc1fd066ff
                                                                                                                                                0x7ffc1fd06704
                                                                                                                                                0x7ffc1fd06707
                                                                                                                                                0x7ffc1fd0670b
                                                                                                                                                0x7ffc1fd06711
                                                                                                                                                0x7ffc1fd06723
                                                                                                                                                0x7ffc1fd06726
                                                                                                                                                0x7ffc1fd0672d
                                                                                                                                                0x7ffc1fd06732
                                                                                                                                                0x7ffc1fd06733
                                                                                                                                                0x7ffc1fd06734
                                                                                                                                                0x7ffc1fd06735
                                                                                                                                                0x7ffc1fd06736
                                                                                                                                                0x7ffc1fd06737
                                                                                                                                                0x7ffc1fd06738
                                                                                                                                                0x7ffc1fd06739
                                                                                                                                                0x7ffc1fd0673a
                                                                                                                                                0x7ffc1fd0673b
                                                                                                                                                0x7ffc1fd0673c
                                                                                                                                                0x7ffc1fd0673d
                                                                                                                                                0x7ffc1fd0673e
                                                                                                                                                0x7ffc1fd0673f
                                                                                                                                                0x7ffc1fd06744
                                                                                                                                                0x7ffc1fd06747
                                                                                                                                                0x7ffc1fd0674b
                                                                                                                                                0x7ffc1fd06754
                                                                                                                                                0x7ffc1fd06759
                                                                                                                                                0x7ffc1fd0675a
                                                                                                                                                0x7ffc1fd0675b
                                                                                                                                                0x7ffc1fd0675c
                                                                                                                                                0x7ffc1fd0675d
                                                                                                                                                0x7ffc1fd0675e
                                                                                                                                                0x7ffc1fd0675f
                                                                                                                                                0x7ffc1fd06764
                                                                                                                                                0x7ffc1fd06767
                                                                                                                                                0x7ffc1fd0676b
                                                                                                                                                0x7ffc1fd06774
                                                                                                                                                0x7ffc1fd06779
                                                                                                                                                0x7ffc1fd0677a
                                                                                                                                                0x7ffc1fd0677b
                                                                                                                                                0x7ffc1fd0677c
                                                                                                                                                0x7ffc1fd0677d
                                                                                                                                                0x7ffc1fd0677e
                                                                                                                                                0x7ffc1fd0677f
                                                                                                                                                0x7ffc1fd06789
                                                                                                                                                0x7ffc1fd0678d
                                                                                                                                                0x7ffc1fd06797
                                                                                                                                                0x7ffc1fd067a8
                                                                                                                                                0x7ffc1fd067b0
                                                                                                                                                0x7ffc1fd067b5

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Lockit@std@@Mbstatet@@@std@@memmove$??0_??1_?getloc@?$basic_streambuf@?length@?$codecvt@_Bid@locale@std@@Concurrency::cancel_current_taskD@std@@@std@@Facet_Getcat@?$codecvt@_Getgloballocale@locale@std@@Locimp@12@Mbstatet@@RegisterU?$char_traits@V42@@Vfacet@locale@2@Vlocale@2@memsetstd::_
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3249132129-0
                                                                                                                                                • Opcode ID: a689512fd0de5063ab9b5e905ad6ac7c447a73a5c18569776a42001a620bdc49
                                                                                                                                                • Instruction ID: e49e4d2c1535ef57de6a8cda0ca9c202147adea4ee71b71a4af4d4a4dce13632
                                                                                                                                                • Opcode Fuzzy Hash: a689512fd0de5063ab9b5e905ad6ac7c447a73a5c18569776a42001a620bdc49
                                                                                                                                                • Instruction Fuzzy Hash: 0C81B162B08E6D85FB18EF65E4402BC63A1FB45BA8F444532DE5E07B98DF38E155C3A0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF6C60 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 243COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 31%
                                                                                                                                                			E00007FFC7FFC1FCF6C60(signed int __eax, void* __rcx, intOrPtr* __r8) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r15;
				signed int _t53;
				intOrPtr _t57;
				void* _t64;
				signed int _t66;
				signed int _t68;
				signed int _t69;
				signed int _t77;
				void* _t79;
				signed long long _t97;
				char* _t100;
				void* _t108;
				intOrPtr _t117;
				intOrPtr* _t126;
				signed int _t127;
				void* _t129;
				void* _t130;
				signed long long _t131;
				void* _t139;
				void* _t141;
				void* _t142;

				_t129 = _t130 - 0x1d0;
				_t131 = _t130 - 0x2d0;
				asm("movaps [esp+0x2c0], xmm6");
				_t97 =  *0x1fd3ec78; // 0x18cf064c5a8d
				 *(_t129 + 0x1b0) = _t97 ^ _t131;
				_t126 = __r8;
				asm("movaps xmm6, xmm1");
				_t141 = __rcx;
				 *((char*)(_t131 + 0x30)) = 0;
				E00007FFC7FFC1FCF3B30();
				asm("movups xmm0, [eax]");
				asm("movaps [esp+0x40], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				_t66 = ( *(__r8 + 0xc) << 0x00000019 >> 0x0000001d ^ __eax) & 0x000000ff ^ __eax;
				 *(_t131 + 0x48) = _t66;
				asm("movaps xmm0, xmm6");
				__imp___ldsign();
				if (__eax == 0) goto 0x1fcf6cf7;
				_t68 = _t66 & 0xffffff01 | 0x00000001;
				asm("xorps xmm6, [0x356bb]");
				goto 0x1fcf6d02;
				if (_t68 != 1) goto 0x1fcf6d06;
				_t69 = _t68 & 0xffffff00;
				 *(_t131 + 0x48) = _t69;
				asm("movaps xmm0, xmm6");
				0x1fd2713d();
				if (__eax <= 0) goto 0x1fcf6d63;
				if (__eax != 1) goto 0x1fcf6d29;
				goto 0x1fcf6d37;
				_t100 = "NAN";
				_t113 =  !=  ? _t100 : "nan";
				 *((intOrPtr*)(_t131 + 0x40)) =  *(_t131 + 0x48);
				 *(_t131 + 0x48) =  !=  ? _t100 : "nan";
				_t122 = __r8;
				E00007FFC7FFC1FCF71A0(_t79, _t100, _t108, __rcx, __r8, _t131 + 0x40, _t142);
				goto 0x1fcf6e8e;
				_t53 =  *(_t126 + 0xc);
				_t77 = _t53 << 0x1c >> 0x1c;
				if (_t77 != 0) goto 0x1fcf6d84;
				 *(_t126 + 0xc) = _t53 & 0xfffffff2 | 0x00000002;
				goto 0x1fcf6dc2;
				if (_t77 != 4) goto 0x1fcf6dc2;
				_t127 =  *(_t131 + 0x48);
				if (sil == 0) goto 0x1fcf6dba;
				E00007FFC7FFC1FCFBAB0(_t108, _t141, _t122, _t127);
				 *_t100 =  *(_t127 + 0x1fd2e0a4) & 0x000000ff;
				 *(_t131 + 0x48) = _t69 & 0xffffff00;
				_t57 =  *_t126;
				if (_t57 == 0) goto 0x1fcf6dba;
				 *_t126 = _t57 - 1;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) & 0xfffffff2;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) | 0x00000002;
				 *((long long*)(_t129 - 0x60)) = 0;
				 *((long long*)(_t129 - 0x70)) = 0x1fd2baa8;
				 *((long long*)(_t129 - 0x68)) = _t129 - 0x50;
				 *((long long*)(_t129 - 0x58)) = 0x1f4;
				if (( *(_t131 + 0x44) & 0x000000ff) != 3) goto 0x1fcf6eb7;
				if (sil == 0) goto 0x1fcf6e0d;
				 *((char*)(_t129 - 0x50)) =  *( *(_t131 + 0x48) + 0x1fd2e0a4) & 0x000000ff;
				 *((long long*)(_t129 - 0x60)) = 1;
				asm("movaps xmm1, [esp+0x40]");
				asm("movdqa [esp+0x50], xmm1");
				asm("movaps xmm0, xmm6");
				E00007FFC7FFC1FD14470( *((intOrPtr*)(_t126 + 4)), _t108, _t131 + 0x50, _t129 - 0x70, _t139);
				 *((long long*)(_t131 + 0x40)) =  *((intOrPtr*)(_t129 - 0x68));
				 *(_t131 + 0x48) =  *((intOrPtr*)(_t129 - 0x60));
				E00007FFC7FFC1FCF8330(_t108, _t141, _t126, _t126, _t131 + 0x40, _t129 - 0x70, _t139, 0x1fd2e0a4);
				 *((long long*)(_t129 - 0x70)) = 0x1fd2baa8;
				_t117 =  *((intOrPtr*)(_t129 - 0x68));
				if (_t117 == _t129 - 0x50) goto 0x1fcf6e8e;
				if ( *((intOrPtr*)(_t129 - 0x58)) - 0x1000 < 0) goto 0x1fcf6e89;
				if (_t117 -  *((intOrPtr*)(_t117 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x1fcf6ff0;
				_t64 = E00007FFC7FFC1FD15E20(E00007FFC7FFC1FD156E4(),  *(_t127 + 0x1fd2e0a4) & 0x000000ff,  *(_t129 + 0x1b0) ^ _t131);
				asm("movaps xmm6, [esp+0x2c0]");
				return _t64;
			}




























                                                                                                                                                0x7ffc1fcf6c6b
                                                                                                                                                0x7ffc1fcf6c73
                                                                                                                                                0x7ffc1fcf6c7a
                                                                                                                                                0x7ffc1fcf6c82
                                                                                                                                                0x7ffc1fcf6c8c
                                                                                                                                                0x7ffc1fcf6c93
                                                                                                                                                0x7ffc1fcf6c96
                                                                                                                                                0x7ffc1fcf6c99
                                                                                                                                                0x7ffc1fcf6c9c
                                                                                                                                                0x7ffc1fcf6cae
                                                                                                                                                0x7ffc1fcf6cb3
                                                                                                                                                0x7ffc1fcf6cb6
                                                                                                                                                0x7ffc1fcf6cc4
                                                                                                                                                0x7ffc1fcf6cc9
                                                                                                                                                0x7ffc1fcf6cd2
                                                                                                                                                0x7ffc1fcf6cd4
                                                                                                                                                0x7ffc1fcf6cd8
                                                                                                                                                0x7ffc1fcf6cdb
                                                                                                                                                0x7ffc1fcf6ce3
                                                                                                                                                0x7ffc1fcf6ceb
                                                                                                                                                0x7ffc1fcf6cee
                                                                                                                                                0x7ffc1fcf6cf5
                                                                                                                                                0x7ffc1fcf6cfa
                                                                                                                                                0x7ffc1fcf6cfc
                                                                                                                                                0x7ffc1fcf6d02
                                                                                                                                                0x7ffc1fcf6d06
                                                                                                                                                0x7ffc1fcf6d09
                                                                                                                                                0x7ffc1fcf6d11
                                                                                                                                                0x7ffc1fcf6d17
                                                                                                                                                0x7ffc1fcf6d27
                                                                                                                                                0x7ffc1fcf6d29
                                                                                                                                                0x7ffc1fcf6d3c
                                                                                                                                                0x7ffc1fcf6d45
                                                                                                                                                0x7ffc1fcf6d49
                                                                                                                                                0x7ffc1fcf6d53
                                                                                                                                                0x7ffc1fcf6d59
                                                                                                                                                0x7ffc1fcf6d5e
                                                                                                                                                0x7ffc1fcf6d63
                                                                                                                                                0x7ffc1fcf6d6b
                                                                                                                                                0x7ffc1fcf6d77
                                                                                                                                                0x7ffc1fcf6d7f
                                                                                                                                                0x7ffc1fcf6d82
                                                                                                                                                0x7ffc1fcf6d87
                                                                                                                                                0x7ffc1fcf6d89
                                                                                                                                                0x7ffc1fcf6d92
                                                                                                                                                0x7ffc1fcf6d9a
                                                                                                                                                0x7ffc1fcf6da4
                                                                                                                                                0x7ffc1fcf6dac
                                                                                                                                                0x7ffc1fcf6db0
                                                                                                                                                0x7ffc1fcf6db4
                                                                                                                                                0x7ffc1fcf6db8
                                                                                                                                                0x7ffc1fcf6dba
                                                                                                                                                0x7ffc1fcf6dbe
                                                                                                                                                0x7ffc1fcf6dc2
                                                                                                                                                0x7ffc1fcf6dd1
                                                                                                                                                0x7ffc1fcf6dd9
                                                                                                                                                0x7ffc1fcf6ddd
                                                                                                                                                0x7ffc1fcf6dec
                                                                                                                                                0x7ffc1fcf6dfb
                                                                                                                                                0x7ffc1fcf6e02
                                                                                                                                                0x7ffc1fcf6e05
                                                                                                                                                0x7ffc1fcf6e0d
                                                                                                                                                0x7ffc1fcf6e12
                                                                                                                                                0x7ffc1fcf6e24
                                                                                                                                                0x7ffc1fcf6e27
                                                                                                                                                0x7ffc1fcf6e30
                                                                                                                                                0x7ffc1fcf6e39
                                                                                                                                                0x7ffc1fcf6e49
                                                                                                                                                0x7ffc1fcf6e4f
                                                                                                                                                0x7ffc1fcf6e57
                                                                                                                                                0x7ffc1fcf6e5e
                                                                                                                                                0x7ffc1fcf6e6e
                                                                                                                                                0x7ffc1fcf6e83
                                                                                                                                                0x7ffc1fcf6e98
                                                                                                                                                0x7ffc1fcf6e9d
                                                                                                                                                0x7ffc1fcf6eb6

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: __std_exception_copy_dclass_dsign_invalid_parameter_noinfo_noreturn
                                                                                                                                                • String ID: INF$NAN$inf$nan$number is too big
                                                                                                                                                • API String ID: 3571884167-1812383209
                                                                                                                                                • Opcode ID: 6d6d9d6f3e28e98993cdf34eb98fdccd9669dd75bd9f3e8f34f56f9762267f41
                                                                                                                                                • Instruction ID: df0bc9199f5379619fd5e7d37de7d20933a2e847209e97c93540d021e1c9269d
                                                                                                                                                • Opcode Fuzzy Hash: 6d6d9d6f3e28e98993cdf34eb98fdccd9669dd75bd9f3e8f34f56f9762267f41
                                                                                                                                                • Instruction Fuzzy Hash: 56B10162A08FA985FB248F74E4503BDB760FB85374F404236EA9C12A99DF7CE4A4D750
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF68C0 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 243COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 31%
                                                                                                                                                			E00007FFC7FFC1FCF68C0(signed int __eax, void* __rcx, intOrPtr* __r8) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r15;
				signed int _t53;
				intOrPtr _t57;
				void* _t64;
				signed int _t66;
				signed int _t68;
				signed int _t69;
				signed int _t77;
				void* _t79;
				signed long long _t97;
				char* _t100;
				void* _t108;
				intOrPtr _t117;
				intOrPtr* _t126;
				signed int _t127;
				void* _t129;
				void* _t130;
				signed long long _t131;
				void* _t139;
				void* _t141;
				void* _t142;

				_t129 = _t130 - 0x1d0;
				_t131 = _t130 - 0x2d0;
				asm("movaps [esp+0x2c0], xmm6");
				_t97 =  *0x1fd3ec78; // 0x18cf064c5a8d
				 *(_t129 + 0x1b0) = _t97 ^ _t131;
				_t126 = __r8;
				asm("movaps xmm6, xmm1");
				_t141 = __rcx;
				 *((char*)(_t131 + 0x30)) = 0;
				E00007FFC7FFC1FCF3B30();
				asm("movups xmm0, [eax]");
				asm("movaps [esp+0x40], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				_t66 = ( *(__r8 + 0xc) << 0x00000019 >> 0x0000001d ^ __eax) & 0x000000ff ^ __eax;
				 *(_t131 + 0x48) = _t66;
				asm("movaps xmm0, xmm6");
				__imp___dsign();
				if (__eax == 0) goto 0x1fcf6957;
				_t68 = _t66 & 0xffffff01 | 0x00000001;
				asm("xorps xmm6, [0x35a5b]");
				goto 0x1fcf6962;
				if (_t68 != 1) goto 0x1fcf6966;
				_t69 = _t68 & 0xffffff00;
				 *(_t131 + 0x48) = _t69;
				asm("movaps xmm0, xmm6");
				0x1fd27131();
				if (__eax <= 0) goto 0x1fcf69c3;
				if (__eax != 1) goto 0x1fcf6989;
				goto 0x1fcf6997;
				_t100 = "NAN";
				_t113 =  !=  ? _t100 : "nan";
				 *((intOrPtr*)(_t131 + 0x40)) =  *(_t131 + 0x48);
				 *(_t131 + 0x48) =  !=  ? _t100 : "nan";
				_t122 = __r8;
				E00007FFC7FFC1FCF71A0(_t79, _t100, _t108, __rcx, __r8, _t131 + 0x40, _t142);
				goto 0x1fcf6aee;
				_t53 =  *(_t126 + 0xc);
				_t77 = _t53 << 0x1c >> 0x1c;
				if (_t77 != 0) goto 0x1fcf69e4;
				 *(_t126 + 0xc) = _t53 & 0xfffffff2 | 0x00000002;
				goto 0x1fcf6a22;
				if (_t77 != 4) goto 0x1fcf6a22;
				_t127 =  *(_t131 + 0x48);
				if (sil == 0) goto 0x1fcf6a1a;
				E00007FFC7FFC1FCFBAB0(_t108, _t141, _t122, _t127);
				 *_t100 =  *(_t127 + 0x1fd2e0a4) & 0x000000ff;
				 *(_t131 + 0x48) = _t69 & 0xffffff00;
				_t57 =  *_t126;
				if (_t57 == 0) goto 0x1fcf6a1a;
				 *_t126 = _t57 - 1;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) & 0xfffffff2;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) | 0x00000002;
				 *((long long*)(_t129 - 0x60)) = 0;
				 *((long long*)(_t129 - 0x70)) = 0x1fd2baa8;
				 *((long long*)(_t129 - 0x68)) = _t129 - 0x50;
				 *((long long*)(_t129 - 0x58)) = 0x1f4;
				if (( *(_t131 + 0x44) & 0x000000ff) != 3) goto 0x1fcf6b17;
				if (sil == 0) goto 0x1fcf6a6d;
				 *((char*)(_t129 - 0x50)) =  *( *(_t131 + 0x48) + 0x1fd2e0a4) & 0x000000ff;
				 *((long long*)(_t129 - 0x60)) = 1;
				asm("movaps xmm1, [esp+0x40]");
				asm("movdqa [esp+0x50], xmm1");
				asm("movaps xmm0, xmm6");
				E00007FFC7FFC1FD14200( *(_t127 + 0x1fd2e0a4) & 0x000000ff,  *((intOrPtr*)(_t126 + 4)), _t108, _t131 + 0x50, _t129 - 0x70, _t139);
				 *((long long*)(_t131 + 0x40)) =  *((intOrPtr*)(_t129 - 0x68));
				 *(_t131 + 0x48) =  *((intOrPtr*)(_t129 - 0x60));
				E00007FFC7FFC1FCF8330(_t108, _t141, _t126, _t126, _t131 + 0x40, _t129 - 0x70, _t139, 0x1fd2e0a4);
				 *((long long*)(_t129 - 0x70)) = 0x1fd2baa8;
				_t117 =  *((intOrPtr*)(_t129 - 0x68));
				if (_t117 == _t129 - 0x50) goto 0x1fcf6aee;
				if ( *((intOrPtr*)(_t129 - 0x58)) - 0x1000 < 0) goto 0x1fcf6ae9;
				if (_t117 -  *((intOrPtr*)(_t117 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x1fcf6c50;
				_t64 = E00007FFC7FFC1FD15E20(E00007FFC7FFC1FD156E4(),  *(_t127 + 0x1fd2e0a4) & 0x000000ff,  *(_t129 + 0x1b0) ^ _t131);
				asm("movaps xmm6, [esp+0x2c0]");
				return _t64;
			}




























                                                                                                                                                0x7ffc1fcf68cb
                                                                                                                                                0x7ffc1fcf68d3
                                                                                                                                                0x7ffc1fcf68da
                                                                                                                                                0x7ffc1fcf68e2
                                                                                                                                                0x7ffc1fcf68ec
                                                                                                                                                0x7ffc1fcf68f3
                                                                                                                                                0x7ffc1fcf68f6
                                                                                                                                                0x7ffc1fcf68f9
                                                                                                                                                0x7ffc1fcf68fc
                                                                                                                                                0x7ffc1fcf690e
                                                                                                                                                0x7ffc1fcf6913
                                                                                                                                                0x7ffc1fcf6916
                                                                                                                                                0x7ffc1fcf6924
                                                                                                                                                0x7ffc1fcf6929
                                                                                                                                                0x7ffc1fcf6932
                                                                                                                                                0x7ffc1fcf6934
                                                                                                                                                0x7ffc1fcf6938
                                                                                                                                                0x7ffc1fcf693b
                                                                                                                                                0x7ffc1fcf6943
                                                                                                                                                0x7ffc1fcf694b
                                                                                                                                                0x7ffc1fcf694e
                                                                                                                                                0x7ffc1fcf6955
                                                                                                                                                0x7ffc1fcf695a
                                                                                                                                                0x7ffc1fcf695c
                                                                                                                                                0x7ffc1fcf6962
                                                                                                                                                0x7ffc1fcf6966
                                                                                                                                                0x7ffc1fcf6969
                                                                                                                                                0x7ffc1fcf6971
                                                                                                                                                0x7ffc1fcf6977
                                                                                                                                                0x7ffc1fcf6987
                                                                                                                                                0x7ffc1fcf6989
                                                                                                                                                0x7ffc1fcf699c
                                                                                                                                                0x7ffc1fcf69a5
                                                                                                                                                0x7ffc1fcf69a9
                                                                                                                                                0x7ffc1fcf69b3
                                                                                                                                                0x7ffc1fcf69b9
                                                                                                                                                0x7ffc1fcf69be
                                                                                                                                                0x7ffc1fcf69c3
                                                                                                                                                0x7ffc1fcf69cb
                                                                                                                                                0x7ffc1fcf69d7
                                                                                                                                                0x7ffc1fcf69df
                                                                                                                                                0x7ffc1fcf69e2
                                                                                                                                                0x7ffc1fcf69e7
                                                                                                                                                0x7ffc1fcf69e9
                                                                                                                                                0x7ffc1fcf69f2
                                                                                                                                                0x7ffc1fcf69fa
                                                                                                                                                0x7ffc1fcf6a04
                                                                                                                                                0x7ffc1fcf6a0c
                                                                                                                                                0x7ffc1fcf6a10
                                                                                                                                                0x7ffc1fcf6a14
                                                                                                                                                0x7ffc1fcf6a18
                                                                                                                                                0x7ffc1fcf6a1a
                                                                                                                                                0x7ffc1fcf6a1e
                                                                                                                                                0x7ffc1fcf6a22
                                                                                                                                                0x7ffc1fcf6a31
                                                                                                                                                0x7ffc1fcf6a39
                                                                                                                                                0x7ffc1fcf6a3d
                                                                                                                                                0x7ffc1fcf6a4c
                                                                                                                                                0x7ffc1fcf6a5b
                                                                                                                                                0x7ffc1fcf6a62
                                                                                                                                                0x7ffc1fcf6a65
                                                                                                                                                0x7ffc1fcf6a6d
                                                                                                                                                0x7ffc1fcf6a72
                                                                                                                                                0x7ffc1fcf6a84
                                                                                                                                                0x7ffc1fcf6a87
                                                                                                                                                0x7ffc1fcf6a90
                                                                                                                                                0x7ffc1fcf6a99
                                                                                                                                                0x7ffc1fcf6aa9
                                                                                                                                                0x7ffc1fcf6aaf
                                                                                                                                                0x7ffc1fcf6ab7
                                                                                                                                                0x7ffc1fcf6abe
                                                                                                                                                0x7ffc1fcf6ace
                                                                                                                                                0x7ffc1fcf6ae3
                                                                                                                                                0x7ffc1fcf6af8
                                                                                                                                                0x7ffc1fcf6afd
                                                                                                                                                0x7ffc1fcf6b16

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: __std_exception_copy_dclass_dsign_invalid_parameter_noinfo_noreturn
                                                                                                                                                • String ID: INF$NAN$inf$nan$number is too big
                                                                                                                                                • API String ID: 3571884167-1812383209
                                                                                                                                                • Opcode ID: e989a04ac9d643e88f4f7596637f0954a79c4252fcc9246e51ff4c0d95f8c880
                                                                                                                                                • Instruction ID: 2a270f7a24397dd9e0c8a65150822d34dd01fb8860c899da35b8ec701f93764a
                                                                                                                                                • Opcode Fuzzy Hash: e989a04ac9d643e88f4f7596637f0954a79c4252fcc9246e51ff4c0d95f8c880
                                                                                                                                                • Instruction Fuzzy Hash: A7B10462A08FA945FB208F75E4503BEB7A0FB45374F404236EA9C12A95DF7CE5A0E750
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF6520 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 237COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 30%
                                                                                                                                                			E00007FFC7FFC1FCF6520(signed int __eax, void* __rcx, intOrPtr* __r8) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r15;
				signed int _t53;
				intOrPtr _t57;
				void* _t64;
				signed int _t66;
				signed int _t68;
				signed int _t69;
				signed int _t77;
				void* _t79;
				signed long long _t97;
				char* _t100;
				void* _t108;
				intOrPtr _t117;
				intOrPtr* _t126;
				signed int _t127;
				void* _t129;
				void* _t130;
				signed long long _t131;
				void* _t139;
				void* _t141;
				void* _t142;

				_t129 = _t130 - 0x1d0;
				_t131 = _t130 - 0x2d0;
				asm("movaps [esp+0x2c0], xmm6");
				_t97 =  *0x1fd3ec78; // 0x18cf064c5a8d
				 *(_t129 + 0x1b0) = _t97 ^ _t131;
				_t126 = __r8;
				asm("movaps xmm6, xmm1");
				_t141 = __rcx;
				 *((char*)(_t131 + 0x30)) = 0;
				E00007FFC7FFC1FCF3B30();
				asm("movups xmm0, [eax]");
				asm("movaps [esp+0x40], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				_t66 = ( *(__r8 + 0xc) << 0x00000019 >> 0x0000001d ^ __eax) & 0x000000ff ^ __eax;
				 *(_t131 + 0x48) = _t66;
				asm("movaps xmm0, xmm6");
				__imp___fdsign();
				if (__eax == 0) goto 0x1fcf65b7;
				_t68 = _t66 & 0xffffff01 | 0x00000001;
				asm("xorps xmm6, [0x35e0b]");
				goto 0x1fcf65c2;
				if (_t68 != 1) goto 0x1fcf65c6;
				_t69 = _t68 & 0xffffff00;
				 *(_t131 + 0x48) = _t69;
				asm("movaps xmm0, xmm6");
				0x1fd27137();
				if (__eax <= 0) goto 0x1fcf6623;
				if (__eax != 1) goto 0x1fcf65e9;
				goto 0x1fcf65f7;
				_t100 = "NAN";
				_t113 =  !=  ? _t100 : "nan";
				 *((intOrPtr*)(_t131 + 0x40)) =  *(_t131 + 0x48);
				 *(_t131 + 0x48) =  !=  ? _t100 : "nan";
				_t122 = __r8;
				E00007FFC7FFC1FCF71A0(_t79, _t100, _t108, __rcx, __r8, _t131 + 0x40, _t142);
				goto 0x1fcf6752;
				_t53 =  *(_t126 + 0xc);
				_t77 = _t53 << 0x1c >> 0x1c;
				if (_t77 != 0) goto 0x1fcf6644;
				 *(_t126 + 0xc) = _t53 & 0xfffffff2 | 0x00000002;
				goto 0x1fcf6682;
				if (_t77 != 4) goto 0x1fcf6682;
				_t127 =  *(_t131 + 0x48);
				if (sil == 0) goto 0x1fcf667a;
				E00007FFC7FFC1FCFBAB0(_t108, _t141, _t122, _t127);
				 *_t100 =  *(_t127 + 0x1fd2e0a4) & 0x000000ff;
				 *(_t131 + 0x48) = _t69 & 0xffffff00;
				_t57 =  *_t126;
				if (_t57 == 0) goto 0x1fcf667a;
				 *_t126 = _t57 - 1;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) & 0xfffffff2;
				 *(_t126 + 0xc) =  *(_t126 + 0xc) | 0x00000002;
				 *((long long*)(_t129 - 0x60)) = 0;
				 *((long long*)(_t129 - 0x70)) = 0x1fd2baa8;
				 *((long long*)(_t129 - 0x68)) = _t129 - 0x50;
				 *((long long*)(_t129 - 0x58)) = 0x1f4;
				if (( *(_t131 + 0x44) & 0x000000ff) != 3) goto 0x1fcf677b;
				if (sil == 0) goto 0x1fcf66cd;
				 *((char*)(_t129 - 0x50)) =  *( *(_t131 + 0x48) + 0x1fd2e0a4) & 0x000000ff;
				 *((long long*)(_t129 - 0x60)) = 1;
				asm("xorps xmm0, xmm0");
				asm("cvtss2sd xmm0, xmm6");
				asm("movaps xmm1, [esp+0x40]");
				asm("movdqa [esp+0x50], xmm1");
				E00007FFC7FFC1FD14200( *(_t127 + 0x1fd2e0a4) & 0x000000ff,  *((intOrPtr*)(_t126 + 4)), _t108, _t131 + 0x50, _t129 - 0x70, _t139);
				 *((long long*)(_t131 + 0x40)) =  *((intOrPtr*)(_t129 - 0x68));
				 *(_t131 + 0x48) =  *((intOrPtr*)(_t129 - 0x60));
				E00007FFC7FFC1FCF8330(_t108, _t141, _t126, _t126, _t131 + 0x40, _t129 - 0x70, _t139, 0x1fd2e0a4);
				 *((long long*)(_t129 - 0x70)) = 0x1fd2baa8;
				_t117 =  *((intOrPtr*)(_t129 - 0x68));
				if (_t117 == _t129 - 0x50) goto 0x1fcf6752;
				if ( *((intOrPtr*)(_t129 - 0x58)) - 0x1000 < 0) goto 0x1fcf674d;
				if (_t117 -  *((intOrPtr*)(_t117 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x1fcf68b8;
				_t64 = E00007FFC7FFC1FD15E20(E00007FFC7FFC1FD156E4(),  *(_t127 + 0x1fd2e0a4) & 0x000000ff,  *(_t129 + 0x1b0) ^ _t131);
				asm("movaps xmm6, [esp+0x2c0]");
				return _t64;
			}




























                                                                                                                                                0x7ffc1fcf652b
                                                                                                                                                0x7ffc1fcf6533
                                                                                                                                                0x7ffc1fcf653a
                                                                                                                                                0x7ffc1fcf6542
                                                                                                                                                0x7ffc1fcf654c
                                                                                                                                                0x7ffc1fcf6553
                                                                                                                                                0x7ffc1fcf6556
                                                                                                                                                0x7ffc1fcf6559
                                                                                                                                                0x7ffc1fcf655c
                                                                                                                                                0x7ffc1fcf656e
                                                                                                                                                0x7ffc1fcf6573
                                                                                                                                                0x7ffc1fcf6576
                                                                                                                                                0x7ffc1fcf6584
                                                                                                                                                0x7ffc1fcf6589
                                                                                                                                                0x7ffc1fcf6592
                                                                                                                                                0x7ffc1fcf6594
                                                                                                                                                0x7ffc1fcf6598
                                                                                                                                                0x7ffc1fcf659b
                                                                                                                                                0x7ffc1fcf65a3
                                                                                                                                                0x7ffc1fcf65ab
                                                                                                                                                0x7ffc1fcf65ae
                                                                                                                                                0x7ffc1fcf65b5
                                                                                                                                                0x7ffc1fcf65ba
                                                                                                                                                0x7ffc1fcf65bc
                                                                                                                                                0x7ffc1fcf65c2
                                                                                                                                                0x7ffc1fcf65c6
                                                                                                                                                0x7ffc1fcf65c9
                                                                                                                                                0x7ffc1fcf65d1
                                                                                                                                                0x7ffc1fcf65d7
                                                                                                                                                0x7ffc1fcf65e7
                                                                                                                                                0x7ffc1fcf65e9
                                                                                                                                                0x7ffc1fcf65fc
                                                                                                                                                0x7ffc1fcf6605
                                                                                                                                                0x7ffc1fcf6609
                                                                                                                                                0x7ffc1fcf6613
                                                                                                                                                0x7ffc1fcf6619
                                                                                                                                                0x7ffc1fcf661e
                                                                                                                                                0x7ffc1fcf6623
                                                                                                                                                0x7ffc1fcf662b
                                                                                                                                                0x7ffc1fcf6637
                                                                                                                                                0x7ffc1fcf663f
                                                                                                                                                0x7ffc1fcf6642
                                                                                                                                                0x7ffc1fcf6647
                                                                                                                                                0x7ffc1fcf6649
                                                                                                                                                0x7ffc1fcf6652
                                                                                                                                                0x7ffc1fcf665a
                                                                                                                                                0x7ffc1fcf6664
                                                                                                                                                0x7ffc1fcf666c
                                                                                                                                                0x7ffc1fcf6670
                                                                                                                                                0x7ffc1fcf6674
                                                                                                                                                0x7ffc1fcf6678
                                                                                                                                                0x7ffc1fcf667a
                                                                                                                                                0x7ffc1fcf667e
                                                                                                                                                0x7ffc1fcf6682
                                                                                                                                                0x7ffc1fcf6691
                                                                                                                                                0x7ffc1fcf6699
                                                                                                                                                0x7ffc1fcf669d
                                                                                                                                                0x7ffc1fcf66ac
                                                                                                                                                0x7ffc1fcf66bb
                                                                                                                                                0x7ffc1fcf66c2
                                                                                                                                                0x7ffc1fcf66c5
                                                                                                                                                0x7ffc1fcf66cd
                                                                                                                                                0x7ffc1fcf66d0
                                                                                                                                                0x7ffc1fcf66d4
                                                                                                                                                0x7ffc1fcf66d9
                                                                                                                                                0x7ffc1fcf66eb
                                                                                                                                                0x7ffc1fcf66f4
                                                                                                                                                0x7ffc1fcf66fd
                                                                                                                                                0x7ffc1fcf670d
                                                                                                                                                0x7ffc1fcf6713
                                                                                                                                                0x7ffc1fcf671b
                                                                                                                                                0x7ffc1fcf6722
                                                                                                                                                0x7ffc1fcf6732
                                                                                                                                                0x7ffc1fcf6747
                                                                                                                                                0x7ffc1fcf675c
                                                                                                                                                0x7ffc1fcf6761
                                                                                                                                                0x7ffc1fcf677a

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: __std_exception_copy_fdclass_fdsign_invalid_parameter_noinfo_noreturn
                                                                                                                                                • String ID: INF$NAN$inf$nan$number is too big
                                                                                                                                                • API String ID: 3310147705-1812383209
                                                                                                                                                • Opcode ID: 9f5298840a802956e41cf92eeb2111b055740e70d50ef15bd4f5d77ec76a783c
                                                                                                                                                • Instruction ID: 09a122db88ab45910e61e4a9ca372c7d52881d08fcf991250d368c5a004e3144
                                                                                                                                                • Opcode Fuzzy Hash: 9f5298840a802956e41cf92eeb2111b055740e70d50ef15bd4f5d77ec76a783c
                                                                                                                                                • Instruction Fuzzy Hash: A0B1F362A08FA985FB208F74E4503BDB760FB45374F504276EA9C12A95DF3CE4A4D750
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF9C50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 200COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 28%
                                                                                                                                                			E00007FFC7FFC1FCF9C50(void* __rcx, long long __rdx, void* __rbp, void* __r8) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				intOrPtr _v96;
				char _v120;
				long long _v128;
				long long _v136;
				char _v152;
				long long _v160;
				long long _v168;
				intOrPtr _v178;
				short _v180;
				char _v184;
				char _v200;
				long long _v216;
				long long _v224;
				long long _v232;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r14;
				char _t58;
				void* _t71;
				void* _t83;
				void* _t84;
				void* _t85;
				signed long long _t110;
				signed long long _t111;
				long long _t115;
				void* _t121;
				void* _t134;
				long long _t135;
				char _t158;
				long long _t167;
				long long _t173;
				intOrPtr _t176;
				long long _t182;
				intOrPtr _t185;
				intOrPtr _t188;
				intOrPtr _t191;
				long long _t194;
				void* _t196;
				void* _t197;
				void* _t198;
				intOrPtr _t202;
				void* _t205;
				void* _t206;
				long long _t207;

				_t197 = __rbp;
				_t205 = _t198;
				_t199 = _t198 - 0xe0;
				_t110 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_t111 = _t110 ^ _t198 - 0x000000e0;
				_v56 = _t111;
				_t196 = __r8;
				_t194 = __rdx;
				_t206 = __rcx;
				r15d = 0;
				_v184 = _t207;
				_v160 = 0xf;
				_v168 = 6;
				_t58 = "system"; // 0x74737973
				_v184 = _t58;
				_v180 =  *0x1fd2ba84 & 0x0000ffff;
				_v178 = r15b;
				 *((long long*)(_t205 - 0x78)) = _t207;
				asm("movdqa xmm0, [0x326e3]");
				asm("repe inc ecx");
				 *((intOrPtr*)(_t205 - 0x78)) = r15b;
				E00007FFC7FFC1FD0D640(_t134, __rcx, __r8);
				if ( &_v120 == _t111) goto 0x1fcf9cf7;
				_t202 =  *((intOrPtr*)(_t111 + 0x10));
				if ( *((long long*)(_t111 + 0x18)) - 0x10 < 0) goto 0x1fcf9ce7;
				E00007FFC7FFC1FCF9100(_t134,  &_v120,  *_t111, _t202, _t206);
				E00007FFC7FFC1FD106F0( *((long long*)(_t111 + 0x18)) - 0x10,  *_t111,  &_v184, _t202);
				_t167 = _v160;
				if (_t167 - 0x10 < 0) goto 0x1fcf9d42;
				if (_t167 + 1 - 0x1000 < 0) goto 0x1fcf9d3d;
				_t115 = _v184 -  *((intOrPtr*)(_v184 - 8)) + 0xfffffff8;
				if (_t115 - 0x1f <= 0) goto 0x1fcf9d3d;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v168 = _t207;
				_v160 = 0xf;
				_v184 = 0;
				E00007FFC7FFC1FD04280(_t84, _t134,  &_v88, _t196, _t196, _t197);
				_t135 = _t115;
				_v200 = _t194;
				E00007FFC7FFC1FD04280(_t84, _t135,  &_v152, _t206, _t196, _t197);
				_v216 = _t135;
				_v224 =  &_v200;
				_v232 = _t115;
				r8d = 0x5f;
				_t82 = _t202 - 0x5e;
				E00007FFC7FFC1FCF5BB0(_t202 - 0x5e, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_deleteport \'{}\', {:#x}, \'{}\'");
				_t173 = _v128;
				if (_t173 - 0x10 < 0) goto 0x1fcf9df0;
				if (_t173 + 1 - 0x1000 < 0) goto 0x1fcf9deb;
				if (_v152 -  *((intOrPtr*)(_v152 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcf9deb;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v136 = _t207;
				_v128 = 0xf;
				_v152 = 0;
				_t176 = _v64;
				if (_t176 - 0x10 < 0) goto 0x1fcf9e4f;
				if (_t176 + 1 - 0x1000 < 0) goto 0x1fcf9e4a;
				_t121 = _v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8;
				if (_t121 - 0x1f <= 0) goto 0x1fcf9e4a;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				E00007FFC7FFC1FCFE0D0( *((intOrPtr*)(_v88 - 8)), _t176 + 0x28);
				E00007FFC7FFC1FD04280(_t84, _t121,  &_v88, _t196, _t196, _t197);
				_t71 = E00007FFC7FFC1FD04280(_t84, _t121,  &_v152, _t206, _t196, _t197);
				_t203 = _t121;
				E00007FFC7FFC1FCFE6C0(_t71, _t83, _t84, _t85, _t121, _t121, _t121, _t121, _t196, _t197, _t121);
				_t182 = _v128;
				if (_t182 - 0x10 < 0) goto 0x1fcf9eca;
				if (_t182 + 1 - 0x1000 < 0) goto 0x1fcf9ec5;
				if (_v152 -  *((intOrPtr*)(_v152 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcf9ec5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v136 = _t207;
				_v128 = 0xf;
				_v152 = 0;
				_t185 = _v64;
				if (_t185 - 0x10 < 0) goto 0x1fcf9f2a;
				if (_t185 + 1 - 0x1000 < 0) goto 0x1fcf9f24;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcf9f24;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				E00007FFC7FFC1FD106F0(_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f, _v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8,  &_v120, _t121);
				_t188 = _v96;
				if (_t188 - 0x10 < 0) goto 0x1fcf9f7e;
				_t158 = _v120;
				if (_t188 + 1 - 0x1000 < 0) goto 0x1fcf9f78;
				_t130 = _t158 -  *((intOrPtr*)(_t158 - 8)) + 0xfffffff8;
				_t105 = _t158 -  *((intOrPtr*)(_t158 - 8)) + 0xfffffff8 - 0x1f;
				if (_t158 -  *((intOrPtr*)(_t158 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcf9f78;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				E00007FFC7FFC1FD106F0(_t105, _t130,  &_v120, _t203);
				_t191 = _v96;
				if (_t191 - 0x10 < 0) goto 0x1fcf9fd9;
				if (_t191 + 1 - 0x1000 < 0) goto 0x1fcf9fd3;
				if (_v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcf9fd3;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				return E00007FFC7FFC1FD15E20(0, _t82, _v56 ^ _t199);
			}



















































                                                                                                                                                0x7ffc1fcf9c50
                                                                                                                                                0x7ffc1fcf9c50
                                                                                                                                                0x7ffc1fcf9c5a
                                                                                                                                                0x7ffc1fcf9c61
                                                                                                                                                0x7ffc1fcf9c68
                                                                                                                                                0x7ffc1fcf9c6b
                                                                                                                                                0x7ffc1fcf9c73
                                                                                                                                                0x7ffc1fcf9c76
                                                                                                                                                0x7ffc1fcf9c79
                                                                                                                                                0x7ffc1fcf9c7c
                                                                                                                                                0x7ffc1fcf9c7f
                                                                                                                                                0x7ffc1fcf9c84
                                                                                                                                                0x7ffc1fcf9c8d
                                                                                                                                                0x7ffc1fcf9c96
                                                                                                                                                0x7ffc1fcf9c9c
                                                                                                                                                0x7ffc1fcf9ca7
                                                                                                                                                0x7ffc1fcf9cac
                                                                                                                                                0x7ffc1fcf9cb1
                                                                                                                                                0x7ffc1fcf9cb5
                                                                                                                                                0x7ffc1fcf9cbd
                                                                                                                                                0x7ffc1fcf9cc3
                                                                                                                                                0x7ffc1fcf9cc7
                                                                                                                                                0x7ffc1fcf9cd7
                                                                                                                                                0x7ffc1fcf9cd9
                                                                                                                                                0x7ffc1fcf9ce2
                                                                                                                                                0x7ffc1fcf9cf2
                                                                                                                                                0x7ffc1fcf9cfc
                                                                                                                                                0x7ffc1fcf9d02
                                                                                                                                                0x7ffc1fcf9d0b
                                                                                                                                                0x7ffc1fcf9d1f
                                                                                                                                                0x7ffc1fcf9d2c
                                                                                                                                                0x7ffc1fcf9d34
                                                                                                                                                0x7ffc1fcf9d36
                                                                                                                                                0x7ffc1fcf9d3c
                                                                                                                                                0x7ffc1fcf9d3d
                                                                                                                                                0x7ffc1fcf9d42
                                                                                                                                                0x7ffc1fcf9d47
                                                                                                                                                0x7ffc1fcf9d50
                                                                                                                                                0x7ffc1fcf9d60
                                                                                                                                                0x7ffc1fcf9d65
                                                                                                                                                0x7ffc1fcf9d68
                                                                                                                                                0x7ffc1fcf9d75
                                                                                                                                                0x7ffc1fcf9d7b
                                                                                                                                                0x7ffc1fcf9d85
                                                                                                                                                0x7ffc1fcf9d8a
                                                                                                                                                0x7ffc1fcf9d96
                                                                                                                                                0x7ffc1fcf9da3
                                                                                                                                                0x7ffc1fcf9da7
                                                                                                                                                0x7ffc1fcf9dad
                                                                                                                                                0x7ffc1fcf9db9
                                                                                                                                                0x7ffc1fcf9dcd
                                                                                                                                                0x7ffc1fcf9de2
                                                                                                                                                0x7ffc1fcf9de4
                                                                                                                                                0x7ffc1fcf9dea
                                                                                                                                                0x7ffc1fcf9deb
                                                                                                                                                0x7ffc1fcf9df0
                                                                                                                                                0x7ffc1fcf9df8
                                                                                                                                                0x7ffc1fcf9e04
                                                                                                                                                0x7ffc1fcf9e09
                                                                                                                                                0x7ffc1fcf9e15
                                                                                                                                                0x7ffc1fcf9e2c
                                                                                                                                                0x7ffc1fcf9e39
                                                                                                                                                0x7ffc1fcf9e41
                                                                                                                                                0x7ffc1fcf9e43
                                                                                                                                                0x7ffc1fcf9e49
                                                                                                                                                0x7ffc1fcf9e4a
                                                                                                                                                0x7ffc1fcf9e4f
                                                                                                                                                0x7ffc1fcf9e62
                                                                                                                                                0x7ffc1fcf9e72
                                                                                                                                                0x7ffc1fcf9e78
                                                                                                                                                0x7ffc1fcf9e81
                                                                                                                                                0x7ffc1fcf9e87
                                                                                                                                                0x7ffc1fcf9e93
                                                                                                                                                0x7ffc1fcf9ea7
                                                                                                                                                0x7ffc1fcf9ebc
                                                                                                                                                0x7ffc1fcf9ebe
                                                                                                                                                0x7ffc1fcf9ec4
                                                                                                                                                0x7ffc1fcf9ec5
                                                                                                                                                0x7ffc1fcf9eca
                                                                                                                                                0x7ffc1fcf9ed2
                                                                                                                                                0x7ffc1fcf9ede
                                                                                                                                                0x7ffc1fcf9ee3
                                                                                                                                                0x7ffc1fcf9eef
                                                                                                                                                0x7ffc1fcf9f06
                                                                                                                                                0x7ffc1fcf9f1b
                                                                                                                                                0x7ffc1fcf9f1d
                                                                                                                                                0x7ffc1fcf9f23
                                                                                                                                                0x7ffc1fcf9f24
                                                                                                                                                0x7ffc1fcf9f32
                                                                                                                                                0x7ffc1fcf9f37
                                                                                                                                                0x7ffc1fcf9f43
                                                                                                                                                0x7ffc1fcf9f48
                                                                                                                                                0x7ffc1fcf9f5a
                                                                                                                                                0x7ffc1fcf9f67
                                                                                                                                                0x7ffc1fcf9f6b
                                                                                                                                                0x7ffc1fcf9f6f
                                                                                                                                                0x7ffc1fcf9f71
                                                                                                                                                0x7ffc1fcf9f77
                                                                                                                                                0x7ffc1fcf9f78
                                                                                                                                                0x7ffc1fcf9f8d
                                                                                                                                                0x7ffc1fcf9f92
                                                                                                                                                0x7ffc1fcf9f9e
                                                                                                                                                0x7ffc1fcf9fb5
                                                                                                                                                0x7ffc1fcf9fca
                                                                                                                                                0x7ffc1fcf9fcc
                                                                                                                                                0x7ffc1fcf9fd2
                                                                                                                                                0x7ffc1fcf9fd3
                                                                                                                                                0x7ffc1fcf9ff9

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00007FFC1FD0D640: __tlregdtor.LIBCMT ref: 00007FFC1FD0D690
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF9D36
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF9DE4
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF9E43
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF9EBE
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF9F1D
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF9F71
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_deleteport '{}', {:#x}, '{}'$system
                                                                                                                                                • API String ID: 333172304-3252672930
                                                                                                                                                • Opcode ID: 226080c0ce44445658238c64672bb0263095b08184b26bd6105cc1f14d8ca101
                                                                                                                                                • Instruction ID: 85cb96befd1fa697f66fe099b078220a9214b8f97999c7948899ba50a081d200
                                                                                                                                                • Opcode Fuzzy Hash: 226080c0ce44445658238c64672bb0263095b08184b26bd6105cc1f14d8ca101
                                                                                                                                                • Instruction Fuzzy Hash: 8781E462A18E9A41FE24EF69F8543BEA251FB817B0F404231D6AE06BD9DF7CD090D750
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD27570 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 185COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 30%
                                                                                                                                                			E00007FFC7FFC1FD27570(void* __edi, long long __rax, void* __rcx, long long __rdx, void* __rsi, void* __r13, void* __r14, void* __r15) {
				void* __rbx;
				void* __rdi;
				void* __rbp;
				void* _t71;
				signed int _t84;
				signed int _t86;
				intOrPtr _t90;
				intOrPtr _t116;
				int _t126;
				intOrPtr _t139;
				intOrPtr _t143;
				intOrPtr _t147;
				intOrPtr _t169;
				intOrPtr _t172;
				void* _t175;
				void* _t182;
				long long _t183;
				void* _t185;
				void* _t186;
				intOrPtr _t190;

				_t204 = __r15;
				_t202 = __r13;
				 *((long long*)(_t185 + 0x10)) = __rdx;
				_t186 = _t185 - 0x30;
				_t183 = __rdx;
				 *((long long*)(__rdx + 0x60)) = 0;
				 *((long long*)(__rdx + 0x70)) = 0;
				 *((long long*)(__rdx + 0x78)) = 0xf;
				 *((char*)(__rdx + 0x60)) = 0;
				E00007FFC7FFC1FD156A8(_t71, __rax, __rcx);
				 *((long long*)(__rdx + 0x70)) = 0x25;
				 *((long long*)(__rdx + 0x78)) = 0x2f;
				asm("movups xmm0, [0x4a8c]");
				asm("movups [eax], xmm0");
				asm("movups xmm1, [0x4a92]");
				asm("movups [eax+0x10], xmm1");
				_t90 =  *0x1fd2c068; // 0x3a6e6f69
				 *((intOrPtr*)(__rax + 0x20)) = _t90;
				 *((char*)(__rax + 0x24)) =  *0x1fd2c06c & 0x000000ff;
				 *((char*)(__rax + 0x25)) = 0;
				 *((long long*)(__rdx + 0x60)) = __rax;
				_t116 =  *((intOrPtr*)( *((intOrPtr*)(__rdx + 0x50))));
				 *((intOrPtr*)(_t116 + 8))();
				if ( *((char*)(_t116 + 0xffffffff)) != 0) goto 0x1fd27600;
				_t139 =  *((intOrPtr*)(__rdx + 0x70));
				if (0xffffffff -  *((intOrPtr*)(__rdx + 0x78)) - _t139 > 0) goto 0x1fd2764f;
				 *((long long*)(__rdx + 0x70)) = _t139 + 0xffffffff;
				_t128 =  !=  ?  *((void*)(__rdx + 0x60)) : __rdx + 0x60;
				_t129 = ( !=  ?  *((void*)(__rdx + 0x60)) : __rdx + 0x60) + _t139;
				memmove(_t175, _t182, _t126);
				 *((char*)(( !=  ?  *((void*)(__rdx + 0x60)) : __rdx + 0x60) + _t139 + 0xffffffff)) = 0;
				goto 0x1fd27663;
				 *((long long*)(_t186 + 0x20)) = 0xffffffff;
				r8d = 0;
				E00007FFC7FFC1FCF2190(__rdx + 0x60, 0xffffffff, 0, __rdx, _t116, __r13, __r15);
				_t143 =  *((intOrPtr*)(_t183 + 0x70));
				_t190 = _t143;
				if ( *((intOrPtr*)(_t183 + 0x78)) - _t143 - 0xa < 0) goto 0x1fd276b2;
				 *((long long*)(_t183 + 0x70)) = _t143 + 0xa;
				_t131 =  !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60;
				_t132 = ( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t190;
				r8d = 0xa;
				memmove(??, ??, ??);
				 *((char*)(( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t190 + 0xa)) = 0;
				goto 0x1fd276d2;
				 *((long long*)(_t186 + 0x20)) = 0xa;
				r8d = 0;
				_t34 = _t190 + 0xa; // 0xa
				E00007FFC7FFC1FCF2190(_t183 + 0x60, ", format: ", 0, _t183, ", format: ", _t202, _t204);
				if ( *((char*)( *((intOrPtr*)(_t183 + 0x40)) + 0xffffffff)) != 0) goto 0x1fd276e0;
				_t147 =  *((intOrPtr*)(_t183 + 0x70));
				if (0xffffffff -  *((intOrPtr*)(_t183 + 0x78)) - _t147 > 0) goto 0x1fd27730;
				 *((long long*)(_t183 + 0x70)) = _t147 + 0xffffffff;
				_t134 =  !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60;
				_t135 = ( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t147;
				memmove(??, ??, ??);
				 *((char*)(( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t147 + 0xffffffff)) = 0;
				goto 0x1fd27744;
				 *((long long*)(_t186 + 0x20)) = 0xffffffff;
				r8d = 0;
				E00007FFC7FFC1FCF2190(_t183 + 0x60, 0xffffffff, 0, _t183,  *((intOrPtr*)(_t183 + 0x40)), _t202, _t204);
				 *((long long*)(_t183 + 0x80)) = 0;
				 *((long long*)(_t183 + 0x90)) = 0;
				 *((long long*)(_t183 + 0x98)) = 0xf;
				 *((char*)(_t183 + 0x80)) = 0;
				asm("o16 nop [eax+eax]");
				if ( *((char*)( *((intOrPtr*)(_t183 + 0x48)) + 0xffffffff)) != 0) goto 0x1fd27780;
				E00007FFC7FFC1FCF9100(( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t147, _t183 + 0x80,  *((intOrPtr*)(_t183 + 0x48)), 0, __r14);
				_t84 = E00007FFC7FFC1FD0E5B0( *((intOrPtr*)(_t183 + 0x38)), _t34,  *((intOrPtr*)(_t183 + 0x78)) - _t147, ( !=  ?  *((void*)(_t183 + 0x60)) : _t183 + 0x60) + _t147, _t183 + 0x80, _t183 + 0x80, __rsi, _t183,  *((intOrPtr*)(_t183 + 0x30)), _t183 + 0x60);
				_t169 =  *((intOrPtr*)(_t183 + 0x98));
				if ((_t84 & 0xffffff00 | _t169 - 0x00000010 >= 0x00000000) == 0) goto 0x1fd277fb;
				if (_t169 + 1 - 0x1000 < 0) goto 0x1fd277f5;
				_t64 =  *((intOrPtr*)(_t183 + 0x80)) -  *((intOrPtr*)( *((intOrPtr*)(_t183 + 0x80)) - 8)) - 8; // -8
				if (_t64 - 0x1f > 0) goto 0x1fd277ee;
				goto 0x1fd277f5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t86 = E00007FFC7FFC1FD156E4();
				_t172 =  *((intOrPtr*)(_t183 + 0x78));
				if ((_t86 & 0xffffff00 | _t172 - 0x00000010 >= 0x00000000) == 0) goto 0x1fd27841;
				if (_t172 + 1 - 0x1000 < 0) goto 0x1fd2783b;
				_t70 =  *((intOrPtr*)(_t183 + 0x60)) -  *((intOrPtr*)( *((intOrPtr*)(_t183 + 0x60)) - 8)) - 8; // -8
				if (_t70 - 0x1f > 0) goto 0x1fd27834;
				goto 0x1fd2783b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFC7FFC1FD156E4();
			}























                                                                                                                                                0x7ffc1fd27570
                                                                                                                                                0x7ffc1fd27570
                                                                                                                                                0x7ffc1fd27570
                                                                                                                                                0x7ffc1fd27578
                                                                                                                                                0x7ffc1fd2757c
                                                                                                                                                0x7ffc1fd2757f
                                                                                                                                                0x7ffc1fd27587
                                                                                                                                                0x7ffc1fd2758f
                                                                                                                                                0x7ffc1fd27597
                                                                                                                                                0x7ffc1fd275a0
                                                                                                                                                0x7ffc1fd275a5
                                                                                                                                                0x7ffc1fd275ad
                                                                                                                                                0x7ffc1fd275b5
                                                                                                                                                0x7ffc1fd275bc
                                                                                                                                                0x7ffc1fd275bf
                                                                                                                                                0x7ffc1fd275c6
                                                                                                                                                0x7ffc1fd275ca
                                                                                                                                                0x7ffc1fd275d0
                                                                                                                                                0x7ffc1fd275da
                                                                                                                                                0x7ffc1fd275dd
                                                                                                                                                0x7ffc1fd275e1
                                                                                                                                                0x7ffc1fd275e9
                                                                                                                                                0x7ffc1fd275ec
                                                                                                                                                0x7ffc1fd27607
                                                                                                                                                0x7ffc1fd27609
                                                                                                                                                0x7ffc1fd2761d
                                                                                                                                                0x7ffc1fd27622
                                                                                                                                                0x7ffc1fd27633
                                                                                                                                                0x7ffc1fd27638
                                                                                                                                                0x7ffc1fd27644
                                                                                                                                                0x7ffc1fd27649
                                                                                                                                                0x7ffc1fd2764d
                                                                                                                                                0x7ffc1fd2764f
                                                                                                                                                0x7ffc1fd27654
                                                                                                                                                0x7ffc1fd2765e
                                                                                                                                                0x7ffc1fd27663
                                                                                                                                                0x7ffc1fd27667
                                                                                                                                                0x7ffc1fd27678
                                                                                                                                                0x7ffc1fd2767e
                                                                                                                                                0x7ffc1fd2768f
                                                                                                                                                0x7ffc1fd27694
                                                                                                                                                0x7ffc1fd27697
                                                                                                                                                0x7ffc1fd276a7
                                                                                                                                                0x7ffc1fd276ac
                                                                                                                                                0x7ffc1fd276b0
                                                                                                                                                0x7ffc1fd276b2
                                                                                                                                                0x7ffc1fd276c2
                                                                                                                                                0x7ffc1fd276c5
                                                                                                                                                0x7ffc1fd276cd
                                                                                                                                                0x7ffc1fd276e8
                                                                                                                                                0x7ffc1fd276ea
                                                                                                                                                0x7ffc1fd276fe
                                                                                                                                                0x7ffc1fd27703
                                                                                                                                                0x7ffc1fd27714
                                                                                                                                                0x7ffc1fd27719
                                                                                                                                                0x7ffc1fd27725
                                                                                                                                                0x7ffc1fd2772a
                                                                                                                                                0x7ffc1fd2772e
                                                                                                                                                0x7ffc1fd27730
                                                                                                                                                0x7ffc1fd27735
                                                                                                                                                0x7ffc1fd2773f
                                                                                                                                                0x7ffc1fd27744
                                                                                                                                                0x7ffc1fd2774f
                                                                                                                                                0x7ffc1fd2775a
                                                                                                                                                0x7ffc1fd27765
                                                                                                                                                0x7ffc1fd27777
                                                                                                                                                0x7ffc1fd27788
                                                                                                                                                0x7ffc1fd27791
                                                                                                                                                0x7ffc1fd277a9
                                                                                                                                                0x7ffc1fd277af
                                                                                                                                                0x7ffc1fd277bf
                                                                                                                                                0x7ffc1fd277d2
                                                                                                                                                0x7ffc1fd277df
                                                                                                                                                0x7ffc1fd277e7
                                                                                                                                                0x7ffc1fd277ec
                                                                                                                                                0x7ffc1fd277ee
                                                                                                                                                0x7ffc1fd277f4
                                                                                                                                                0x7ffc1fd277f5
                                                                                                                                                0x7ffc1fd277fb
                                                                                                                                                0x7ffc1fd27808
                                                                                                                                                0x7ffc1fd27818
                                                                                                                                                0x7ffc1fd27825
                                                                                                                                                0x7ffc1fd2782d
                                                                                                                                                0x7ffc1fd27832
                                                                                                                                                0x7ffc1fd27834
                                                                                                                                                0x7ffc1fd2783a
                                                                                                                                                0x7ffc1fd27852

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00007FFC1FD156A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFC1FCF8F4E), ref: 00007FFC1FD156C2
                                                                                                                                                • memmove.VCRUNTIME140 ref: 00007FFC1FD27644
                                                                                                                                                • memmove.VCRUNTIME140 ref: 00007FFC1FD276A7
                                                                                                                                                • memmove.VCRUNTIME140 ref: 00007FFC1FD27725
                                                                                                                                                  • Part of subcall function 00007FFC1FCF2190: memmove.VCRUNTIME140 ref: 00007FFC1FCF227D
                                                                                                                                                  • Part of subcall function 00007FFC1FCF2190: memmove.VCRUNTIME140 ref: 00007FFC1FCF228B
                                                                                                                                                  • Part of subcall function 00007FFC1FCF2190: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF22C4
                                                                                                                                                  • Part of subcall function 00007FFC1FCF2190: memmove.VCRUNTIME140 ref: 00007FFC1FCF22CE
                                                                                                                                                  • Part of subcall function 00007FFC1FCF2190: memmove.VCRUNTIME140 ref: 00007FFC1FCF22DC
                                                                                                                                                  • Part of subcall function 00007FFC1FCF2190: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFC1FCF2311
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD277EE
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD27834
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memmove$_invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskmalloc
                                                                                                                                                • String ID: %$, format: $/$ion:
                                                                                                                                                • API String ID: 1572157692-3554288949
                                                                                                                                                • Opcode ID: f9422c006117912b66ae421b8876039e4f2f688adc4590b29d5c8ea4f932df2a
                                                                                                                                                • Instruction ID: b0048b9fc45df3f2b2deff490b4ab696f232b16848567f458dc1fb55cca13ae0
                                                                                                                                                • Opcode Fuzzy Hash: f9422c006117912b66ae421b8876039e4f2f688adc4590b29d5c8ea4f932df2a
                                                                                                                                                • Instruction Fuzzy Hash: 5C819D62A04B9D8AEB249F38D9503F83792FB41BE8F545231EA5D07B99DF38D494C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD27250 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 182COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 31%
                                                                                                                                                			E00007FFC7FFC1FD27250(void* __edi, long long __rax, void* __rcx, long long __rdx, void* __rsi, void* __r13, void* __r14, void* __r15) {
				void* __rbx;
				void* __rdi;
				void* __rbp;
				void* _t71;
				signed int _t84;
				signed int _t86;
				intOrPtr _t90;
				intOrPtr _t116;
				int _t126;
				intOrPtr _t139;
				intOrPtr _t143;
				intOrPtr _t147;
				intOrPtr _t169;
				intOrPtr _t172;
				void* _t175;
				void* _t182;
				long long _t183;
				void* _t185;
				void* _t186;
				intOrPtr _t190;

				_t204 = __r15;
				_t202 = __r13;
				 *((long long*)(_t185 + 0x10)) = __rdx;
				_t186 = _t185 - 0x30;
				_t183 = __rdx;
				 *((long long*)(__rdx + 0x70)) = 0;
				 *((long long*)(__rdx + 0x80)) = 0;
				 *((long long*)(__rdx + 0x88)) = 0xf;
				 *((char*)(__rdx + 0x70)) = 0;
				E00007FFC7FFC1FD156A8(_t71, __rax, __rcx);
				 *((long long*)(__rdx + 0x80)) = 0x25;
				 *((long long*)(__rdx + 0x88)) = 0x2f;
				asm("movups xmm0, [0x4da0]");
				asm("movups [eax], xmm0");
				asm("movups xmm1, [0x4da6]");
				asm("movups [eax+0x10], xmm1");
				_t90 =  *0x1fd2c068; // 0x3a6e6f69
				 *((intOrPtr*)(__rax + 0x20)) = _t90;
				 *((char*)(__rax + 0x24)) =  *0x1fd2c06c & 0x000000ff;
				 *((char*)(__rax + 0x25)) = 0;
				 *((long long*)(__rdx + 0x70)) = __rax;
				_t116 =  *((intOrPtr*)( *((intOrPtr*)(__rdx + 0x60))));
				 *((intOrPtr*)(_t116 + 8))();
				if ( *((char*)(_t116 + 0xffffffff)) != 0) goto 0x1fd272e5;
				_t139 =  *((intOrPtr*)(__rdx + 0x80));
				if (0xffffffff -  *((intOrPtr*)(__rdx + 0x88)) - _t139 > 0) goto 0x1fd2733d;
				 *((long long*)(__rdx + 0x80)) = _t139 + 0xffffffff;
				_t128 =  !=  ?  *((void*)(__rdx + 0x70)) : __rdx + 0x70;
				_t129 = ( !=  ?  *((void*)(__rdx + 0x70)) : __rdx + 0x70) + _t139;
				memmove(_t175, _t182, _t126);
				 *((char*)(( !=  ?  *((void*)(__rdx + 0x70)) : __rdx + 0x70) + _t139 + 0xffffffff)) = 0;
				goto 0x1fd27351;
				 *((long long*)(_t186 + 0x20)) = 0xffffffff;
				r8d = 0;
				E00007FFC7FFC1FCF2190(__rdx + 0x70, 0xffffffff, 0, __rdx, _t116, __r13, __r15);
				_t143 =  *((intOrPtr*)(_t183 + 0x80));
				_t190 = _t143;
				if ( *((intOrPtr*)(_t183 + 0x88)) - _t143 - 0xa < 0) goto 0x1fd273a9;
				 *((long long*)(_t183 + 0x80)) = _t143 + 0xa;
				_t131 =  !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70;
				_t132 = ( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t190;
				r8d = 0xa;
				memmove(??, ??, ??);
				 *((char*)(( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t190 + 0xa)) = 0;
				goto 0x1fd273c9;
				 *((long long*)(_t186 + 0x20)) = 0xa;
				r8d = 0;
				_t34 = _t190 + 0xa; // 0xa
				E00007FFC7FFC1FCF2190(_t183 + 0x70, ", format: ", 0, _t183, ", format: ", _t202, _t204);
				if ( *((char*)( *((intOrPtr*)(_t183 + 0x50)) + 0xffffffff)) != 0) goto 0x1fd273d4;
				_t147 =  *((intOrPtr*)(_t183 + 0x80));
				if (0xffffffff -  *((intOrPtr*)(_t183 + 0x88)) - _t147 > 0) goto 0x1fd2742d;
				 *((long long*)(_t183 + 0x80)) = _t147 + 0xffffffff;
				_t134 =  !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70;
				_t135 = ( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t147;
				memmove(??, ??, ??);
				 *((char*)(( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t147 + 0xffffffff)) = 0;
				goto 0x1fd27441;
				 *((long long*)(_t186 + 0x20)) = 0xffffffff;
				r8d = 0;
				E00007FFC7FFC1FCF2190(_t183 + 0x70, 0xffffffff, 0, _t183,  *((intOrPtr*)(_t183 + 0x50)), _t202, _t204);
				 *((long long*)(_t183 + 0x90)) = 0;
				 *((long long*)(_t183 + 0xa0)) = 0;
				 *((long long*)(_t183 + 0xa8)) = 0xf;
				 *((char*)(_t183 + 0x90)) = 0;
				if ( *((char*)( *((intOrPtr*)(_t183 + 0x58)) + 0xffffffff)) != 0) goto 0x1fd27474;
				E00007FFC7FFC1FCF9100(( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t147, _t183 + 0x90,  *((intOrPtr*)(_t183 + 0x58)), 0, __r14);
				_t84 = E00007FFC7FFC1FD0E5B0( *((intOrPtr*)(_t183 + 0x38)), _t34,  *((intOrPtr*)(_t183 + 0x88)) - _t147, ( !=  ?  *((void*)(_t183 + 0x70)) : _t183 + 0x70) + _t147, _t183 + 0x90, _t183 + 0x90, __rsi, _t183,  *((intOrPtr*)(_t183 + 0x30)), _t183 + 0x70);
				_t169 =  *((intOrPtr*)(_t183 + 0xa8));
				if ((_t84 & 0xffffff00 | _t169 - 0x00000010 >= 0x00000000) == 0) goto 0x1fd274ef;
				if (_t169 + 1 - 0x1000 < 0) goto 0x1fd274e9;
				_t64 =  *((intOrPtr*)(_t183 + 0x90)) -  *((intOrPtr*)( *((intOrPtr*)(_t183 + 0x90)) - 8)) - 8; // -8
				if (_t64 - 0x1f > 0) goto 0x1fd274e2;
				goto 0x1fd274e9;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t86 = E00007FFC7FFC1FD156E4();
				_t172 =  *((intOrPtr*)(_t183 + 0x88));
				if ((_t86 & 0xffffff00 | _t172 - 0x00000010 >= 0x00000000) == 0) goto 0x1fd27538;
				if (_t172 + 1 - 0x1000 < 0) goto 0x1fd27532;
				_t70 =  *((intOrPtr*)(_t183 + 0x70)) -  *((intOrPtr*)( *((intOrPtr*)(_t183 + 0x70)) - 8)) - 8; // -8
				if (_t70 - 0x1f > 0) goto 0x1fd2752b;
				goto 0x1fd27532;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFC7FFC1FD156E4();
			}























                                                                                                                                                0x7ffc1fd27250
                                                                                                                                                0x7ffc1fd27250
                                                                                                                                                0x7ffc1fd27250
                                                                                                                                                0x7ffc1fd27258
                                                                                                                                                0x7ffc1fd2725c
                                                                                                                                                0x7ffc1fd2725f
                                                                                                                                                0x7ffc1fd27267
                                                                                                                                                0x7ffc1fd27272
                                                                                                                                                0x7ffc1fd2727d
                                                                                                                                                0x7ffc1fd27286
                                                                                                                                                0x7ffc1fd2728b
                                                                                                                                                0x7ffc1fd27296
                                                                                                                                                0x7ffc1fd272a1
                                                                                                                                                0x7ffc1fd272a8
                                                                                                                                                0x7ffc1fd272ab
                                                                                                                                                0x7ffc1fd272b2
                                                                                                                                                0x7ffc1fd272b6
                                                                                                                                                0x7ffc1fd272bc
                                                                                                                                                0x7ffc1fd272c6
                                                                                                                                                0x7ffc1fd272c9
                                                                                                                                                0x7ffc1fd272cd
                                                                                                                                                0x7ffc1fd272d5
                                                                                                                                                0x7ffc1fd272d8
                                                                                                                                                0x7ffc1fd272ec
                                                                                                                                                0x7ffc1fd272ee
                                                                                                                                                0x7ffc1fd27308
                                                                                                                                                0x7ffc1fd2730d
                                                                                                                                                0x7ffc1fd27321
                                                                                                                                                0x7ffc1fd27326
                                                                                                                                                0x7ffc1fd27332
                                                                                                                                                0x7ffc1fd27337
                                                                                                                                                0x7ffc1fd2733b
                                                                                                                                                0x7ffc1fd2733d
                                                                                                                                                0x7ffc1fd27342
                                                                                                                                                0x7ffc1fd2734c
                                                                                                                                                0x7ffc1fd27351
                                                                                                                                                0x7ffc1fd27358
                                                                                                                                                0x7ffc1fd2736c
                                                                                                                                                0x7ffc1fd27372
                                                                                                                                                0x7ffc1fd27386
                                                                                                                                                0x7ffc1fd2738b
                                                                                                                                                0x7ffc1fd2738e
                                                                                                                                                0x7ffc1fd2739e
                                                                                                                                                0x7ffc1fd273a3
                                                                                                                                                0x7ffc1fd273a7
                                                                                                                                                0x7ffc1fd273a9
                                                                                                                                                0x7ffc1fd273b9
                                                                                                                                                0x7ffc1fd273bc
                                                                                                                                                0x7ffc1fd273c4
                                                                                                                                                0x7ffc1fd273dc
                                                                                                                                                0x7ffc1fd273de
                                                                                                                                                0x7ffc1fd273f8
                                                                                                                                                0x7ffc1fd273fd
                                                                                                                                                0x7ffc1fd27411
                                                                                                                                                0x7ffc1fd27416
                                                                                                                                                0x7ffc1fd27422
                                                                                                                                                0x7ffc1fd27427
                                                                                                                                                0x7ffc1fd2742b
                                                                                                                                                0x7ffc1fd2742d
                                                                                                                                                0x7ffc1fd27432
                                                                                                                                                0x7ffc1fd2743c
                                                                                                                                                0x7ffc1fd27441
                                                                                                                                                0x7ffc1fd2744c
                                                                                                                                                0x7ffc1fd27457
                                                                                                                                                0x7ffc1fd27462
                                                                                                                                                0x7ffc1fd2747c
                                                                                                                                                0x7ffc1fd27485
                                                                                                                                                0x7ffc1fd2749d
                                                                                                                                                0x7ffc1fd274a3
                                                                                                                                                0x7ffc1fd274b3
                                                                                                                                                0x7ffc1fd274c6
                                                                                                                                                0x7ffc1fd274d3
                                                                                                                                                0x7ffc1fd274db
                                                                                                                                                0x7ffc1fd274e0
                                                                                                                                                0x7ffc1fd274e2
                                                                                                                                                0x7ffc1fd274e8
                                                                                                                                                0x7ffc1fd274e9
                                                                                                                                                0x7ffc1fd274ef
                                                                                                                                                0x7ffc1fd274ff
                                                                                                                                                0x7ffc1fd2750f
                                                                                                                                                0x7ffc1fd2751c
                                                                                                                                                0x7ffc1fd27524
                                                                                                                                                0x7ffc1fd27529
                                                                                                                                                0x7ffc1fd2752b
                                                                                                                                                0x7ffc1fd27531
                                                                                                                                                0x7ffc1fd27549

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00007FFC1FD156A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFC1FCF8F4E), ref: 00007FFC1FD156C2
                                                                                                                                                • memmove.VCRUNTIME140 ref: 00007FFC1FD27332
                                                                                                                                                • memmove.VCRUNTIME140 ref: 00007FFC1FD2739E
                                                                                                                                                • memmove.VCRUNTIME140 ref: 00007FFC1FD27422
                                                                                                                                                  • Part of subcall function 00007FFC1FCF2190: memmove.VCRUNTIME140 ref: 00007FFC1FCF227D
                                                                                                                                                  • Part of subcall function 00007FFC1FCF2190: memmove.VCRUNTIME140 ref: 00007FFC1FCF228B
                                                                                                                                                  • Part of subcall function 00007FFC1FCF2190: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF22C4
                                                                                                                                                  • Part of subcall function 00007FFC1FCF2190: memmove.VCRUNTIME140 ref: 00007FFC1FCF22CE
                                                                                                                                                  • Part of subcall function 00007FFC1FCF2190: memmove.VCRUNTIME140 ref: 00007FFC1FCF22DC
                                                                                                                                                  • Part of subcall function 00007FFC1FCF2190: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFC1FCF2311
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD274E2
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD2752B
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memmove$_invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskmalloc
                                                                                                                                                • String ID: %$, format: $/$ion:
                                                                                                                                                • API String ID: 1572157692-3554288949
                                                                                                                                                • Opcode ID: 763d07738140166eff9c1aed5f98bd74a712ff67e2f7351cbc280aecc1cd13e1
                                                                                                                                                • Instruction ID: bbceba179883bb9172549e21bee16cd722654d1be6643fc05905c90961b6a3a4
                                                                                                                                                • Opcode Fuzzy Hash: 763d07738140166eff9c1aed5f98bd74a712ff67e2f7351cbc280aecc1cd13e1
                                                                                                                                                • Instruction Fuzzy Hash: 5B81AE62A04ADD89EB24AF34E8403FD2791FB417E8F545231DA9D0BA99DF38D158C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD25FA0 Relevance: 15.1, APIs: 10, Instructions: 139COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Event$CloseHandle$Create$ObjectOpenResetSingleWait
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3951656645-0
                                                                                                                                                • Opcode ID: e70b6efb45fd57b730ffd615a8e7d69745b853a7db37e14f4ef59c49c9d22bbf
                                                                                                                                                • Instruction ID: 83cee4abbc9d951e47b34aefd9de90094fe5214828e7703d9444fe603d719310
                                                                                                                                                • Opcode Fuzzy Hash: e70b6efb45fd57b730ffd615a8e7d69745b853a7db37e14f4ef59c49c9d22bbf
                                                                                                                                                • Instruction Fuzzy Hash: B651907260CB9D86EB55AF14E14033AB7A1EB85BF0F540231EA9D07A98CF2DE454CBD0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD24540 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 297COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 57%
                                                                                                                                                			E00007FFC7FFC1FD24540(signed long long __rbx, long long __rcx, void* __r8) {
				void* _t112;
				intOrPtr* _t129;
				long long _t140;
				long long _t141;
				signed long long _t152;
				intOrPtr* _t159;
				intOrPtr* _t161;
				intOrPtr* _t164;
				intOrPtr* _t170;
				intOrPtr* _t174;
				void* _t178;
				void* _t181;
				void* _t183;
				void* _t184;
				void* _t186;
				void* _t187;
				signed long long _t190;
				void* _t192;
				void* _t195;
				void* _t198;

				 *((long long*)(_t186 + 0x20)) = __rbx;
				 *((long long*)(_t186 + 8)) = __rcx;
				_t184 = _t186 - 0x27;
				_t187 = _t186 - 0xe0;
				r12d = 0;
				 *((intOrPtr*)(_t187 + 0x20)) = r12d;
				 *(_t184 - 0x11) = _t190;
				asm("xorps xmm0, xmm0");
				asm("movdqa [ebp-0x9], xmm0");
				 *((intOrPtr*)(_t184 + 7)) = 0xffffffff;
				asm("movups [ebp+0x17], xmm0");
				 *((long long*)(_t184 + 0x17)) = "bad allocation";
				 *((long long*)(_t184 - 0x19)) = 0x1fd2eec0;
				 *((long long*)(_t184 + 0xf)) = 0x1fd2eed0;
				 *((long long*)(_t184 - 0x49)) = 0x1fd2ece0;
				 *((long long*)(_t184 - 0x39)) = 0x1fd2ceb8;
				 *((intOrPtr*)(_t187 + 0x20)) = 2;
				 *((long long*)(_t187 + 0x30)) = 0x1fd2cea8;
				 *(_t187 + 0x38) = _t190;
				 *((long long*)(_t184 - 0x79)) =  *((intOrPtr*)(_t184 - 9));
				 *((long long*)(_t184 - 0x71)) =  *((intOrPtr*)(_t184 - 1));
				 *((intOrPtr*)(_t184 - 0x69)) = 0xffffffff;
				 *((long long*)(_t184 - 0x61)) = 0x1fd2b9e8;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp-0x59], xmm0");
				0x1fd270e3(_t198, _t195, _t192, _t190, _t178, _t181, _t183);
				 *((long long*)(_t187 + 0x30)) = 0x1fd2eca0;
				 *((long long*)(_t184 - 0x61)) = 0x1fd2ecb0;
				 *((long long*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x49)) = 0x1fd2ecc8;
				 *((intOrPtr*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x4d)) =  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x10;
				 *(_t184 + 0x6f) = __rbx;
				_t159 =  *(_t184 - 0x11);
				if (_t159 == 0) goto 0x1fd24691;
				_t129 =  *_t159;
				 *((intOrPtr*)(_t129 + 0x28))();
				_t152 =  *_t129;
				 *(_t184 + 0x6f) = _t152;
				if (_t152 == 0) goto 0x1fd24674;
				 *((intOrPtr*)( *_t152 + 0x18))();
				_t161 =  *((intOrPtr*)(_t184 + 0x67));
				if (_t161 == 0) goto 0x1fd24691;
				 *((intOrPtr*)( *_t161 + 0x20))();
				_t163 =  !=  ? _t190 :  *((intOrPtr*)(_t184 + 0x67));
				 *((long long*)(_t184 + 0x67)) =  !=  ? _t190 :  *((intOrPtr*)(_t184 + 0x67));
				 *((long long*)(_t184 - 0x71)) =  *((intOrPtr*)(_t184 - 1));
				 *((intOrPtr*)(_t184 - 0x69)) =  *((intOrPtr*)(_t184 + 7));
				 *((long long*)(_t184 - 0x79)) =  *((intOrPtr*)(_t184 - 9));
				_t164 =  *(_t187 + 0x38);
				if (_t164 == 0) goto 0x1fd246b7;
				 *((intOrPtr*)( *_t164 + 0x20))();
				 *(_t187 + 0x38) = _t152;
				if (_t152 == 0) goto 0x1fd246cb;
				 *((intOrPtr*)( *_t152 + 0x18))();
				if (_t152 == 0) goto 0x1fd246da;
				 *((intOrPtr*)( *_t152 + 0x20))();
				 *((long long*)(_t184 - 0x79)) = "class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void)";
				 *((long long*)(_t184 - 0x71)) = ".\\boost/exception/detail/exception_ptr.hpp";
				 *((intOrPtr*)(_t184 - 0x69)) = 0x87;
				r8d = 0x44;
				r15d = 1;
				_t112 =  *0x1fd42440 -  *((intOrPtr*)(__r8 +  *((intOrPtr*)( *[gs:0x58] + _t152 * 8)))); // 0x80000001
				if (_t112 > 0) goto 0x1fd24833;
				_t140 =  *0x1fd42430; // 0x683560
				 *((long long*)(__rcx)) = _t140;
				_t141 =  *0x1fd42438; // 0x6a6cf0
				 *((long long*)(__rcx + 8)) = _t141;
				if (_t141 == 0) goto 0x1fd24746;
				asm("lock inc esp");
				 *((long long*)(_t187 + 0x30)) = 0x1fd2eca0;
				 *((long long*)(_t184 - 0x61)) = 0x1fd2ecb0;
				 *((long long*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x49)) = 0x1fd2ecc8;
				 *((intOrPtr*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x4d)) =  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x10;
				 *((long long*)(_t187 + 0x30)) = 0x1fd2eec0;
				 *((long long*)(_t184 - 0x61)) = 0x1fd2b9e8;
				0x1fd270e9();
				 *((long long*)(_t187 + 0x30)) = 0x1fd2cea8;
				_t170 =  *(_t187 + 0x38);
				if (_t170 == 0) goto 0x1fd247bf;
				 *((intOrPtr*)( *_t170 + 0x20))();
				_t172 =  !=  ? _t190 :  *(_t187 + 0x38);
				 *(_t187 + 0x38) =  !=  ? _t190 :  *(_t187 + 0x38);
				 *((long long*)(_t184 - 0x39)) = 0x1fd2ceb8;
				 *((long long*)(_t184 - 0x19)) = 0x1fd2eec0;
				 *((long long*)(_t184 + 0xf)) = 0x1fd2b9e8;
				0x1fd270e9();
				 *((long long*)(_t184 - 0x19)) = 0x1fd2cea8;
				_t174 =  *(_t184 - 0x11);
				if (_t174 == 0) goto 0x1fd247f0;
				return  *((intOrPtr*)( *_t174 + 0x20))();
			}























                                                                                                                                                0x7ffc1fd24540
                                                                                                                                                0x7ffc1fd24545
                                                                                                                                                0x7ffc1fd24555
                                                                                                                                                0x7ffc1fd2455a
                                                                                                                                                0x7ffc1fd24564
                                                                                                                                                0x7ffc1fd24567
                                                                                                                                                0x7ffc1fd2456c
                                                                                                                                                0x7ffc1fd24570
                                                                                                                                                0x7ffc1fd24573
                                                                                                                                                0x7ffc1fd2457f
                                                                                                                                                0x7ffc1fd24582
                                                                                                                                                0x7ffc1fd2458d
                                                                                                                                                0x7ffc1fd24598
                                                                                                                                                0x7ffc1fd245a3
                                                                                                                                                0x7ffc1fd245ae
                                                                                                                                                0x7ffc1fd245b9
                                                                                                                                                0x7ffc1fd245bd
                                                                                                                                                0x7ffc1fd245cc
                                                                                                                                                0x7ffc1fd245d1
                                                                                                                                                0x7ffc1fd245da
                                                                                                                                                0x7ffc1fd245e2
                                                                                                                                                0x7ffc1fd245e6
                                                                                                                                                0x7ffc1fd245f0
                                                                                                                                                0x7ffc1fd245f4
                                                                                                                                                0x7ffc1fd245f7
                                                                                                                                                0x7ffc1fd24603
                                                                                                                                                0x7ffc1fd24610
                                                                                                                                                0x7ffc1fd2461c
                                                                                                                                                0x7ffc1fd2462f
                                                                                                                                                0x7ffc1fd2463f
                                                                                                                                                0x7ffc1fd24646
                                                                                                                                                0x7ffc1fd2464a
                                                                                                                                                0x7ffc1fd24651
                                                                                                                                                0x7ffc1fd24653
                                                                                                                                                0x7ffc1fd2465a
                                                                                                                                                0x7ffc1fd2465e
                                                                                                                                                0x7ffc1fd24661
                                                                                                                                                0x7ffc1fd24668
                                                                                                                                                0x7ffc1fd24670
                                                                                                                                                0x7ffc1fd24674
                                                                                                                                                0x7ffc1fd2467b
                                                                                                                                                0x7ffc1fd24680
                                                                                                                                                0x7ffc1fd24689
                                                                                                                                                0x7ffc1fd2468d
                                                                                                                                                0x7ffc1fd24695
                                                                                                                                                0x7ffc1fd2469c
                                                                                                                                                0x7ffc1fd246a3
                                                                                                                                                0x7ffc1fd246a7
                                                                                                                                                0x7ffc1fd246af
                                                                                                                                                0x7ffc1fd246b4
                                                                                                                                                0x7ffc1fd246b7
                                                                                                                                                0x7ffc1fd246bf
                                                                                                                                                0x7ffc1fd246c7
                                                                                                                                                0x7ffc1fd246ce
                                                                                                                                                0x7ffc1fd246d6
                                                                                                                                                0x7ffc1fd246e1
                                                                                                                                                0x7ffc1fd246ec
                                                                                                                                                0x7ffc1fd246f0
                                                                                                                                                0x7ffc1fd24706
                                                                                                                                                0x7ffc1fd24710
                                                                                                                                                0x7ffc1fd2471a
                                                                                                                                                0x7ffc1fd24720
                                                                                                                                                0x7ffc1fd24726
                                                                                                                                                0x7ffc1fd2472d
                                                                                                                                                0x7ffc1fd24730
                                                                                                                                                0x7ffc1fd24737
                                                                                                                                                0x7ffc1fd2473e
                                                                                                                                                0x7ffc1fd24740
                                                                                                                                                0x7ffc1fd2474d
                                                                                                                                                0x7ffc1fd24759
                                                                                                                                                0x7ffc1fd2476c
                                                                                                                                                0x7ffc1fd2477c
                                                                                                                                                0x7ffc1fd24780
                                                                                                                                                0x7ffc1fd2478c
                                                                                                                                                0x7ffc1fd24794
                                                                                                                                                0x7ffc1fd2479a
                                                                                                                                                0x7ffc1fd2479f
                                                                                                                                                0x7ffc1fd247a7
                                                                                                                                                0x7ffc1fd247ac
                                                                                                                                                0x7ffc1fd247b6
                                                                                                                                                0x7ffc1fd247ba
                                                                                                                                                0x7ffc1fd247c6
                                                                                                                                                0x7ffc1fd247ca
                                                                                                                                                0x7ffc1fd247ce
                                                                                                                                                0x7ffc1fd247d6
                                                                                                                                                0x7ffc1fd247dc
                                                                                                                                                0x7ffc1fd247e0
                                                                                                                                                0x7ffc1fd247e7
                                                                                                                                                0x7ffc1fd2480d

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: __std_exception_copy__std_exception_destroy
                                                                                                                                                • String ID: .\boost/exception/detail/exception_ptr.hpp$`5h$bad allocation$class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void)
                                                                                                                                                • API String ID: 2960854011-574472297
                                                                                                                                                • Opcode ID: 9f006b87f9c85754f6f5151a0656ba859143af9fab131fd4f0b3de3cf9a14c30
                                                                                                                                                • Instruction ID: 435994eb1f4a6c3bb836624aa98cd3ab376c755342a1236471c8f52a27c02ba3
                                                                                                                                                • Opcode Fuzzy Hash: 9f006b87f9c85754f6f5151a0656ba859143af9fab131fd4f0b3de3cf9a14c30
                                                                                                                                                • Instruction Fuzzy Hash: 51E11636B09F598AEB14DF64E4802AC33B4FB49B68B048536DE4D53B68EF38D564C790
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD1AAD0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 218COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 29%
                                                                                                                                                			E00007FFC7FFC1FD1AAD0(long long __rbx, long long* __rcx, void* __rdx, long long __rsi) {
				void* _t21;
				void* _t22;
				void* _t26;
				long long _t44;
				long long _t50;
				unsigned long long _t57;
				signed long long _t66;
				int _t71;
				long long* _t72;
				long long _t79;
				unsigned long long _t80;
				void* _t82;
				void* _t86;
				intOrPtr _t87;
				void* _t89;
				signed long long _t90;

				 *((long long*)(_t82 + 8)) = __rbx;
				 *((long long*)(_t82 + 0x10)) = _t79;
				 *((long long*)(_t82 + 0x18)) = __rsi;
				_t72 = __rcx;
				_t87 =  *((intOrPtr*)(__rcx + 0x10));
				if (0xffffffff - _t87 - __rdx < 0) goto 0x1fd1ac11;
				_t90 = _t87 + __rdx;
				_t80 =  *((intOrPtr*)(__rcx + 0x18));
				_t66 = _t90 | 0x0000000f;
				if (_t66 - 0xffffffff > 0) goto 0x1fd1ab56;
				_t57 = _t80 >> 1;
				if (_t80 - 0xffffffff - _t57 > 0) goto 0x1fd1ab56;
				_t50 =  <  ? _t57 + _t80 : _t66;
				_t44 = _t50 + 1;
				if (_t44 - 0x1000 < 0) goto 0x1fd1ab7f;
				if (_t44 + 0x27 - _t44 <= 0) goto 0x1fd1ac17;
				goto 0x1fd1ab60;
				_t22 = E00007FFC7FFC1FD156A8(_t21, _t44, 0x27);
				if (_t44 == 0) goto 0x1fd1ab78;
				_t10 = _t44 + 0x27; // 0x27
				 *((long long*)((_t10 & 0xffffffe0) - 8)) = _t44;
				goto 0x1fd1ab93;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				if (_t44 == 0) goto 0x1fd1ab91;
				E00007FFC7FFC1FD156A8(_t22, _t44, _t44);
				goto 0x1fd1ab93;
				 *(_t72 + 0x10) = _t90;
				 *((long long*)(_t72 + 0x18)) = _t50;
				if (_t80 - 0x10 < 0) goto 0x1fd1abea;
				memmove(_t89, _t86, _t71);
				_t15 = _t80 + 1; // 0x7ffc1fd1aee2
				if (_t15 - 0x1000 < 0) goto 0x1fd1abd8;
				_t17 =  *_t72 -  *((intOrPtr*)( *_t72 - 8)) - 8; // 0x7ffffffffffffff7
				if (_t17 - 0x1f > 0) goto 0x1fd1abe3;
				E00007FFC7FFC1FD156E4();
				goto 0x1fd1abf2;
				__imp___invalid_parameter_noinfo_noreturn();
				_t26 = memmove(??, ??, ??);
				 *_t72 = _t44;
				return _t26;
			}



















                                                                                                                                                0x7ffc1fd1aad0
                                                                                                                                                0x7ffc1fd1aad5
                                                                                                                                                0x7ffc1fd1aada
                                                                                                                                                0x7ffc1fd1aae8
                                                                                                                                                0x7ffc1fd1aaeb
                                                                                                                                                0x7ffc1fd1ab02
                                                                                                                                                0x7ffc1fd1ab08
                                                                                                                                                0x7ffc1fd1ab0c
                                                                                                                                                0x7ffc1fd1ab13
                                                                                                                                                0x7ffc1fd1ab1a
                                                                                                                                                0x7ffc1fd1ab1f
                                                                                                                                                0x7ffc1fd1ab2b
                                                                                                                                                0x7ffc1fd1ab37
                                                                                                                                                0x7ffc1fd1ab3b
                                                                                                                                                0x7ffc1fd1ab45
                                                                                                                                                0x7ffc1fd1ab4e
                                                                                                                                                0x7ffc1fd1ab54
                                                                                                                                                0x7ffc1fd1ab60
                                                                                                                                                0x7ffc1fd1ab68
                                                                                                                                                0x7ffc1fd1ab6a
                                                                                                                                                0x7ffc1fd1ab72
                                                                                                                                                0x7ffc1fd1ab76
                                                                                                                                                0x7ffc1fd1ab78
                                                                                                                                                0x7ffc1fd1ab7e
                                                                                                                                                0x7ffc1fd1ab82
                                                                                                                                                0x7ffc1fd1ab87
                                                                                                                                                0x7ffc1fd1ab8f
                                                                                                                                                0x7ffc1fd1ab93
                                                                                                                                                0x7ffc1fd1ab97
                                                                                                                                                0x7ffc1fd1aba6
                                                                                                                                                0x7ffc1fd1abae
                                                                                                                                                0x7ffc1fd1abb3
                                                                                                                                                0x7ffc1fd1abbe
                                                                                                                                                0x7ffc1fd1abcb
                                                                                                                                                0x7ffc1fd1abd3
                                                                                                                                                0x7ffc1fd1abdb
                                                                                                                                                0x7ffc1fd1abe1
                                                                                                                                                0x7ffc1fd1abe3
                                                                                                                                                0x7ffc1fd1abed
                                                                                                                                                0x7ffc1fd1abf2
                                                                                                                                                0x7ffc1fd1ac10

                                                                                                                                                APIs
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFC1FD1AD8C), ref: 00007FFC1FD1AB78
                                                                                                                                                • memmove.VCRUNTIME140(?,?,00007FFC1FD1AD8C), ref: 00007FFC1FD1ABAE
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00007FFC1FD1AD8C), ref: 00007FFC1FD1ABE3
                                                                                                                                                • memmove.VCRUNTIME140(?,?,00007FFC1FD1AD8C), ref: 00007FFC1FD1ABED
                                                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFC1FD1AC17
                                                                                                                                                • ?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z.MSVCP140 ref: 00007FFC1FD1ACCE
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturnmemmove$?out@?$codecvt@_Concurrency::cancel_current_taskMbstatet@@Mbstatet@@@std@@
                                                                                                                                                • String ID: Could not convert character encoding$libs\log\src\code_conversion.cpp
                                                                                                                                                • API String ID: 3477520665-1764552477
                                                                                                                                                • Opcode ID: d4c76cade3ef9cea3b522cf51c1e2f0f329956eac3a2e36d547df32bdf9192e5
                                                                                                                                                • Instruction ID: 8e422635c95bcf3261747d416790b9f15e4b4b948f45bbbd6704d7dadfc303ce
                                                                                                                                                • Opcode Fuzzy Hash: d4c76cade3ef9cea3b522cf51c1e2f0f329956eac3a2e36d547df32bdf9192e5
                                                                                                                                                • Instruction Fuzzy Hash: 4481D262B0CFAD84EA18AF55E5002B963A5FB4ABE4F540531EE5C07B84DF7CE161C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCFFB10 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 201COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 17%
                                                                                                                                                			E00007FFC7FFC1FCFFB10(void* __eflags, long long __rcx, intOrPtr* __rdx) {
				void* __rbx;
				void* __rbp;
				void* _t80;
				void* _t83;
				signed long long _t114;
				long long _t134;
				signed long long _t163;
				signed long long _t166;
				signed long long _t169;
				intOrPtr _t172;
				signed long long _t178;
				intOrPtr _t181;
				void* _t184;
				void* _t185;
				void* _t186;

				_t185 = _t186 - 0x47;
				_t114 =  *0x1fd3ec78; // 0x18cf064c5a8d
				 *(_t185 + 0x3f) = _t114 ^ _t186 - 0x000000b0;
				_t134 = __rcx;
				 *((intOrPtr*)(_t185 - 0x49)) = r8d;
				r8d = r8d - 1;
				if (__eflags == 0) goto 0x1fcffced;
				if (r8d != 1) goto 0x1fcffdc3;
				E00007FFC7FFC1FCFD4C0(_t114 ^ _t186 - 0x000000b0, __rcx, _t185 - 0x21,  *__rdx, _t184);
				_t158 =  >=  ?  *((void*)(_t185 - 0x21)) : _t185 - 0x21;
				E00007FFC7FFC1FD03FF0(_t80, _t134, _t185 - 0x41,  >=  ?  *((void*)(_t185 - 0x21)) : _t185 - 0x21, _t184, _t185);
				if ( *((long long*)(_t134 + 0x38)) - 0x10 < 0) goto 0x1fcffb7c;
				E00007FFC7FFC1FD03FF0(_t80, _t134, _t185 + 0x1f,  *((intOrPtr*)(_t134 + 0x20)), _t184, _t185);
				if ( *((long long*)(_t134 + 0x58)) - 0x10 < 0) goto 0x1fcffb94;
				E00007FFC7FFC1FD03FF0(_t80, _t134, _t185 - 1,  *((intOrPtr*)(_t134 + 0x40)), _t184, _t185);
				_t163 =  *((intOrPtr*)(_t185 + 0x17));
				if (_t163 - 8 < 0) goto 0x1fcffbf0;
				if (2 + _t163 * 2 - 0x1000 < 0) goto 0x1fcffbeb;
				if ( *((intOrPtr*)(_t185 - 1)) -  *((intOrPtr*)( *((intOrPtr*)(_t185 - 1)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcffbeb;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				 *((long long*)(_t185 + 0xf)) = _t134;
				 *((long long*)(_t185 + 0x17)) = 7;
				 *((short*)(_t185 - 1)) = 0;
				_t166 =  *((intOrPtr*)(_t185 + 0x37));
				if (_t166 - 8 < 0) goto 0x1fcffc45;
				if (2 + _t166 * 2 - 0x1000 < 0) goto 0x1fcffc40;
				if ( *((intOrPtr*)(_t185 + 0x1f)) -  *((intOrPtr*)( *((intOrPtr*)(_t185 + 0x1f)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcffc40;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				 *((long long*)(_t185 + 0x2f)) = _t134;
				 *((long long*)(_t185 + 0x37)) = 7;
				 *((short*)(_t185 + 0x1f)) = 0;
				_t169 =  *((intOrPtr*)(_t185 - 0x29));
				if (_t169 - 8 < 0) goto 0x1fcffc98;
				if (2 + _t169 * 2 - 0x1000 < 0) goto 0x1fcffc93;
				if ( *((intOrPtr*)(_t185 - 0x41)) -  *((intOrPtr*)( *((intOrPtr*)(_t185 - 0x41)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcffc93;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				 *((long long*)(_t185 - 0x31)) = _t134;
				 *((long long*)(_t185 - 0x29)) = 7;
				 *((short*)(_t185 - 0x41)) = 0;
				_t172 =  *((intOrPtr*)(_t185 - 9));
				if (_t172 - 0x10 < 0) goto 0x1fcffdaa;
				_t146 =  *((intOrPtr*)(_t185 - 0x21));
				if (_t172 + 1 - 0x1000 < 0) goto 0x1fcffda5;
				if ( *((intOrPtr*)(_t185 - 0x21)) -  *((intOrPtr*)(_t146 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcffda5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FCFD4C0( *((intOrPtr*)(_t185 - 0x21)) -  *((intOrPtr*)(_t146 - 8)) + 0xfffffff8, _t134,  *((intOrPtr*)(_t146 - 8)),  *((intOrPtr*)(_t172 + 0x28)), _t184);
				_t177 =  >=  ?  *((void*)(_t185 - 0x21)) : _t185 - 0x21;
				E00007FFC7FFC1FD03FF0(0, _t134, _t185 - 0x41,  >=  ?  *((void*)(_t185 - 0x21)) : _t185 - 0x21, _t184, _t185);
				_t178 =  *((intOrPtr*)(_t185 - 0x29));
				if (_t178 - 8 < 0) goto 0x1fcffd5a;
				if (2 + _t178 * 2 - 0x1000 < 0) goto 0x1fcffd55;
				if ( *((intOrPtr*)(_t185 - 0x41)) -  *((intOrPtr*)( *((intOrPtr*)(_t185 - 0x41)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcffd55;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				 *((long long*)(_t185 - 0x31)) = _t134;
				 *((long long*)(_t185 - 0x29)) = 7;
				 *((short*)(_t185 - 0x41)) = 0;
				_t181 =  *((intOrPtr*)(_t185 - 9));
				if (_t181 - 0x10 < 0) goto 0x1fcffdaa;
				if (_t181 + 1 - 0x1000 < 0) goto 0x1fcffda5;
				if ( *((intOrPtr*)(_t185 - 0x21)) -  *((intOrPtr*)( *((intOrPtr*)(_t185 - 0x21)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcffda5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				return E00007FFC7FFC1FD15E20(0xa + ( *((intOrPtr*)(_t185 - 0x21)) -  *((intOrPtr*)(_t146 - 8)) + 0xfffffff8) * 2, _t83,  *(_t185 + 0x3f) ^ _t186 - 0x000000b0);
			}


















                                                                                                                                                0x7ffc1fcffb14
                                                                                                                                                0x7ffc1fcffb20
                                                                                                                                                0x7ffc1fcffb2a
                                                                                                                                                0x7ffc1fcffb2e
                                                                                                                                                0x7ffc1fcffb31
                                                                                                                                                0x7ffc1fcffb35
                                                                                                                                                0x7ffc1fcffb3d
                                                                                                                                                0x7ffc1fcffb47
                                                                                                                                                0x7ffc1fcffb50
                                                                                                                                                0x7ffc1fcffb5f
                                                                                                                                                0x7ffc1fcffb68
                                                                                                                                                0x7ffc1fcffb77
                                                                                                                                                0x7ffc1fcffb80
                                                                                                                                                0x7ffc1fcffb8f
                                                                                                                                                0x7ffc1fcffb98
                                                                                                                                                0x7ffc1fcffbad
                                                                                                                                                0x7ffc1fcffbb5
                                                                                                                                                0x7ffc1fcffbcd
                                                                                                                                                0x7ffc1fcffbe2
                                                                                                                                                0x7ffc1fcffbe4
                                                                                                                                                0x7ffc1fcffbea
                                                                                                                                                0x7ffc1fcffbeb
                                                                                                                                                0x7ffc1fcffbf2
                                                                                                                                                0x7ffc1fcffbf6
                                                                                                                                                0x7ffc1fcffbfe
                                                                                                                                                0x7ffc1fcffc02
                                                                                                                                                0x7ffc1fcffc0a
                                                                                                                                                0x7ffc1fcffc22
                                                                                                                                                0x7ffc1fcffc37
                                                                                                                                                0x7ffc1fcffc39
                                                                                                                                                0x7ffc1fcffc3f
                                                                                                                                                0x7ffc1fcffc40
                                                                                                                                                0x7ffc1fcffc45
                                                                                                                                                0x7ffc1fcffc49
                                                                                                                                                0x7ffc1fcffc51
                                                                                                                                                0x7ffc1fcffc55
                                                                                                                                                0x7ffc1fcffc5d
                                                                                                                                                0x7ffc1fcffc75
                                                                                                                                                0x7ffc1fcffc8a
                                                                                                                                                0x7ffc1fcffc8c
                                                                                                                                                0x7ffc1fcffc92
                                                                                                                                                0x7ffc1fcffc93
                                                                                                                                                0x7ffc1fcffc98
                                                                                                                                                0x7ffc1fcffc9c
                                                                                                                                                0x7ffc1fcffca4
                                                                                                                                                0x7ffc1fcffca8
                                                                                                                                                0x7ffc1fcffcb0
                                                                                                                                                0x7ffc1fcffcb9
                                                                                                                                                0x7ffc1fcffcc7
                                                                                                                                                0x7ffc1fcffce0
                                                                                                                                                0x7ffc1fcffce6
                                                                                                                                                0x7ffc1fcffcec
                                                                                                                                                0x7ffc1fcffcf0
                                                                                                                                                0x7ffc1fcffcff
                                                                                                                                                0x7ffc1fcffd08
                                                                                                                                                0x7ffc1fcffd17
                                                                                                                                                0x7ffc1fcffd1f
                                                                                                                                                0x7ffc1fcffd37
                                                                                                                                                0x7ffc1fcffd4c
                                                                                                                                                0x7ffc1fcffd4e
                                                                                                                                                0x7ffc1fcffd54
                                                                                                                                                0x7ffc1fcffd55
                                                                                                                                                0x7ffc1fcffd5c
                                                                                                                                                0x7ffc1fcffd60
                                                                                                                                                0x7ffc1fcffd68
                                                                                                                                                0x7ffc1fcffd6c
                                                                                                                                                0x7ffc1fcffd74
                                                                                                                                                0x7ffc1fcffd87
                                                                                                                                                0x7ffc1fcffd9c
                                                                                                                                                0x7ffc1fcffd9e
                                                                                                                                                0x7ffc1fcffda4
                                                                                                                                                0x7ffc1fcffda5
                                                                                                                                                0x7ffc1fcffdc2

                                                                                                                                                APIs
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFFBE4
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFFC39
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFFC8C
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFFCE6
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFFD4E
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFFD9E
                                                                                                                                                • _CxxThrowException.VCRUNTIME140 ref: 00007FFC1FCFFDEB
                                                                                                                                                  • Part of subcall function 00007FFC1FD03FF0: MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FFC1FD03B6C), ref: 00007FFC1FD0404F
                                                                                                                                                  • Part of subcall function 00007FFC1FD03FF0: memset.VCRUNTIME140(?,?,?,?,00000000,?,?,?,00000000,00007FFC1FD03B6C), ref: 00007FFC1FD040AC
                                                                                                                                                  • Part of subcall function 00007FFC1FD03FF0: MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FFC1FD03B6C), ref: 00007FFC1FD040EA
                                                                                                                                                  • Part of subcall function 00007FFC1FD03FF0: MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FFC1FD03B6C), ref: 00007FFC1FD04117
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$ByteCharMultiWide$ExceptionThrowmemset
                                                                                                                                                • String ID: port level {} is invalid
                                                                                                                                                • API String ID: 2707084545-1214850675
                                                                                                                                                • Opcode ID: 4a0a4fa043a0ed611f0e9e4ce8093e1eb79f0e2ea7fa222c73836a595fab8e3b
                                                                                                                                                • Instruction ID: 50e6aaa0feac71d45cf023914413dce44f91c49b36f1220d5cfdeb651e342a2e
                                                                                                                                                • Opcode Fuzzy Hash: 4a0a4fa043a0ed611f0e9e4ce8093e1eb79f0e2ea7fa222c73836a595fab8e3b
                                                                                                                                                • Instruction Fuzzy Hash: 4081B3A2F14E1A89FF14DFA8E4943AC2322EB447B8F405231DA2C466D9DE78E456C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD04690 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 134COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(-00000068,?,?,[uninitialized],?,00007FFC1FD16ADE), ref: 00007FFC1FD0472B
                                                                                                                                                • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(-00000068,?,?,[uninitialized],?,00007FFC1FD16ADE), ref: 00007FFC1FD04786
                                                                                                                                                • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140(-00000068,?,?,[uninitialized],?,00007FFC1FD16ADE), ref: 00007FFC1FD047A8
                                                                                                                                                • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FFC1FD047C9
                                                                                                                                                • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140(-00000068,?,?,[uninitialized],?,00007FFC1FD16ADE), ref: 00007FFC1FD04811
                                                                                                                                                • ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FFC1FD04818
                                                                                                                                                • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FFC1FD04824
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
                                                                                                                                                • String ID: [uninitialized]
                                                                                                                                                • API String ID: 1492985063-2099769388
                                                                                                                                                • Opcode ID: 289b43a0fd393f7efa8b98694c0fc63bfc4486ac80d57e856cfae009353a8c5f
                                                                                                                                                • Instruction ID: 7dc1a1a145ba43f8d64f4524a3c66ff8050944422977732ebbd8001cb5e6cf07
                                                                                                                                                • Opcode Fuzzy Hash: 289b43a0fd393f7efa8b98694c0fc63bfc4486ac80d57e856cfae009353a8c5f
                                                                                                                                                • Instruction Fuzzy Hash: 0C51A366608E59C1EB249F1AE580639B7A0FB86FA5F148231CF5E037A0CF3DD852C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD1B790 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 88COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FFC1FD1B7DF
                                                                                                                                                • ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FFC1FD1B7FE
                                                                                                                                                • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FFC1FD1B832
                                                                                                                                                  • Part of subcall function 00007FFC1FD16A70: AcquireSRWLockShared.KERNEL32 ref: 00007FFC1FD16A94
                                                                                                                                                  • Part of subcall function 00007FFC1FD16A70: ReleaseSRWLockShared.KERNEL32 ref: 00007FFC1FD16AB9
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: U?$char_traits@$D@std@@@std@@$LockShared$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@AcquireD@std@@@1@_ReleaseV?$basic_streambuf@
                                                                                                                                                • String ID: $libs\log\src\thread_specific.cpp
                                                                                                                                                • API String ID: 804302166-328183245
                                                                                                                                                • Opcode ID: 9c29405b958e3b2f102dbcfcfde52ea5884bc4c20c3659383fd20e43f049d681
                                                                                                                                                • Instruction ID: c91ee2e21f96cb5a52d89f0615bc138ec2f451a95b2a369dd1622d6494205f74
                                                                                                                                                • Opcode Fuzzy Hash: 9c29405b958e3b2f102dbcfcfde52ea5884bc4c20c3659383fd20e43f049d681
                                                                                                                                                • Instruction Fuzzy Hash: F441B332608F998AE710DF24E8803AE7770FB81768F504135EB8D43AA8DF78D459CB90
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD1CD30 Relevance: 13.9, APIs: 9, Instructions: 430COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 51%
                                                                                                                                                			E00007FFC7FFC1FD1CD30(void* __eflags, long long __rax, void* __rcx, long long __rdx, void* __r9, void* __r11) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* _t80;
				void* _t93;
				void* _t102;
				intOrPtr* _t133;
				long long* _t135;
				long long _t138;
				intOrPtr _t146;
				intOrPtr* _t147;
				intOrPtr* _t148;
				void* _t151;
				intOrPtr _t153;
				intOrPtr* _t161;
				void* _t189;
				intOrPtr* _t190;
				intOrPtr* _t191;
				long long _t193;
				intOrPtr* _t195;
				void* _t197;
				void* _t198;
				intOrPtr* _t199;
				void* _t201;
				void* _t202;
				void* _t204;
				void* _t211;
				intOrPtr* _t212;
				long long _t214;
				long long _t216;
				long long _t218;
				void* _t220;
				long long _t222;
				intOrPtr* _t223;
				long long _t225;
				void* _t227;
				long long _t228;
				long long _t229;

				_t133 = __rax;
				 *((long long*)(_t204 + 0x10)) = __rdx;
				_t202 = _t204 - 0x1f;
				_t198 = __rcx;
				r13d = 0;
				 *((intOrPtr*)(_t202 - 0x59)) = r13d;
				 *((long long*)(__rdx)) = _t216;
				 *((intOrPtr*)(_t202 - 0x59)) = 1;
				E00007FFC7FFC1FD156A8(_t80, __rax, __rcx);
				 *((long long*)(_t202 + 0x67)) = __rax;
				E00007FFC7FFC1FD1C0C0(__rdx, __rax, _t198, _t227, _t220);
				_t190 = _t133;
				_t161 =  *((intOrPtr*)(__rdx));
				if (_t161 == 0) goto 0x1fd1cd91;
				if ( *((intOrPtr*)( *_t161 + 0x20))(_t151, _t201) == 0) goto 0x1fd1cd91;
				 *((long long*)(__rdx)) = _t216;
				 *((long long*)(__rdx)) = _t190;
				if (_t190 == 0) goto 0x1fd1cda2;
				 *((intOrPtr*)( *_t190 + 0x18))();
				_t199 =  *((intOrPtr*)(_t198 + 8));
				_t153 =  *_t199;
				if (_t153 == _t199) goto 0x1fd1d039;
				_t10 = _t190 + 8; // 0x8
				_t212 = _t10;
				 *((long long*)(_t202 + 0x7f)) = _t212;
				asm("o16 nop [eax+eax]");
				_t135 =  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x28))));
				 *((intOrPtr*)(_t135 + 8))();
				 *((long long*)(_t202 - 0x51)) = _t135;
				 *((long long*)(_t202 - 0x49)) = _t216;
				E00007FFC7FFC1FD1AF60(_t135, _t153, _t202 + 0x77, _t135, _t216);
				 *((long long*)(_t202 - 0x49)) =  *_t135;
				 *_t135 =  *((intOrPtr*)(_t202 - 0x49));
				_t191 =  *((intOrPtr*)(_t202 + 0x77));
				if (_t191 == 0) goto 0x1fd1ce28;
				asm("lock xadd [edi+0x8], eax");
				if (0xffffffff != 1) goto 0x1fd1ce28;
				 *((intOrPtr*)( *_t191 + 8))();
				asm("lock xadd [edi+0xc], eax");
				if (0xffffffff != 1) goto 0x1fd1ce28;
				E00007FFC7FFC1FD10730( *((intOrPtr*)( *_t191 + 0x10))(), _t202 - 0x51, _t135, _t135, __r9, _t211, _t189);
				 *((long long*)(_t202 - 0x19)) =  *((intOrPtr*)(_t153 + 0x20));
				_t138 =  *((intOrPtr*)(_t202 - 0x51));
				 *((long long*)(_t202 + 0x67)) = _t138;
				 *((long long*)(_t202 - 0x11)) = _t138;
				_t228 =  *((intOrPtr*)(_t202 - 0x49));
				 *((long long*)(_t202 - 9)) = _t228;
				if (_t228 == 0) goto 0x1fd1ce77;
				asm("lock inc ecx");
				_t229 =  *((intOrPtr*)(_t202 - 9));
				 *((long long*)(_t202 + 0x67)) =  *((intOrPtr*)(_t202 - 0x11));
				_t193 =  *((intOrPtr*)(_t202 - 0x19));
				_t222 =  *((intOrPtr*)( *_t212 + 8));
				 *((long long*)(_t202 - 1)) = _t222;
				 *((intOrPtr*)(_t202 + 7)) = 0;
				if ( *((char*)(_t222 + 0x19)) != 0) goto 0x1fd1cedd;
				asm("o16 nop [eax+eax]");
				 *((long long*)(_t202 - 1)) = _t222;
				0x1fd27119();
				if (1 >= 0) goto 0x1fd1cec5;
				 *((intOrPtr*)(_t202 + 7)) = 0;
				_t223 =  *((intOrPtr*)(_t222 + 0x10));
				goto 0x1fd1ced2;
				 *((intOrPtr*)(_t202 + 7)) = 1;
				_t218 = _t223;
				if ( *((char*)( *_t223 + 0x19)) == 0) goto 0x1fd1cea0;
				_t214 =  *((intOrPtr*)(_t202 + 0x7f));
				if ( *((char*)(_t218 + 0x19)) != 0) goto 0x1fd1cef9;
				0x1fd27119();
				if (1 >= 0) goto 0x1fd1cf6e;
				if ( *((intOrPtr*)(_t214 + 8)) == 0x92492492) goto 0x1fd1d051;
				_t225 =  *_t214;
				 *((long long*)(_t202 - 0x41)) = _t214;
				r13d = 0;
				 *((long long*)(_t202 - 0x39)) = _t218;
				_t93 = E00007FFC7FFC1FD156A8(1, 0x92492492, _t193 + 8);
				 *0x4924924924924B2 = _t193;
				 *0x4924924924924BA =  *((intOrPtr*)(_t202 + 0x67));
				r15d = r13d;
				 *((long long*)(_t202 - 9)) = _t218;
				 *0x4924924924924C2 = _t229;
				 *0x92492492 = _t225;
				 *0x49249249249249A = _t225;
				 *0x4924924924924A2 = _t225;
				 *0x4924924924924AA = r13w;
				 *((long long*)(_t202 - 0x39)) = _t218;
				asm("movups xmm0, [ebp-0x1]");
				asm("movaps [ebp-0x29], xmm0");
				E00007FFC7FFC1FD1C920(_t93, _t153, _t214, _t202 - 0x29, _t193, 0x92492492, _t197);
				goto 0x1fd1cf71;
				r13d = 0;
				if (_t229 == 0) goto 0x1fd1cfad;
				asm("lock inc ecx");
				if (0xffffffff != 1) goto 0x1fd1cfad;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t202 - 9)))) + 8))();
				asm("lock xadd [edi+0xc], eax");
				if (0xffffffff != 1) goto 0x1fd1cfad;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t202 - 9)))) + 0x10))();
				_t195 =  *((intOrPtr*)(_t202 - 0x49));
				if (_t195 == 0) goto 0x1fd1cfe6;
				asm("lock xadd [edi+0x8], eax");
				if (0xffffffff != 1) goto 0x1fd1cfe6;
				 *((intOrPtr*)( *_t195 + 8))();
				asm("lock xadd [edi+0xc], eax");
				if (0xffffffff != 1) goto 0x1fd1cfe6;
				_t102 =  *((intOrPtr*)( *_t195 + 0x10))();
				if ( *((char*)( *((intOrPtr*)(_t153 + 0x10)) + 0x19)) == 0) goto 0x1fd1d018;
				_t146 =  *((intOrPtr*)(_t153 + 8));
				if ( *((char*)(_t146 + 0x19)) != 0) goto 0x1fd1d013;
				asm("o16 nop [eax+eax]");
				if (_t153 !=  *((intOrPtr*)(_t146 + 0x10))) goto 0x1fd1d013;
				_t147 =  *((intOrPtr*)(_t146 + 8));
				if ( *((char*)(_t147 + 0x19)) == 0) goto 0x1fd1d000;
				goto 0x1fd1d030;
				_t148 =  *_t147;
				if ( *((char*)(_t148 + 0x19)) != 0) goto 0x1fd1d030;
				if ( *((char*)( *_t148 + 0x19)) == 0) goto 0x1fd1d024;
				if (_t148 != _t199) goto 0x1fd1cdc0;
				return _t102;
			}









































                                                                                                                                                0x7ffc1fd1cd30
                                                                                                                                                0x7ffc1fd1cd30
                                                                                                                                                0x7ffc1fd1cd41
                                                                                                                                                0x7ffc1fd1cd50
                                                                                                                                                0x7ffc1fd1cd53
                                                                                                                                                0x7ffc1fd1cd56
                                                                                                                                                0x7ffc1fd1cd5a
                                                                                                                                                0x7ffc1fd1cd5d
                                                                                                                                                0x7ffc1fd1cd68
                                                                                                                                                0x7ffc1fd1cd6d
                                                                                                                                                0x7ffc1fd1cd74
                                                                                                                                                0x7ffc1fd1cd79
                                                                                                                                                0x7ffc1fd1cd7c
                                                                                                                                                0x7ffc1fd1cd82
                                                                                                                                                0x7ffc1fd1cd8c
                                                                                                                                                0x7ffc1fd1cd8e
                                                                                                                                                0x7ffc1fd1cd91
                                                                                                                                                0x7ffc1fd1cd97
                                                                                                                                                0x7ffc1fd1cd9f
                                                                                                                                                0x7ffc1fd1cda2
                                                                                                                                                0x7ffc1fd1cda6
                                                                                                                                                0x7ffc1fd1cdac
                                                                                                                                                0x7ffc1fd1cdb2
                                                                                                                                                0x7ffc1fd1cdb2
                                                                                                                                                0x7ffc1fd1cdb6
                                                                                                                                                0x7ffc1fd1cdba
                                                                                                                                                0x7ffc1fd1cdc4
                                                                                                                                                0x7ffc1fd1cdc7
                                                                                                                                                0x7ffc1fd1cdcd
                                                                                                                                                0x7ffc1fd1cdd1
                                                                                                                                                0x7ffc1fd1cddc
                                                                                                                                                0x7ffc1fd1cde8
                                                                                                                                                0x7ffc1fd1cdec
                                                                                                                                                0x7ffc1fd1cdef
                                                                                                                                                0x7ffc1fd1cdf6
                                                                                                                                                0x7ffc1fd1cdfd
                                                                                                                                                0x7ffc1fd1ce05
                                                                                                                                                0x7ffc1fd1ce0d
                                                                                                                                                0x7ffc1fd1ce15
                                                                                                                                                0x7ffc1fd1ce1d
                                                                                                                                                0x7ffc1fd1ce32
                                                                                                                                                0x7ffc1fd1ce3f
                                                                                                                                                0x7ffc1fd1ce43
                                                                                                                                                0x7ffc1fd1ce47
                                                                                                                                                0x7ffc1fd1ce4b
                                                                                                                                                0x7ffc1fd1ce4f
                                                                                                                                                0x7ffc1fd1ce53
                                                                                                                                                0x7ffc1fd1ce5a
                                                                                                                                                0x7ffc1fd1ce61
                                                                                                                                                0x7ffc1fd1ce67
                                                                                                                                                0x7ffc1fd1ce6f
                                                                                                                                                0x7ffc1fd1ce73
                                                                                                                                                0x7ffc1fd1ce7b
                                                                                                                                                0x7ffc1fd1ce7f
                                                                                                                                                0x7ffc1fd1ce83
                                                                                                                                                0x7ffc1fd1ce8f
                                                                                                                                                0x7ffc1fd1ce95
                                                                                                                                                0x7ffc1fd1cea0
                                                                                                                                                0x7ffc1fd1ceaf
                                                                                                                                                0x7ffc1fd1ceb6
                                                                                                                                                0x7ffc1fd1ceb8
                                                                                                                                                0x7ffc1fd1cebf
                                                                                                                                                0x7ffc1fd1cec3
                                                                                                                                                0x7ffc1fd1cec5
                                                                                                                                                0x7ffc1fd1cecc
                                                                                                                                                0x7ffc1fd1ced7
                                                                                                                                                0x7ffc1fd1ced9
                                                                                                                                                0x7ffc1fd1cee2
                                                                                                                                                0x7ffc1fd1cef0
                                                                                                                                                0x7ffc1fd1cef7
                                                                                                                                                0x7ffc1fd1cf08
                                                                                                                                                0x7ffc1fd1cf0e
                                                                                                                                                0x7ffc1fd1cf12
                                                                                                                                                0x7ffc1fd1cf16
                                                                                                                                                0x7ffc1fd1cf19
                                                                                                                                                0x7ffc1fd1cf21
                                                                                                                                                0x7ffc1fd1cf27
                                                                                                                                                0x7ffc1fd1cf2f
                                                                                                                                                0x7ffc1fd1cf36
                                                                                                                                                0x7ffc1fd1cf39
                                                                                                                                                0x7ffc1fd1cf3d
                                                                                                                                                0x7ffc1fd1cf41
                                                                                                                                                0x7ffc1fd1cf44
                                                                                                                                                0x7ffc1fd1cf48
                                                                                                                                                0x7ffc1fd1cf4c
                                                                                                                                                0x7ffc1fd1cf51
                                                                                                                                                0x7ffc1fd1cf55
                                                                                                                                                0x7ffc1fd1cf59
                                                                                                                                                0x7ffc1fd1cf67
                                                                                                                                                0x7ffc1fd1cf6c
                                                                                                                                                0x7ffc1fd1cf6e
                                                                                                                                                0x7ffc1fd1cf74
                                                                                                                                                0x7ffc1fd1cf7b
                                                                                                                                                0x7ffc1fd1cf84
                                                                                                                                                0x7ffc1fd1cf90
                                                                                                                                                0x7ffc1fd1cf98
                                                                                                                                                0x7ffc1fd1cfa0
                                                                                                                                                0x7ffc1fd1cfa9
                                                                                                                                                0x7ffc1fd1cfad
                                                                                                                                                0x7ffc1fd1cfb4
                                                                                                                                                0x7ffc1fd1cfbb
                                                                                                                                                0x7ffc1fd1cfc3
                                                                                                                                                0x7ffc1fd1cfcb
                                                                                                                                                0x7ffc1fd1cfd3
                                                                                                                                                0x7ffc1fd1cfdb
                                                                                                                                                0x7ffc1fd1cfe3
                                                                                                                                                0x7ffc1fd1cfee
                                                                                                                                                0x7ffc1fd1cff0
                                                                                                                                                0x7ffc1fd1cff8
                                                                                                                                                0x7ffc1fd1cffa
                                                                                                                                                0x7ffc1fd1d004
                                                                                                                                                0x7ffc1fd1d009
                                                                                                                                                0x7ffc1fd1d011
                                                                                                                                                0x7ffc1fd1d016
                                                                                                                                                0x7ffc1fd1d01b
                                                                                                                                                0x7ffc1fd1d022
                                                                                                                                                0x7ffc1fd1d02e
                                                                                                                                                0x7ffc1fd1d033
                                                                                                                                                0x7ffc1fd1d050

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00007FFC1FD156A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFC1FCF8F4E), ref: 00007FFC1FD156C2
                                                                                                                                                • __std_type_info_compare.VCRUNTIME140 ref: 00007FFC1FD1CEAF
                                                                                                                                                • __std_type_info_compare.VCRUNTIME140 ref: 00007FFC1FD1CEF0
                                                                                                                                                • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FFC1FD1D0AF
                                                                                                                                                • ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FFC1FD1D0CE
                                                                                                                                                • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FFC1FD1D104
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD1D204
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD1D2D7
                                                                                                                                                • ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FFC1FD1D314
                                                                                                                                                • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FFC1FD1D31E
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: U?$char_traits@$D@std@@@std@@$__std_type_info_compare_invalid_parameter_noinfo_noreturn$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@??1?$basic_ios@??1?$basic_ostream@D@std@@@1@_V?$basic_streambuf@malloc
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3231916079-0
                                                                                                                                                • Opcode ID: 8f727c501bc642afc385f2a35a2fdff484e233f624a9630d1da4be8b6943314e
                                                                                                                                                • Instruction ID: 6b48590d61b0e4ceda0d4de5e4fe372815de9882ef62a1bcd893834055c580e8
                                                                                                                                                • Opcode Fuzzy Hash: 8f727c501bc642afc385f2a35a2fdff484e233f624a9630d1da4be8b6943314e
                                                                                                                                                • Instruction Fuzzy Hash: 85128B32A08F998AEB18EF25D4443BD77A1FB86BA8F048125DE5D53794CF38D4A5C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD003F0 Relevance: 13.8, APIs: 9, Instructions: 256COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 35%
                                                                                                                                                			E00007FFC7FFC1FD003F0(void* __eax, long long __rbx, void* __rcx, void* __rdx, long long __rbp, long long* __r8, long long _a8, long long _a32) {
				void* _v40;
				signed int _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				char _v88;
				long long _v96;
				long long _v104;
				long long _v112;
				long long _v120;
				char _v136;
				void* __rsi;
				void* _t37;
				void* _t39;
				void* _t41;
				signed long long _t57;
				intOrPtr* _t71;
				intOrPtr _t72;
				void* _t74;
				void* _t79;
				void* _t90;
				long long _t93;
				void* _t97;
				char _t98;
				void* _t102;
				long long* _t108;
				intOrPtr _t109;
				void* _t110;
				intOrPtr* _t111;

				_t74 = __rcx;
				_a8 = __rbx;
				_a32 = __rbp;
				_t57 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_v56 = _t57 ^ _t102 - 0x00000080;
				_t108 = __r8;
				_t110 = __rcx;
				 *__r8 = 0;
				_t4 = _t74 + 0x70; // 0x70
				_v96 = _t4;
				0x1fd15430();
				if (__eax != 0) goto 0x1fd005a3;
				E00007FFC7FFC1FCFD4C0(_t57 ^ _t102 - 0x00000080, __rdx,  &_v136, __rdx, _t97);
				_v104 =  &_v136;
				_t111 =  *((intOrPtr*)(_t110 + 0x60));
				_t71 =  *_t111;
				if (_t71 == _t111) goto 0x1fd00508;
				_t37 = E00007FFC7FFC1FCFD4C0( &_v136, _t71,  &_v88,  *((intOrPtr*)(_t71 + 0x10)), _t97);
				_t90 =  >=  ? _v136 :  &_v136;
				_t98 = _v88;
				_t109 = _v64;
				_t79 =  >=  ? _t98 :  &_v88;
				if (_v72 != _v120) goto 0x1fd004b8;
				0x1fd27101();
				if (_t37 != 0) goto 0x1fd004b8;
				bpl = 1;
				goto 0x1fd004bb;
				bpl = 0;
				if (_t109 - 0x10 < 0) goto 0x1fd004ee;
				if (_t109 + 1 - 0x1000 < 0) goto 0x1fd004e6;
				if (_t98 -  *((intOrPtr*)(_t98 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x1fd00501;
				E00007FFC7FFC1FD156E4();
				if (bpl != 0) goto 0x1fd00508;
				_t72 =  *_t71;
				goto 0x1fd00462;
				__imp___invalid_parameter_noinfo_noreturn();
				_t93 = _v112;
				if (_t93 - 0x10 < 0) goto 0x1fd00548;
				if (_t93 + 1 - 0x1000 < 0) goto 0x1fd00543;
				if (_v136 -  *((intOrPtr*)(_v136 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fd00543;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t39 = E00007FFC7FFC1FD156E4();
				_v120 = 0;
				_v112 = 0xf;
				_v136 = 0;
				 *((char*)( *((intOrPtr*)(_t72 + 0x10)) + 0xa0)) = 1;
				 *_t108 =  *((intOrPtr*)(_t72 + 0x10));
				0x1fd15436();
				return E00007FFC7FFC1FD15E20(_t39, _t41, _v56 ^ _t102 - 0x00000080);
			}































                                                                                                                                                0x7ffc1fd003f0
                                                                                                                                                0x7ffc1fd003f0
                                                                                                                                                0x7ffc1fd003f5
                                                                                                                                                0x7ffc1fd00409
                                                                                                                                                0x7ffc1fd00413
                                                                                                                                                0x7ffc1fd00418
                                                                                                                                                0x7ffc1fd0041e
                                                                                                                                                0x7ffc1fd00421
                                                                                                                                                0x7ffc1fd00428
                                                                                                                                                0x7ffc1fd0042c
                                                                                                                                                0x7ffc1fd00434
                                                                                                                                                0x7ffc1fd0043b
                                                                                                                                                0x7ffc1fd00449
                                                                                                                                                0x7ffc1fd00453
                                                                                                                                                0x7ffc1fd00458
                                                                                                                                                0x7ffc1fd0045c
                                                                                                                                                0x7ffc1fd00462
                                                                                                                                                0x7ffc1fd00471
                                                                                                                                                0x7ffc1fd00481
                                                                                                                                                0x7ffc1fd0048c
                                                                                                                                                0x7ffc1fd00491
                                                                                                                                                0x7ffc1fd0049a
                                                                                                                                                0x7ffc1fd004a8
                                                                                                                                                0x7ffc1fd004aa
                                                                                                                                                0x7ffc1fd004b1
                                                                                                                                                0x7ffc1fd004b3
                                                                                                                                                0x7ffc1fd004b6
                                                                                                                                                0x7ffc1fd004b8
                                                                                                                                                0x7ffc1fd004bf
                                                                                                                                                0x7ffc1fd004cf
                                                                                                                                                0x7ffc1fd004e4
                                                                                                                                                0x7ffc1fd004e9
                                                                                                                                                0x7ffc1fd004f1
                                                                                                                                                0x7ffc1fd004f6
                                                                                                                                                0x7ffc1fd004fc
                                                                                                                                                0x7ffc1fd00501
                                                                                                                                                0x7ffc1fd00508
                                                                                                                                                0x7ffc1fd00511
                                                                                                                                                0x7ffc1fd00525
                                                                                                                                                0x7ffc1fd0053a
                                                                                                                                                0x7ffc1fd0053c
                                                                                                                                                0x7ffc1fd00542
                                                                                                                                                0x7ffc1fd00543
                                                                                                                                                0x7ffc1fd00548
                                                                                                                                                0x7ffc1fd00551
                                                                                                                                                0x7ffc1fd0055a
                                                                                                                                                0x7ffc1fd00563
                                                                                                                                                0x7ffc1fd0056e
                                                                                                                                                0x7ffc1fd00575
                                                                                                                                                0x7ffc1fd005a2

                                                                                                                                                APIs
                                                                                                                                                • _Mtx_lock.MSVCP140 ref: 00007FFC1FD00434
                                                                                                                                                • memcmp.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FFC1FCFA7CC), ref: 00007FFC1FD004AA
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFC1FCFA7CC), ref: 00007FFC1FD00501
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFC1FCFA7CC), ref: 00007FFC1FD0053C
                                                                                                                                                • _Mtx_unlock.MSVCP140(?,?,?,?,?,?,?,?,?,?,00007FFC1FCFA7CC), ref: 00007FFC1FD00575
                                                                                                                                                  • Part of subcall function 00007FFC1FCFD4C0: memmove.VCRUNTIME140(?,?,?,00007FFC1FCFE21C,?,?,?,00007FFC1FD0D6C2), ref: 00007FFC1FCFD572
                                                                                                                                                  • Part of subcall function 00007FFC1FCFD4C0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFC1FCFD597
                                                                                                                                                  • Part of subcall function 00007FFC1FCFD4C0: __std_exception_copy.VCRUNTIME140(?,?,?,?,?,?,?,00007FFC1FCFE21C,?,?,?,00007FFC1FD0D6C2), ref: 00007FFC1FCFD5C4
                                                                                                                                                • ?_Throw_C_error@std@@YAXH@Z.MSVCP140 ref: 00007FFC1FD005A5
                                                                                                                                                • ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ.MSVCP140 ref: 00007FFC1FD00602
                                                                                                                                                • memmove.VCRUNTIME140 ref: 00007FFC1FD00685
                                                                                                                                                • ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ.MSVCP140 ref: 00007FFC1FD0071E
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: D@std@@@std@@Pninc@?$basic_streambuf@U?$char_traits@_invalid_parameter_noinfo_noreturnmemmove$C_error@std@@Concurrency::cancel_current_taskMtx_lockMtx_unlockThrow___std_exception_copymemcmp
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 746284128-0
                                                                                                                                                • Opcode ID: 2d97d0e12ee4a3a8b2d37e1ec409398ce534de5f8946287022801530ad55abf0
                                                                                                                                                • Instruction ID: a6bca8824047ca4529753a76386e294ed005111247e0af47b60b00305f3c9ac8
                                                                                                                                                • Opcode Fuzzy Hash: 2d97d0e12ee4a3a8b2d37e1ec409398ce534de5f8946287022801530ad55abf0
                                                                                                                                                • Instruction Fuzzy Hash: 50A18D32A08F9986EB15AF29E45437D63A5FB88BA8F944131EE5C03794DF3CD4A1C790
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD1B300 Relevance: 13.6, APIs: 9, Instructions: 122COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memmove$_invalid_parameter_noinfo_noreturnmemset$Concurrency::cancel_current_task
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 612657275-0
                                                                                                                                                • Opcode ID: b049d1f40c21fbe2e38ad000cf652e28f2f947a77c9211f69e8f13876829a593
                                                                                                                                                • Instruction ID: e24cd183110920f1116ef1fa16b322630646d67347e7c89dd6935818d85afbb4
                                                                                                                                                • Opcode Fuzzy Hash: b049d1f40c21fbe2e38ad000cf652e28f2f947a77c9211f69e8f13876829a593
                                                                                                                                                • Instruction Fuzzy Hash: 8F419E22B0CEAE91EE18FF12E4041B96351AB45BE4F584635DE6D0B796CF7CE061C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD249E0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 297COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 57%
                                                                                                                                                			E00007FFC7FFC1FD249E0(signed long long __rbx, long long __rcx, void* __r8) {
				void* _t112;
				intOrPtr* _t129;
				long long _t140;
				long long _t141;
				signed long long _t152;
				intOrPtr* _t159;
				intOrPtr* _t161;
				intOrPtr* _t164;
				intOrPtr* _t170;
				intOrPtr* _t174;
				void* _t178;
				void* _t181;
				void* _t183;
				void* _t184;
				void* _t186;
				void* _t187;
				signed long long _t190;
				void* _t192;
				void* _t195;
				void* _t198;

				 *((long long*)(_t186 + 0x20)) = __rbx;
				 *((long long*)(_t186 + 8)) = __rcx;
				_t184 = _t186 - 0x27;
				_t187 = _t186 - 0xe0;
				r12d = 0;
				 *((intOrPtr*)(_t187 + 0x20)) = r12d;
				 *(_t184 - 0x11) = _t190;
				asm("xorps xmm0, xmm0");
				asm("movdqa [ebp-0x9], xmm0");
				 *((intOrPtr*)(_t184 + 7)) = 0xffffffff;
				asm("movups [ebp+0x17], xmm0");
				 *((long long*)(_t184 + 0x17)) = "bad exception";
				 *((long long*)(_t184 - 0x19)) = 0x1fd2eee8;
				 *((long long*)(_t184 + 0xf)) = 0x1fd2eef8;
				 *((long long*)(_t184 - 0x49)) = 0x1fd2edf8;
				 *((long long*)(_t184 - 0x39)) = 0x1fd2ceb8;
				 *((intOrPtr*)(_t187 + 0x20)) = 2;
				 *((long long*)(_t187 + 0x30)) = 0x1fd2cea8;
				 *(_t187 + 0x38) = _t190;
				 *((long long*)(_t184 - 0x79)) =  *((intOrPtr*)(_t184 - 9));
				 *((long long*)(_t184 - 0x71)) =  *((intOrPtr*)(_t184 - 1));
				 *((intOrPtr*)(_t184 - 0x69)) = 0xffffffff;
				 *((long long*)(_t184 - 0x61)) = 0x1fd2b9e8;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp-0x59], xmm0");
				0x1fd270e3(_t198, _t195, _t192, _t190, _t178, _t181, _t183);
				 *((long long*)(_t187 + 0x30)) = 0x1fd2edb8;
				 *((long long*)(_t184 - 0x61)) = 0x1fd2edc8;
				 *((long long*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x49)) = 0x1fd2ede0;
				 *((intOrPtr*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x4d)) =  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x10;
				 *(_t184 + 0x6f) = __rbx;
				_t159 =  *(_t184 - 0x11);
				if (_t159 == 0) goto 0x1fd24b31;
				_t129 =  *_t159;
				 *((intOrPtr*)(_t129 + 0x28))();
				_t152 =  *_t129;
				 *(_t184 + 0x6f) = _t152;
				if (_t152 == 0) goto 0x1fd24b14;
				 *((intOrPtr*)( *_t152 + 0x18))();
				_t161 =  *((intOrPtr*)(_t184 + 0x67));
				if (_t161 == 0) goto 0x1fd24b31;
				 *((intOrPtr*)( *_t161 + 0x20))();
				_t163 =  !=  ? _t190 :  *((intOrPtr*)(_t184 + 0x67));
				 *((long long*)(_t184 + 0x67)) =  !=  ? _t190 :  *((intOrPtr*)(_t184 + 0x67));
				 *((long long*)(_t184 - 0x71)) =  *((intOrPtr*)(_t184 - 1));
				 *((intOrPtr*)(_t184 - 0x69)) =  *((intOrPtr*)(_t184 + 7));
				 *((long long*)(_t184 - 0x79)) =  *((intOrPtr*)(_t184 - 9));
				_t164 =  *(_t187 + 0x38);
				if (_t164 == 0) goto 0x1fd24b57;
				 *((intOrPtr*)( *_t164 + 0x20))();
				 *(_t187 + 0x38) = _t152;
				if (_t152 == 0) goto 0x1fd24b6b;
				 *((intOrPtr*)( *_t152 + 0x18))();
				if (_t152 == 0) goto 0x1fd24b7a;
				 *((intOrPtr*)( *_t152 + 0x20))();
				 *((long long*)(_t184 - 0x79)) = "class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void)";
				 *((long long*)(_t184 - 0x71)) = ".\\boost/exception/detail/exception_ptr.hpp";
				 *((intOrPtr*)(_t184 - 0x69)) = 0x87;
				r8d = 0x44;
				r15d = 1;
				_t112 =  *0x1fd42458 -  *((intOrPtr*)(__r8 +  *((intOrPtr*)( *[gs:0x58] + _t152 * 8)))); // 0x80000002
				if (_t112 > 0) goto 0x1fd24cd3;
				_t140 =  *0x1fd42448; // 0x683980
				 *((long long*)(__rcx)) = _t140;
				_t141 =  *0x1fd42450; // 0x6a6d10
				 *((long long*)(__rcx + 8)) = _t141;
				if (_t141 == 0) goto 0x1fd24be6;
				asm("lock inc esp");
				 *((long long*)(_t187 + 0x30)) = 0x1fd2edb8;
				 *((long long*)(_t184 - 0x61)) = 0x1fd2edc8;
				 *((long long*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x49)) = 0x1fd2ede0;
				 *((intOrPtr*)(_t184 +  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x4d)) =  *((intOrPtr*)( *((intOrPtr*)(_t184 - 0x49)) + 4)) - 0x10;
				 *((long long*)(_t187 + 0x30)) = 0x1fd2eee8;
				 *((long long*)(_t184 - 0x61)) = 0x1fd2b9e8;
				0x1fd270e9();
				 *((long long*)(_t187 + 0x30)) = 0x1fd2cea8;
				_t170 =  *(_t187 + 0x38);
				if (_t170 == 0) goto 0x1fd24c5f;
				 *((intOrPtr*)( *_t170 + 0x20))();
				_t172 =  !=  ? _t190 :  *(_t187 + 0x38);
				 *(_t187 + 0x38) =  !=  ? _t190 :  *(_t187 + 0x38);
				 *((long long*)(_t184 - 0x39)) = 0x1fd2ceb8;
				 *((long long*)(_t184 - 0x19)) = 0x1fd2eee8;
				 *((long long*)(_t184 + 0xf)) = 0x1fd2b9e8;
				0x1fd270e9();
				 *((long long*)(_t184 - 0x19)) = 0x1fd2cea8;
				_t174 =  *(_t184 - 0x11);
				if (_t174 == 0) goto 0x1fd24c90;
				return  *((intOrPtr*)( *_t174 + 0x20))();
			}























                                                                                                                                                0x7ffc1fd249e0
                                                                                                                                                0x7ffc1fd249e5
                                                                                                                                                0x7ffc1fd249f5
                                                                                                                                                0x7ffc1fd249fa
                                                                                                                                                0x7ffc1fd24a04
                                                                                                                                                0x7ffc1fd24a07
                                                                                                                                                0x7ffc1fd24a0c
                                                                                                                                                0x7ffc1fd24a10
                                                                                                                                                0x7ffc1fd24a13
                                                                                                                                                0x7ffc1fd24a1f
                                                                                                                                                0x7ffc1fd24a22
                                                                                                                                                0x7ffc1fd24a2d
                                                                                                                                                0x7ffc1fd24a38
                                                                                                                                                0x7ffc1fd24a43
                                                                                                                                                0x7ffc1fd24a4e
                                                                                                                                                0x7ffc1fd24a59
                                                                                                                                                0x7ffc1fd24a5d
                                                                                                                                                0x7ffc1fd24a6c
                                                                                                                                                0x7ffc1fd24a71
                                                                                                                                                0x7ffc1fd24a7a
                                                                                                                                                0x7ffc1fd24a82
                                                                                                                                                0x7ffc1fd24a86
                                                                                                                                                0x7ffc1fd24a90
                                                                                                                                                0x7ffc1fd24a94
                                                                                                                                                0x7ffc1fd24a97
                                                                                                                                                0x7ffc1fd24aa3
                                                                                                                                                0x7ffc1fd24ab0
                                                                                                                                                0x7ffc1fd24abc
                                                                                                                                                0x7ffc1fd24acf
                                                                                                                                                0x7ffc1fd24adf
                                                                                                                                                0x7ffc1fd24ae6
                                                                                                                                                0x7ffc1fd24aea
                                                                                                                                                0x7ffc1fd24af1
                                                                                                                                                0x7ffc1fd24af3
                                                                                                                                                0x7ffc1fd24afa
                                                                                                                                                0x7ffc1fd24afe
                                                                                                                                                0x7ffc1fd24b01
                                                                                                                                                0x7ffc1fd24b08
                                                                                                                                                0x7ffc1fd24b10
                                                                                                                                                0x7ffc1fd24b14
                                                                                                                                                0x7ffc1fd24b1b
                                                                                                                                                0x7ffc1fd24b20
                                                                                                                                                0x7ffc1fd24b29
                                                                                                                                                0x7ffc1fd24b2d
                                                                                                                                                0x7ffc1fd24b35
                                                                                                                                                0x7ffc1fd24b3c
                                                                                                                                                0x7ffc1fd24b43
                                                                                                                                                0x7ffc1fd24b47
                                                                                                                                                0x7ffc1fd24b4f
                                                                                                                                                0x7ffc1fd24b54
                                                                                                                                                0x7ffc1fd24b57
                                                                                                                                                0x7ffc1fd24b5f
                                                                                                                                                0x7ffc1fd24b67
                                                                                                                                                0x7ffc1fd24b6e
                                                                                                                                                0x7ffc1fd24b76
                                                                                                                                                0x7ffc1fd24b81
                                                                                                                                                0x7ffc1fd24b8c
                                                                                                                                                0x7ffc1fd24b90
                                                                                                                                                0x7ffc1fd24ba6
                                                                                                                                                0x7ffc1fd24bb0
                                                                                                                                                0x7ffc1fd24bba
                                                                                                                                                0x7ffc1fd24bc0
                                                                                                                                                0x7ffc1fd24bc6
                                                                                                                                                0x7ffc1fd24bcd
                                                                                                                                                0x7ffc1fd24bd0
                                                                                                                                                0x7ffc1fd24bd7
                                                                                                                                                0x7ffc1fd24bde
                                                                                                                                                0x7ffc1fd24be0
                                                                                                                                                0x7ffc1fd24bed
                                                                                                                                                0x7ffc1fd24bf9
                                                                                                                                                0x7ffc1fd24c0c
                                                                                                                                                0x7ffc1fd24c1c
                                                                                                                                                0x7ffc1fd24c20
                                                                                                                                                0x7ffc1fd24c2c
                                                                                                                                                0x7ffc1fd24c34
                                                                                                                                                0x7ffc1fd24c3a
                                                                                                                                                0x7ffc1fd24c3f
                                                                                                                                                0x7ffc1fd24c47
                                                                                                                                                0x7ffc1fd24c4c
                                                                                                                                                0x7ffc1fd24c56
                                                                                                                                                0x7ffc1fd24c5a
                                                                                                                                                0x7ffc1fd24c66
                                                                                                                                                0x7ffc1fd24c6a
                                                                                                                                                0x7ffc1fd24c6e
                                                                                                                                                0x7ffc1fd24c76
                                                                                                                                                0x7ffc1fd24c7c
                                                                                                                                                0x7ffc1fd24c80
                                                                                                                                                0x7ffc1fd24c87
                                                                                                                                                0x7ffc1fd24cad

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void), xrefs: 00007FFC1FD24B7A
                                                                                                                                                • bad exception, xrefs: 00007FFC1FD24A26
                                                                                                                                                • .\boost/exception/detail/exception_ptr.hpp, xrefs: 00007FFC1FD24B85
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: __std_exception_copy__std_exception_destroy
                                                                                                                                                • String ID: .\boost/exception/detail/exception_ptr.hpp$bad exception$class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void)
                                                                                                                                                • API String ID: 2960854011-1507259449
                                                                                                                                                • Opcode ID: fc3aa84a03b73d6f394b629e0a64d3ddce47d92245d602c639d9136dbaf551b1
                                                                                                                                                • Instruction ID: b4d7bd9ba7157fe6635b4dc84a0adf3642c3f386514fb7f5686de8c181f67a22
                                                                                                                                                • Opcode Fuzzy Hash: fc3aa84a03b73d6f394b629e0a64d3ddce47d92245d602c639d9136dbaf551b1
                                                                                                                                                • Instruction Fuzzy Hash: 64E11736B05F598AEB14DF65E4802AC33B4FB89B68B048136DE4D53B68EF38D565C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCFAB60 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 168COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 36%
                                                                                                                                                			E00007FFC7FFC1FCFAB60(long long __rcx, void* __rdx, void* __rbp, long long _a40) {
				signed int _v64;
				intOrPtr _v72;
				char _v96;
				intOrPtr _v104;
				char _v128;
				long long _v136;
				long long _v144;
				char _v154;
				short _v156;
				char _v160;
				char _v176;
				char _v184;
				char _v192;
				char _v200;
				long long _v216;
				long long _v224;
				long long _v232;
				long long _v240;
				long long _v248;
				void* __rbx;
				void* __rsi;
				void* __r14;
				char _t54;
				void* _t76;
				signed long long _t95;
				signed long long _t96;
				long long _t100;
				void* _t104;
				long long _t114;
				char _t133;
				long long _t142;
				intOrPtr _t147;
				intOrPtr _t152;
				intOrPtr _t155;
				intOrPtr _t158;
				void* _t161;
				long long _t162;
				void* _t163;
				void* _t164;
				void* _t167;
				void* _t171;
				long long _t172;

				_t163 = __rbp;
				_t171 = _t164;
				_t165 = _t164 - 0xe8;
				_t95 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_t96 = _t95 ^ _t164 - 0x000000e8;
				_v64 = _t96;
				r12d = r9d;
				r15d = r8d;
				_t161 = __rdx;
				_t172 = __rcx;
				_v192 = r8d;
				_v200 = r9d;
				_t162 = _a40;
				_v160 = _t114;
				 *((long long*)(_t171 - 0x88)) = 0xf;
				 *((long long*)(_t171 - 0x90)) = 6;
				_t54 = "system"; // 0x74737973
				_v160 = _t54;
				_v156 =  *0x1fd2ba84 & 0x0000ffff;
				_v154 = 0;
				 *((long long*)(_t171 - 0x80)) = _t114;
				asm("movdqa xmm0, [0x317ba]");
				asm("repe inc ecx");
				 *((char*)(_t171 - 0x80)) = 0;
				E00007FFC7FFC1FD0D640(_t114, __rcx, _t167);
				if ( &_v128 == _t96) goto 0x1fcfac20;
				if ( *((long long*)(_t96 + 0x18)) - 0x10 < 0) goto 0x1fcfac10;
				E00007FFC7FFC1FCF9100(_t114,  &_v128,  *_t96,  *((intOrPtr*)(_t96 + 0x10)), _t172);
				E00007FFC7FFC1FD106F0( *((long long*)(_t96 + 0x18)) - 0x10,  *_t96,  &_v160,  *((intOrPtr*)(_t96 + 0x10)));
				_t142 = _v136;
				if (_t142 - 0x10 < 0) goto 0x1fcfac6e;
				if (_t142 + 1 - 0x1000 < 0) goto 0x1fcfac69;
				_t100 = _v160 -  *((intOrPtr*)(_v160 - 8)) + 0xfffffff8;
				if (_t100 - 0x1f <= 0) goto 0x1fcfac69;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v144 = _t114;
				_v136 = 0xf;
				_v160 = 0;
				_v176 = _t162;
				E00007FFC7FFC1FD04280(_t76, _t114,  &_v96, _t161, _t162, _t163);
				_v184 = _t172;
				_v216 =  &_v176;
				_v224 =  &_v200;
				_v232 =  &_v192;
				_v240 = _t100;
				_v248 =  &_v184;
				r8d = 0xb9;
				E00007FFC7FFC1FCF5F50(0, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_startdocport {:#x}, \'{}\', {}, {}, {:#x}");
				_t147 = _v72;
				if (_t147 - 0x10 < 0) goto 0x1fcfad31;
				if (_t147 + 1 - 0x1000 < 0) goto 0x1fcfad2c;
				_t104 = _v96 -  *((intOrPtr*)(_v96 - 8)) + 0xfffffff8;
				if (_t104 - 0x1f <= 0) goto 0x1fcfad2c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				E00007FFC7FFC1FCFE0D0( *((intOrPtr*)(_v96 - 8)), _t147 + 0x28);
				E00007FFC7FFC1FD04280(_t76, _t104,  &_v96, _t161, _t162, _t163);
				_v240 = _t162;
				_v248 = r12d;
				r9d = r15d;
				_t169 = _t104;
				E00007FFC7FFC1FD00CE0(0, _t76, _t104, _t104, _t172, _t104);
				_t152 = _v72;
				if (_t152 - 0x10 < 0) goto 0x1fcfadad;
				if (_t152 + 1 - 0x1000 < 0) goto 0x1fcfada7;
				if (_v96 -  *((intOrPtr*)(_v96 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfada7;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				E00007FFC7FFC1FD106F0(_v96 -  *((intOrPtr*)(_v96 - 8)) + 0xfffffff8 - 0x1f, _v96 -  *((intOrPtr*)(_v96 - 8)) + 0xfffffff8,  &_v128, _t104);
				_t155 = _v104;
				if (_t155 - 0x10 < 0) goto 0x1fcfae01;
				_t133 = _v128;
				if (_t155 + 1 - 0x1000 < 0) goto 0x1fcfadfb;
				_t110 = _t133 -  *((intOrPtr*)(_t133 - 8)) + 0xfffffff8;
				_t90 = _t133 -  *((intOrPtr*)(_t133 - 8)) + 0xfffffff8 - 0x1f;
				if (_t133 -  *((intOrPtr*)(_t133 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfadfb;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				E00007FFC7FFC1FD106F0(_t90, _t110,  &_v128, _t169);
				_t158 = _v104;
				if (_t158 - 0x10 < 0) goto 0x1fcfae5c;
				if (_t158 + 1 - 0x1000 < 0) goto 0x1fcfae56;
				if (_v128 -  *((intOrPtr*)(_v128 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfae56;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				return E00007FFC7FFC1FD15E20(0, 0, _v64 ^ _t165);
			}













































                                                                                                                                                0x7ffc1fcfab60
                                                                                                                                                0x7ffc1fcfab60
                                                                                                                                                0x7ffc1fcfab6c
                                                                                                                                                0x7ffc1fcfab73
                                                                                                                                                0x7ffc1fcfab7a
                                                                                                                                                0x7ffc1fcfab7d
                                                                                                                                                0x7ffc1fcfab85
                                                                                                                                                0x7ffc1fcfab88
                                                                                                                                                0x7ffc1fcfab8b
                                                                                                                                                0x7ffc1fcfab8e
                                                                                                                                                0x7ffc1fcfab91
                                                                                                                                                0x7ffc1fcfab96
                                                                                                                                                0x7ffc1fcfab9b
                                                                                                                                                0x7ffc1fcfaba5
                                                                                                                                                0x7ffc1fcfabaa
                                                                                                                                                0x7ffc1fcfabb5
                                                                                                                                                0x7ffc1fcfabc0
                                                                                                                                                0x7ffc1fcfabc6
                                                                                                                                                0x7ffc1fcfabd1
                                                                                                                                                0x7ffc1fcfabd6
                                                                                                                                                0x7ffc1fcfabda
                                                                                                                                                0x7ffc1fcfabde
                                                                                                                                                0x7ffc1fcfabe6
                                                                                                                                                0x7ffc1fcfabec
                                                                                                                                                0x7ffc1fcfabf0
                                                                                                                                                0x7ffc1fcfac00
                                                                                                                                                0x7ffc1fcfac0b
                                                                                                                                                0x7ffc1fcfac1b
                                                                                                                                                0x7ffc1fcfac25
                                                                                                                                                0x7ffc1fcfac2b
                                                                                                                                                0x7ffc1fcfac37
                                                                                                                                                0x7ffc1fcfac4b
                                                                                                                                                0x7ffc1fcfac58
                                                                                                                                                0x7ffc1fcfac60
                                                                                                                                                0x7ffc1fcfac62
                                                                                                                                                0x7ffc1fcfac68
                                                                                                                                                0x7ffc1fcfac69
                                                                                                                                                0x7ffc1fcfac6e
                                                                                                                                                0x7ffc1fcfac76
                                                                                                                                                0x7ffc1fcfac82
                                                                                                                                                0x7ffc1fcfac87
                                                                                                                                                0x7ffc1fcfac97
                                                                                                                                                0x7ffc1fcfac9d
                                                                                                                                                0x7ffc1fcfaca7
                                                                                                                                                0x7ffc1fcfacb1
                                                                                                                                                0x7ffc1fcfacbb
                                                                                                                                                0x7ffc1fcfacc0
                                                                                                                                                0x7ffc1fcfacca
                                                                                                                                                0x7ffc1fcfacd6
                                                                                                                                                0x7ffc1fcface5
                                                                                                                                                0x7ffc1fcfaceb
                                                                                                                                                0x7ffc1fcfacf7
                                                                                                                                                0x7ffc1fcfad0e
                                                                                                                                                0x7ffc1fcfad1b
                                                                                                                                                0x7ffc1fcfad23
                                                                                                                                                0x7ffc1fcfad25
                                                                                                                                                0x7ffc1fcfad2b
                                                                                                                                                0x7ffc1fcfad2c
                                                                                                                                                0x7ffc1fcfad31
                                                                                                                                                0x7ffc1fcfad44
                                                                                                                                                0x7ffc1fcfad4a
                                                                                                                                                0x7ffc1fcfad4f
                                                                                                                                                0x7ffc1fcfad54
                                                                                                                                                0x7ffc1fcfad57
                                                                                                                                                0x7ffc1fcfad60
                                                                                                                                                0x7ffc1fcfad66
                                                                                                                                                0x7ffc1fcfad72
                                                                                                                                                0x7ffc1fcfad89
                                                                                                                                                0x7ffc1fcfad9e
                                                                                                                                                0x7ffc1fcfada0
                                                                                                                                                0x7ffc1fcfada6
                                                                                                                                                0x7ffc1fcfada7
                                                                                                                                                0x7ffc1fcfadb5
                                                                                                                                                0x7ffc1fcfadba
                                                                                                                                                0x7ffc1fcfadc6
                                                                                                                                                0x7ffc1fcfadcb
                                                                                                                                                0x7ffc1fcfaddd
                                                                                                                                                0x7ffc1fcfadea
                                                                                                                                                0x7ffc1fcfadee
                                                                                                                                                0x7ffc1fcfadf2
                                                                                                                                                0x7ffc1fcfadf4
                                                                                                                                                0x7ffc1fcfadfa
                                                                                                                                                0x7ffc1fcfadfb
                                                                                                                                                0x7ffc1fcfae10
                                                                                                                                                0x7ffc1fcfae15
                                                                                                                                                0x7ffc1fcfae21
                                                                                                                                                0x7ffc1fcfae38
                                                                                                                                                0x7ffc1fcfae4d
                                                                                                                                                0x7ffc1fcfae4f
                                                                                                                                                0x7ffc1fcfae55
                                                                                                                                                0x7ffc1fcfae56
                                                                                                                                                0x7ffc1fcfae7e

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00007FFC1FD0D640: __tlregdtor.LIBCMT ref: 00007FFC1FD0D690
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFAC62
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFAD25
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFADA0
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFADF4
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_startdocport {:#x}, '{}', {}, {}, {:#x}$system
                                                                                                                                                • API String ID: 333172304-80416438
                                                                                                                                                • Opcode ID: 406ab90b12b9c71644ad45163aa117fb6f4394c3b52fa641a7fa9bed9ec58b32
                                                                                                                                                • Instruction ID: 9bbbef3487aafe0973e947d1c5a32ca30ea10628ca2176c5b76d9909c2c0e957
                                                                                                                                                • Opcode Fuzzy Hash: 406ab90b12b9c71644ad45163aa117fb6f4394c3b52fa641a7fa9bed9ec58b32
                                                                                                                                                • Instruction Fuzzy Hash: 1271B162A08A9941FA24DF29F4543AEB351FB857F0F404236EAAD42BE9DF7CD094C750
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF9980 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 146COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 32%
                                                                                                                                                			E00007FFC7FFC1FCF9980(long long __rbx, void* __rcx, long long __rdx, void* __rbp, void* __r8, long long _a32) {
				signed int _v40;
				intOrPtr _v48;
				char _v72;
				long long _v80;
				long long _v88;
				char _v104;
				intOrPtr _v112;
				char _v136;
				long long _v144;
				long long _v152;
				char _v162;
				short _v164;
				char _v168;
				char _v184;
				long long _v200;
				long long _v208;
				long long _v216;
				void* __rsi;
				void* __r14;
				char _t49;
				void* _t68;
				signed long long _t87;
				signed long long _t88;
				long long _t92;
				void* _t106;
				long long _t107;
				char _t123;
				long long _t132;
				long long _t138;
				intOrPtr _t141;
				intOrPtr _t144;
				intOrPtr _t147;
				void* _t150;
				long long _t151;
				void* _t152;
				void* _t153;
				intOrPtr _t157;
				long long _t159;

				_t152 = __rbp;
				_a32 = __rbx;
				_t154 = _t153 - 0xe0;
				_t87 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_t88 = _t87 ^ _t153 - 0x000000e0;
				_v40 = _t88;
				_t106 = __r8;
				_t151 = __rdx;
				_t150 = __rcx;
				r14d = 0;
				_v168 = _t159;
				_v144 = 0xf;
				_v152 = 6;
				_t49 = "system"; // 0x74737973
				_v168 = _t49;
				_v164 =  *0x1fd2ba84 & 0x0000ffff;
				_v162 = r14b;
				_v136 = _t159;
				asm("movdqa xmm0, [0x329b3]");
				asm("movdqu [esp+0x80], xmm0");
				_v136 = r14b;
				E00007FFC7FFC1FD0D640(__r8, __rcx, __r8);
				if ( &_v136 == _t88) goto 0x1fcf9a25;
				_t157 =  *((intOrPtr*)(_t88 + 0x10));
				if ( *((long long*)(_t88 + 0x18)) - 0x10 < 0) goto 0x1fcf9a18;
				E00007FFC7FFC1FCF9100(__r8,  &_v136,  *_t88, _t157, _t159);
				E00007FFC7FFC1FD106F0( *((long long*)(_t88 + 0x18)) - 0x10,  *_t88,  &_v168, _t157);
				_t132 = _v144;
				if (_t132 - 0x10 < 0) goto 0x1fcf9a70;
				if (_t132 + 1 - 0x1000 < 0) goto 0x1fcf9a6b;
				_t92 = _v168 -  *((intOrPtr*)(_v168 - 8)) + 0xfffffff8;
				if (_t92 - 0x1f <= 0) goto 0x1fcf9a6b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v152 = _t159;
				_v144 = 0xf;
				_v168 = 0;
				E00007FFC7FFC1FD04280(_t68, _t106,  &_v72, _t106, _t151, _t152);
				_t107 = _t92;
				_v184 = _t151;
				E00007FFC7FFC1FD04280(_t68, _t107,  &_v104, _t150, _t151, _t152);
				_v200 = _t107;
				_v208 =  &_v184;
				_v216 = _t92;
				r8d = 0x51;
				_t67 = _t157 - 0x50;
				E00007FFC7FFC1FCF5BB0(_t157 - 0x50, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_configureport \'{}\', {:#x}, \'{}\'");
				_t138 = _v80;
				if (_t138 - 0x10 < 0) goto 0x1fcf9b24;
				if (_t138 + 1 - 0x1000 < 0) goto 0x1fcf9b1f;
				if (_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcf9b1f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v88 = _t159;
				_v80 = 0xf;
				_v104 = 0;
				_t141 = _v48;
				if (_t141 - 0x10 < 0) goto 0x1fcf9b87;
				if (_t141 + 1 - 0x1000 < 0) goto 0x1fcf9b81;
				if (_v72 -  *((intOrPtr*)(_v72 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcf9b81;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				E00007FFC7FFC1FD106F0(_v72 -  *((intOrPtr*)(_v72 - 8)) + 0xfffffff8 - 0x1f, _v72 -  *((intOrPtr*)(_v72 - 8)) + 0xfffffff8,  &_v136, _t157);
				_t144 = _v112;
				if (_t144 - 0x10 < 0) goto 0x1fcf9bd5;
				_t123 = _v136;
				if (_t144 + 1 - 0x1000 < 0) goto 0x1fcf9bcf;
				_t101 = _t123 -  *((intOrPtr*)(_t123 - 8)) + 0xfffffff8;
				_t82 = _t123 -  *((intOrPtr*)(_t123 - 8)) + 0xfffffff8 - 0x1f;
				if (_t123 -  *((intOrPtr*)(_t123 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcf9bcf;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				E00007FFC7FFC1FD106F0(_t82, _t101,  &_v136, _t157);
				_t147 = _v112;
				if (_t147 - 0x10 < 0) goto 0x1fcf9c2a;
				if (_t147 + 1 - 0x1000 < 0) goto 0x1fcf9c24;
				if (_v136 -  *((intOrPtr*)(_v136 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcf9c24;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				return E00007FFC7FFC1FD15E20(0, _t67, _v40 ^ _t154);
			}









































                                                                                                                                                0x7ffc1fcf9980
                                                                                                                                                0x7ffc1fcf9980
                                                                                                                                                0x7ffc1fcf9989
                                                                                                                                                0x7ffc1fcf9990
                                                                                                                                                0x7ffc1fcf9997
                                                                                                                                                0x7ffc1fcf999a
                                                                                                                                                0x7ffc1fcf99a2
                                                                                                                                                0x7ffc1fcf99a5
                                                                                                                                                0x7ffc1fcf99a8
                                                                                                                                                0x7ffc1fcf99ab
                                                                                                                                                0x7ffc1fcf99ae
                                                                                                                                                0x7ffc1fcf99b3
                                                                                                                                                0x7ffc1fcf99bc
                                                                                                                                                0x7ffc1fcf99c5
                                                                                                                                                0x7ffc1fcf99cb
                                                                                                                                                0x7ffc1fcf99d6
                                                                                                                                                0x7ffc1fcf99db
                                                                                                                                                0x7ffc1fcf99e0
                                                                                                                                                0x7ffc1fcf99e5
                                                                                                                                                0x7ffc1fcf99ed
                                                                                                                                                0x7ffc1fcf99f6
                                                                                                                                                0x7ffc1fcf99fb
                                                                                                                                                0x7ffc1fcf9a08
                                                                                                                                                0x7ffc1fcf9a0a
                                                                                                                                                0x7ffc1fcf9a13
                                                                                                                                                0x7ffc1fcf9a20
                                                                                                                                                0x7ffc1fcf9a2a
                                                                                                                                                0x7ffc1fcf9a30
                                                                                                                                                0x7ffc1fcf9a39
                                                                                                                                                0x7ffc1fcf9a4d
                                                                                                                                                0x7ffc1fcf9a5a
                                                                                                                                                0x7ffc1fcf9a62
                                                                                                                                                0x7ffc1fcf9a64
                                                                                                                                                0x7ffc1fcf9a6a
                                                                                                                                                0x7ffc1fcf9a6b
                                                                                                                                                0x7ffc1fcf9a70
                                                                                                                                                0x7ffc1fcf9a75
                                                                                                                                                0x7ffc1fcf9a7e
                                                                                                                                                0x7ffc1fcf9a8e
                                                                                                                                                0x7ffc1fcf9a93
                                                                                                                                                0x7ffc1fcf9a96
                                                                                                                                                0x7ffc1fcf9aa6
                                                                                                                                                0x7ffc1fcf9aac
                                                                                                                                                0x7ffc1fcf9ab6
                                                                                                                                                0x7ffc1fcf9abb
                                                                                                                                                0x7ffc1fcf9ac7
                                                                                                                                                0x7ffc1fcf9ad4
                                                                                                                                                0x7ffc1fcf9ad8
                                                                                                                                                0x7ffc1fcf9ade
                                                                                                                                                0x7ffc1fcf9aea
                                                                                                                                                0x7ffc1fcf9b01
                                                                                                                                                0x7ffc1fcf9b16
                                                                                                                                                0x7ffc1fcf9b18
                                                                                                                                                0x7ffc1fcf9b1e
                                                                                                                                                0x7ffc1fcf9b1f
                                                                                                                                                0x7ffc1fcf9b24
                                                                                                                                                0x7ffc1fcf9b2c
                                                                                                                                                0x7ffc1fcf9b38
                                                                                                                                                0x7ffc1fcf9b40
                                                                                                                                                0x7ffc1fcf9b4c
                                                                                                                                                0x7ffc1fcf9b63
                                                                                                                                                0x7ffc1fcf9b78
                                                                                                                                                0x7ffc1fcf9b7a
                                                                                                                                                0x7ffc1fcf9b80
                                                                                                                                                0x7ffc1fcf9b81
                                                                                                                                                0x7ffc1fcf9b8c
                                                                                                                                                0x7ffc1fcf9b91
                                                                                                                                                0x7ffc1fcf9b9d
                                                                                                                                                0x7ffc1fcf9ba2
                                                                                                                                                0x7ffc1fcf9bb1
                                                                                                                                                0x7ffc1fcf9bbe
                                                                                                                                                0x7ffc1fcf9bc2
                                                                                                                                                0x7ffc1fcf9bc6
                                                                                                                                                0x7ffc1fcf9bc8
                                                                                                                                                0x7ffc1fcf9bce
                                                                                                                                                0x7ffc1fcf9bcf
                                                                                                                                                0x7ffc1fcf9be1
                                                                                                                                                0x7ffc1fcf9be6
                                                                                                                                                0x7ffc1fcf9bf2
                                                                                                                                                0x7ffc1fcf9c06
                                                                                                                                                0x7ffc1fcf9c1b
                                                                                                                                                0x7ffc1fcf9c1d
                                                                                                                                                0x7ffc1fcf9c23
                                                                                                                                                0x7ffc1fcf9c24
                                                                                                                                                0x7ffc1fcf9c4f

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00007FFC1FD0D640: __tlregdtor.LIBCMT ref: 00007FFC1FD0D690
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF9A64
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF9B18
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF9B7A
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF9BC8
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_configureport '{}', {:#x}, '{}'$system
                                                                                                                                                • API String ID: 333172304-3163355225
                                                                                                                                                • Opcode ID: e14ab46071b807c50b760bae5b8b4710aa90fb6ebf50a14d2b1117d1926ebb90
                                                                                                                                                • Instruction ID: eb08eab454867642948ec660e603e7529657d9bd791dc3e0c8cd84fcf1285c23
                                                                                                                                                • Opcode Fuzzy Hash: e14ab46071b807c50b760bae5b8b4710aa90fb6ebf50a14d2b1117d1926ebb90
                                                                                                                                                • Instruction Fuzzy Hash: D9518162A18E9D42FA249F64F4543BEA351FB857B0F404231E6AD06AE9DF7CD090D790
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD05550 Relevance: 12.2, APIs: 8, Instructions: 248COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FFC1FD05BDD), ref: 00007FFC1FD05643
                                                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FFC1FD05BDD), ref: 00007FFC1FD0565A
                                                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FFC1FD05BDD), ref: 00007FFC1FD0567E
                                                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FFC1FD05BDD), ref: 00007FFC1FD05695
                                                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FFC1FD05BDD), ref: 00007FFC1FD056CE
                                                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FFC1FD05BDD), ref: 00007FFC1FD056E5
                                                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FFC1FD05BDD), ref: 00007FFC1FD0573E
                                                                                                                                                • __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FFC1FD05BDD), ref: 00007FFC1FD05755
                                                                                                                                                  • Part of subcall function 00007FFC1FD05480: __std_type_info_compare.VCRUNTIME140(?,?,?,00007FFC1FD0561B,?,?,00000000,00007FFC1FD05BDD), ref: 00007FFC1FD054A6
                                                                                                                                                  • Part of subcall function 00007FFC1FD05480: __std_type_info_compare.VCRUNTIME140(?,?,?,00007FFC1FD0561B,?,?,00000000,00007FFC1FD05BDD), ref: 00007FFC1FD054DE
                                                                                                                                                  • Part of subcall function 00007FFC1FD05480: __std_type_info_compare.VCRUNTIME140(?,?,?,00007FFC1FD0561B,?,?,00000000,00007FFC1FD05BDD), ref: 00007FFC1FD05516
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: __std_type_info_compare
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 4241632388-0
                                                                                                                                                • Opcode ID: 7d142e9f2ca846a9df2f65f0f1854761cbdd8297f96bc156cff0964b0237385b
                                                                                                                                                • Instruction ID: 67e989a59263090734e5e5643216fb87ca3ebf21089112fa1b3c59b48221c773
                                                                                                                                                • Opcode Fuzzy Hash: 7d142e9f2ca846a9df2f65f0f1854761cbdd8297f96bc156cff0964b0237385b
                                                                                                                                                • Instruction Fuzzy Hash: D5A16A76B05EAA81DB14EF16E9442797365FB84BE4B858432DF5D47748DF38E060C3A0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD0BD30 Relevance: 12.1, APIs: 8, Instructions: 135COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • memmove.VCRUNTIME140(?,?,00000000,?,00007FFC1FD0E79F), ref: 00007FFC1FD0BE20
                                                                                                                                                • memmove.VCRUNTIME140(?,?,00000000,?,00007FFC1FD0E79F), ref: 00007FFC1FD0BE37
                                                                                                                                                • memset.VCRUNTIME140(?,?,00000000,?,00007FFC1FD0E79F), ref: 00007FFC1FD0BE4C
                                                                                                                                                • memmove.VCRUNTIME140(?,?,00000000,?,00007FFC1FD0E79F), ref: 00007FFC1FD0BE64
                                                                                                                                                • memmove.VCRUNTIME140(?,?,00000000,?,00007FFC1FD0E79F), ref: 00007FFC1FD0BE7D
                                                                                                                                                • memset.VCRUNTIME140(?,?,00000000,?,00007FFC1FD0E79F), ref: 00007FFC1FD0BE8B
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,00007FFC1FD0E79F), ref: 00007FFC1FD0BEEF
                                                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFC1FD0BEF6
                                                                                                                                                  • Part of subcall function 00007FFC1FD156A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFC1FCF8F4E), ref: 00007FFC1FD156C2
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memmove$memset$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1282081513-0
                                                                                                                                                • Opcode ID: f6b35741b10c704098a06c801e1f053a1391e23ad5623e337860fab711777fad
                                                                                                                                                • Instruction ID: b1a835d474680cefd7accb6c257993006d31789253e28a82e5d5566c044bbbbc
                                                                                                                                                • Opcode Fuzzy Hash: f6b35741b10c704098a06c801e1f053a1391e23ad5623e337860fab711777fad
                                                                                                                                                • Instruction Fuzzy Hash: 7141D162A09A9E85EA18EF22D4402B86711EF45BF0F584635DE6D07BC5CE3CD060C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD1B140 Relevance: 10.6, APIs: 7, Instructions: 134COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FFC1FD1B1C7
                                                                                                                                                • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FFC1FD1B21E
                                                                                                                                                • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FFC1FD1B248
                                                                                                                                                • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FFC1FD1B283
                                                                                                                                                • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FFC1FD1B2B7
                                                                                                                                                • ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FFC1FD1B2BE
                                                                                                                                                • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FFC1FD1B2CA
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1492985063-0
                                                                                                                                                • Opcode ID: 9d0936fb1a672e1796aba82365c1d2076bff5db8fa4339c5f789ed29314c767b
                                                                                                                                                • Instruction ID: 55c47a24da7acbd3e91dbbd9c86992cc739b4578fdf705ab9f19c4041e9621ed
                                                                                                                                                • Opcode Fuzzy Hash: 9d0936fb1a672e1796aba82365c1d2076bff5db8fa4339c5f789ed29314c767b
                                                                                                                                                • Instruction Fuzzy Hash: 0551612260CE5D81EB259F5AE58027CA760EB86FA5F198135CE4E077A0CF3DD596C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCFC670 Relevance: 10.6, APIs: 7, Instructions: 125COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(00000009,?,?,?,?,00007FFC1FCFF95E), ref: 00007FFC1FCFC6D3
                                                                                                                                                • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(00000009,?,?,?,?,00007FFC1FCFF95E), ref: 00007FFC1FCFC74A
                                                                                                                                                • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(00000009,?,?,?,?,00007FFC1FCFF95E), ref: 00007FFC1FCFC770
                                                                                                                                                • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140(?,?,?,00007FFC1FCFF95E), ref: 00007FFC1FCFC79B
                                                                                                                                                • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140(00000009,?,?,?,?,00007FFC1FCFF95E), ref: 00007FFC1FCFC7DC
                                                                                                                                                • ?uncaught_exception@std@@YA_NXZ.MSVCP140(?,?,?,00007FFC1FCFF95E), ref: 00007FFC1FCFC7E3
                                                                                                                                                • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140(?,?,?,00007FFC1FCFF95E), ref: 00007FFC1FCFC7EF
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2331969452-0
                                                                                                                                                • Opcode ID: f691e1f04ba2ee2f9ca696224b13ba9103c1a7b8a4e03602e614a439e787b8e8
                                                                                                                                                • Instruction ID: 4ae3158006a1d254f70e9e2dc005d344fdbaefd83bfc602467a73415d10f0469
                                                                                                                                                • Opcode Fuzzy Hash: f691e1f04ba2ee2f9ca696224b13ba9103c1a7b8a4e03602e614a439e787b8e8
                                                                                                                                                • Instruction Fuzzy Hash: 02519C32609E5982EB24CF1AE0D0238A7A0FB84FA9F158232CE4E437A0CF39D556D750
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCFE3A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 116COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 15%
                                                                                                                                                			E00007FFC7FFC1FCFE3A0(void* __eax, void* __ebp, long long __rbx, long long __rcx, void* __rdx, long long _a24) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				signed long long _v104;
				signed long long _v112;
				long long _v120;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r14;
				void* _t35;
				void* _t37;
				signed long long _t52;
				signed long long _t53;
				long long _t66;
				intOrPtr _t83;
				signed long long _t86;
				long long _t87;
				void* _t88;
				void* _t89;
				void* _t92;
				void* _t94;

				_t66 = __rcx;
				_a24 = __rbx;
				_t52 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_t53 = _t52 ^ _t89 - 0x00000070;
				_v56 = _t53;
				_t88 = __rdx;
				_t87 = __rcx;
				if ( *((long long*)(__rdx + 0x10)) == 0) goto 0x1fcfe517;
				_t4 = _t66 + 0x70; // 0x70
				_v120 = _t4;
				0x1fd15430();
				if (__eax != 0) goto 0x1fcfe50f;
				E00007FFC7FFC1FD156A8(E00007FFC7FFC1FD03D90(_t37, _t4,  &_v88, __rcx, __rdx, _t92, _t94), _t53,  &_v88);
				_t86 = _t53;
				_v112 = _t53;
				if (_t53 == 0) goto 0x1fcfe43c;
				asm("xorps xmm0, xmm0");
				asm("movups [eax], xmm0");
				 *((intOrPtr*)(_t53 + 8)) = 1;
				 *((intOrPtr*)(_t53 + 0xc)) = 1;
				 *_t86 = 0x1fd2c988;
				_t10 = _t86 + 0x10; // 0x10
				E00007FFC7FFC1FCFD640(0x1fd2c988, _t4, _t10, _t88, _t53);
				goto 0x1fcfe43e;
				_t11 = _t86 + 0x10; // 0x10
				_v112 = _t11;
				_v104 = _t86;
				_t15 = _t87 + 0x60; // 0x60
				E00007FFC7FFC1FCFC830(_t4, _t15,  &_v112, _t87);
				if (_v104 == 0) goto 0x1fcfe49d;
				asm("lock xadd [ecx+0x8], eax");
				if (0xffffffff != 1) goto 0x1fcfe498;
				 *((intOrPtr*)( *_v104))();
				asm("lock xadd [ebx+0xc], edi");
				if (0xffffffff != 1) goto 0x1fcfe498;
				 *((intOrPtr*)( *_v104 + 8))();
				_t83 = _v64;
				if (_t83 - 0x10 < 0) goto 0x1fcfe4dd;
				if (_t83 + 1 - 0x1000 < 0) goto 0x1fcfe4d8;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfe4d8;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_t35 = E00007FFC7FFC1FD007D0(_v120, _t87, _t86, _t87);
				0x1fd15436();
				return E00007FFC7FFC1FD15E20(_t35, 0x118, _v56 ^ _t89 - 0x00000070);
			}

























                                                                                                                                                0x7ffc1fcfe3a0
                                                                                                                                                0x7ffc1fcfe3a0
                                                                                                                                                0x7ffc1fcfe3b0
                                                                                                                                                0x7ffc1fcfe3b7
                                                                                                                                                0x7ffc1fcfe3ba
                                                                                                                                                0x7ffc1fcfe3bf
                                                                                                                                                0x7ffc1fcfe3c2
                                                                                                                                                0x7ffc1fcfe3ca
                                                                                                                                                0x7ffc1fcfe3d0
                                                                                                                                                0x7ffc1fcfe3d4
                                                                                                                                                0x7ffc1fcfe3dc
                                                                                                                                                0x7ffc1fcfe3e3
                                                                                                                                                0x7ffc1fcfe3fb
                                                                                                                                                0x7ffc1fcfe400
                                                                                                                                                0x7ffc1fcfe403
                                                                                                                                                0x7ffc1fcfe40b
                                                                                                                                                0x7ffc1fcfe40d
                                                                                                                                                0x7ffc1fcfe410
                                                                                                                                                0x7ffc1fcfe413
                                                                                                                                                0x7ffc1fcfe41a
                                                                                                                                                0x7ffc1fcfe428
                                                                                                                                                0x7ffc1fcfe42b
                                                                                                                                                0x7ffc1fcfe435
                                                                                                                                                0x7ffc1fcfe43a
                                                                                                                                                0x7ffc1fcfe43e
                                                                                                                                                0x7ffc1fcfe442
                                                                                                                                                0x7ffc1fcfe447
                                                                                                                                                0x7ffc1fcfe451
                                                                                                                                                0x7ffc1fcfe455
                                                                                                                                                0x7ffc1fcfe463
                                                                                                                                                0x7ffc1fcfe46c
                                                                                                                                                0x7ffc1fcfe474
                                                                                                                                                0x7ffc1fcfe481
                                                                                                                                                0x7ffc1fcfe483
                                                                                                                                                0x7ffc1fcfe48b
                                                                                                                                                0x7ffc1fcfe495
                                                                                                                                                0x7ffc1fcfe49d
                                                                                                                                                0x7ffc1fcfe4a6
                                                                                                                                                0x7ffc1fcfe4ba
                                                                                                                                                0x7ffc1fcfe4cf
                                                                                                                                                0x7ffc1fcfe4d1
                                                                                                                                                0x7ffc1fcfe4d7
                                                                                                                                                0x7ffc1fcfe4d8
                                                                                                                                                0x7ffc1fcfe4e0
                                                                                                                                                0x7ffc1fcfe4e9
                                                                                                                                                0x7ffc1fcfe50e

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ByteCharMultiWide$C_error@std@@ErrorExceptionLastMtx_lockMtx_unlockPathTempThrowThrow__invalid_parameter_noinfo_noreturnmalloc
                                                                                                                                                • String ID: port name cannot be empty
                                                                                                                                                • API String ID: 314681990-1868005089
                                                                                                                                                • Opcode ID: 7f3501138e338ee3b7d9d33c44808dd3e511c8856744d23ebb6d5a8f62c01bc5
                                                                                                                                                • Instruction ID: 79a6e8348c1c660d77378b536f80271b823df9081474df18b4f5d0f199c3023e
                                                                                                                                                • Opcode Fuzzy Hash: 7f3501138e338ee3b7d9d33c44808dd3e511c8856744d23ebb6d5a8f62c01bc5
                                                                                                                                                • Instruction Fuzzy Hash: 4841D032A18E5E82FA24AF25E4502BD6360FB85BB0F484131EA5D037A5DF3CD4A1C760
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD03D90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 84COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 23%
                                                                                                                                                			E00007FFC7FFC1FD03D90(void* __ebx, long long __rbx, intOrPtr* __rcx, long long __rsi, long long __rbp, void* __r8, void* __r14, long long _a16, long long _a24, long long _a32) {
				void* _v8;
				signed int _v24;
				char _v1064;
				char _v1592;
				char _v1608;
				long long _v1616;
				long long _v1624;
				short _v1632;
				long long _v1640;
				int _t40;
				signed long long _t61;
				intOrPtr* _t81;
				void* _t86;

				_t82 = __rsi;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t61 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_v24 = _t61 ^ _t86 - 0x00000680;
				_v1608 = __rcx;
				_t81 = __rcx;
				_v1064 = 0;
				if (GetTempPathW(??, ??) != 0) goto 0x1fd03e14;
				_v1608 = GetLastError();
				r8d = 0xdb;
				_v1640 =  &_v1608;
				_t11 = _t82 + 1; // 0x1
				E00007FFC7FFC1FD035D0(_t11, "c:\\design\\wiservice\\wiservice\\ext\\win\\ext-win-winutil.cpp", __rbp, "couldn\'t get temp folder path, error {}");
				_v1592 = sil;
				if ( *((intOrPtr*)( &_v1064 + 0xfffffffffffffffe)) != 0) goto 0x1fd03e30;
				if (0 == 0) goto 0x1fd03ea2;
				_v1616 = __rsi;
				_v1624 = __rsi;
				r9d = __ebx;
				_v1632 = 0;
				_v1640 = __rsi;
				_t40 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				if (_t40 == 0) goto 0x1fd03ea2;
				_v1616 = __rsi;
				_v1624 = __rsi;
				_t41 =  >  ? 0x208 : _t40;
				r9d = __ebx;
				_v1632 =  >  ? 0x208 : _t40;
				_v1640 =  &_v1592;
				WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				 *_t81 = __rsi;
				 *((long long*)(_t81 + 0x10)) = __rsi;
				 *((long long*)(_t81 + 0x18)) = 0xf;
				 *_t81 = sil;
				if ( *((intOrPtr*)( &_v1592 + 0xffffffff)) != sil) goto 0x1fd03ec0;
				return E00007FFC7FFC1FD15E20(E00007FFC7FFC1FCF9100(0, _t81,  &_v1592, 0xffffffff, __r14), 0xfde9, _v24 ^ _t86 - 0x00000680);
			}
















                                                                                                                                                0x7ffc1fd03d90
                                                                                                                                                0x7ffc1fd03d90
                                                                                                                                                0x7ffc1fd03d95
                                                                                                                                                0x7ffc1fd03d9a
                                                                                                                                                0x7ffc1fd03da7
                                                                                                                                                0x7ffc1fd03db1
                                                                                                                                                0x7ffc1fd03db9
                                                                                                                                                0x7ffc1fd03dc6
                                                                                                                                                0x7ffc1fd03dd2
                                                                                                                                                0x7ffc1fd03de2
                                                                                                                                                0x7ffc1fd03dea
                                                                                                                                                0x7ffc1fd03dfa
                                                                                                                                                0x7ffc1fd03e07
                                                                                                                                                0x7ffc1fd03e0c
                                                                                                                                                0x7ffc1fd03e0f
                                                                                                                                                0x7ffc1fd03e1b
                                                                                                                                                0x7ffc1fd03e37
                                                                                                                                                0x7ffc1fd03e3c
                                                                                                                                                0x7ffc1fd03e3e
                                                                                                                                                0x7ffc1fd03e4b
                                                                                                                                                0x7ffc1fd03e50
                                                                                                                                                0x7ffc1fd03e53
                                                                                                                                                0x7ffc1fd03e5e
                                                                                                                                                0x7ffc1fd03e63
                                                                                                                                                0x7ffc1fd03e6b
                                                                                                                                                0x7ffc1fd03e6f
                                                                                                                                                0x7ffc1fd03e74
                                                                                                                                                0x7ffc1fd03e81
                                                                                                                                                0x7ffc1fd03e84
                                                                                                                                                0x7ffc1fd03e87
                                                                                                                                                0x7ffc1fd03e97
                                                                                                                                                0x7ffc1fd03e9c
                                                                                                                                                0x7ffc1fd03ea2
                                                                                                                                                0x7ffc1fd03eaa
                                                                                                                                                0x7ffc1fd03eae
                                                                                                                                                0x7ffc1fd03eb6
                                                                                                                                                0x7ffc1fd03ec7
                                                                                                                                                0x7ffc1fd03f04

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ByteCharMultiWide_invalid_parameter_noinfo_noreturn$ErrorLastPathTemp
                                                                                                                                                • String ID: c:\design\wiservice\wiservice\ext\win\ext-win-winutil.cpp$couldn't get temp folder path, error {}
                                                                                                                                                • API String ID: 1286625825-281439859
                                                                                                                                                • Opcode ID: 860c7eea8b8651675c8de02d71854b649c3b9077d5b219fa0bc9373d784dcf82
                                                                                                                                                • Instruction ID: ee3e997480f66017d9561a98716434776ad28353b2a65db39d1e2f6bc9f155f7
                                                                                                                                                • Opcode Fuzzy Hash: 860c7eea8b8651675c8de02d71854b649c3b9077d5b219fa0bc9373d784dcf82
                                                                                                                                                • Instruction Fuzzy Hash: 0F418232608F9982E7249F15F4402ABB7A5FB88BA0F444235EB9D03B94DF3DD525CB90
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD082A0 Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD082B2
                                                                                                                                                • ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD082CC
                                                                                                                                                • ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD082F6
                                                                                                                                                • ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD08320
                                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 00007FFC1FD08339
                                                                                                                                                • ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD08358
                                                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFC1FD08369
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Concurrency::cancel_current_taskD@std@@@std@@@std@@Facet_Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@RegisterU?$char_traits@V42@@V?$ostreambuf_iterator@Vfacet@locale@2@std::_
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3345465274-0
                                                                                                                                                • Opcode ID: 4e4a803cf451d749639f82d7c091ac8fe20c97de71ea8e2ae2af82c5be18d0bb
                                                                                                                                                • Instruction ID: 12ddc5e2dee21aa58301d41424a5d5de06b9879b33248be65b555be67450fa04
                                                                                                                                                • Opcode Fuzzy Hash: 4e4a803cf451d749639f82d7c091ac8fe20c97de71ea8e2ae2af82c5be18d0bb
                                                                                                                                                • Instruction Fuzzy Hash: 5D214A22A08E5E81EB08BF16E48017D6760EB99BB0B0C4531DA5D437A5DF3CE4A0C3A0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD081D0 Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD081E2
                                                                                                                                                • ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,00007FFC1FD1AECA), ref: 00007FFC1FD081FC
                                                                                                                                                • ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,00007FFC1FD1AECA), ref: 00007FFC1FD08226
                                                                                                                                                • ?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,00007FFC1FD1AECA), ref: 00007FFC1FD08250
                                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 00007FFC1FD08269
                                                                                                                                                • ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,00007FFC1FD1AECA), ref: 00007FFC1FD08288
                                                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFC1FD08299
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Concurrency::cancel_current_taskFacet_Getcat@?$codecvt@_Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterV42@@Vfacet@locale@2@std::_
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 929128910-0
                                                                                                                                                • Opcode ID: 3a782683d63e8b3b5db5c7f10f913e878a86a5064d5519ca7bc9aeb1d141eeb8
                                                                                                                                                • Instruction ID: 6052ec05f34db9f56cf8b923fb06e4e61728a7de0c1c8fb2d8adc63f29609caf
                                                                                                                                                • Opcode Fuzzy Hash: 3a782683d63e8b3b5db5c7f10f913e878a86a5064d5519ca7bc9aeb1d141eeb8
                                                                                                                                                • Instruction Fuzzy Hash: AC213925A09E5E81EA08AF66E4441796760EB9ABB0F0C0131CA5D077A8DF7CE4A0C3A0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD26B90 Relevance: 10.1, APIs: 8, Instructions: 100memoryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Heap$FreeProcess$Value
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3709577838-0
                                                                                                                                                • Opcode ID: cba726e5eb5ad7b4e1610d0dee1c37cbefd4d62cab8451685cd09f84cd3f4121
                                                                                                                                                • Instruction ID: 372320c0c925685b9f5097bb9451f71d0eb26b9d61874a87bc21db7ef1bce451
                                                                                                                                                • Opcode Fuzzy Hash: cba726e5eb5ad7b4e1610d0dee1c37cbefd4d62cab8451685cd09f84cd3f4121
                                                                                                                                                • Instruction Fuzzy Hash: AC411F62A05F6D82EB58AF26E4443396361FF88FA4F588534CA4E037A4CF2CE455C3D0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD04280 Relevance: 9.2, APIs: 6, Instructions: 157COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ByteCharMultiWide$Concurrency::cancel_current_taskXlength_error@std@@mallocmemset
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1152013002-0
                                                                                                                                                • Opcode ID: 542fc2ed402419ff91edc090ac5f0108e80cbfef90a8c7504d974c129b5f27d7
                                                                                                                                                • Instruction ID: 5088caebc217a005bba02ffc79703e213b8c153e042ed4205f4b72c94acae9d6
                                                                                                                                                • Opcode Fuzzy Hash: 542fc2ed402419ff91edc090ac5f0108e80cbfef90a8c7504d974c129b5f27d7
                                                                                                                                                • Instruction Fuzzy Hash: 2051A522A09B5E81EB28AF11B50077AA6A4FB857B4F184234DE9D03BD9DF7CD064D350
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD267A0 Relevance: 9.1, APIs: 6, Instructions: 118COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 54%
                                                                                                                                                			E00007FFC7FFC1FD267A0() {
				void* _t42;
				void* _t43;
				void* _t58;
				void* _t61;
				long long _t66;
				intOrPtr* _t67;
				long long _t69;
				intOrPtr* _t71;
				void* _t86;
				intOrPtr _t87;
				intOrPtr* _t88;
				long _t92;
				intOrPtr* _t93;
				long* _t96;
				intOrPtr _t97;
				void* _t99;
				void* _t100;
				long* _t102;
				intOrPtr* _t103;
				long _t105;
				void* _t108;
				intOrPtr _t109;
				void* _t111;
				long long _t112;

				 *((long long*)(_t99 + 0x10)) = _t66;
				_t100 = _t99 - 0x20;
				_t103 = _t71;
				 *((char*)(_t71 + 0x28)) = 1;
				E00007FFC7FFC1FD26A20(_t42, _t43, _t61, _t66, _t71 + 0x40, _t86, _t92);
				_t112 =  *((intOrPtr*)(_t103 + 0x78));
				_t93 =  *_t112;
				 *((long long*)(_t100 + 0x60)) = _t93;
				 *((long long*)(_t100 + 0x70)) = _t112;
				if (_t93 == _t112) goto 0x1fd26915;
				_t97 =  *((intOrPtr*)(_t93 + 0x10));
				if ( *((intOrPtr*)(_t97 + 0x10)) == 0) goto 0x1fd26909;
				E00007FFC7FFC1FD26690( *((intOrPtr*)(_t97 + 0x10)), _t61, _t66, _t97, _t93, _t111);
				if ( *((intOrPtr*)(_t97 + 0x10)) != 0) goto 0x1fd26813;
				goto 0x1fd268d8;
				 *((intOrPtr*)(_t97 + 0x10)) = 0;
				r8d = 0;
				ReleaseSemaphore(_t108, _t105, _t102);
				_t67 =  *((intOrPtr*)(_t97 + 0x18));
				_t87 =  *((intOrPtr*)(_t97 + 0x20));
				if (_t67 == _t87) goto 0x1fd2684f;
				 *((char*)( *_t67 + 0x14)) = 1;
				r8d = 0;
				ReleaseSemaphore(_t86, _t92, _t96);
				if (_t67 + 8 != _t87) goto 0x1fd26830;
				_t109 =  *((intOrPtr*)(_t97 + 0x20));
				_t88 =  *((intOrPtr*)(_t97 + 0x18));
				if (_t88 == _t109) goto 0x1fd268ba;
				_t69 =  *_t88;
				if (_t69 == 0) goto 0x1fd268ad;
				asm("lock xadd [ebx+0x18], eax");
				if (0xffffffff != 1) goto 0x1fd268ad;
				if ( *((intOrPtr*)(_t69 + 8)) - 1 - 0xfffffffd > 0) goto 0x1fd2688c;
				CloseHandle(??);
				if ( *_t69 - 1 - 0xfffffffd > 0) goto 0x1fd268a0;
				CloseHandle(??);
				E00007FFC7FFC1FD156E4();
				if (_t88 + 8 != _t109) goto 0x1fd26860;
				 *((long long*)(_t97 + 0x20)) =  *((intOrPtr*)(_t97 + 0x18));
				_t58 =  *((intOrPtr*)(_t97 + 0x30)) - 1 - 0xfffffffd;
				if (_t58 > 0) goto 0x1fd268d2;
				CloseHandle(??);
				 *((long long*)(_t97 + 0x30)) = _t69;
				asm("lock xadd [ebp], eax");
				asm("bt eax, 0x1e");
				if (_t58 < 0) goto 0x1fd26909;
				if (0x80000000 - 0x80000000 <= 0) goto 0x1fd26909;
				asm("lock bts dword [ebp], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x1fd26909;
				E00007FFC7FFC1FD0D940(_t97);
				SetEvent(??);
				if ( *_t93 != _t112) goto 0x1fd267f0;
				goto ( *((intOrPtr*)( *_t103 + 0x10)));
			}



























                                                                                                                                                0x7ffc1fd267a0
                                                                                                                                                0x7ffc1fd267b0
                                                                                                                                                0x7ffc1fd267b7
                                                                                                                                                0x7ffc1fd267ba
                                                                                                                                                0x7ffc1fd267c2
                                                                                                                                                0x7ffc1fd267c7
                                                                                                                                                0x7ffc1fd267cc
                                                                                                                                                0x7ffc1fd267cf
                                                                                                                                                0x7ffc1fd267d4
                                                                                                                                                0x7ffc1fd267dc
                                                                                                                                                0x7ffc1fd267f0
                                                                                                                                                0x7ffc1fd267f9
                                                                                                                                                0x7ffc1fd26802
                                                                                                                                                0x7ffc1fd2680c
                                                                                                                                                0x7ffc1fd2680e
                                                                                                                                                0x7ffc1fd26813
                                                                                                                                                0x7ffc1fd26816
                                                                                                                                                0x7ffc1fd2681d
                                                                                                                                                0x7ffc1fd26823
                                                                                                                                                0x7ffc1fd26827
                                                                                                                                                0x7ffc1fd2682e
                                                                                                                                                0x7ffc1fd26836
                                                                                                                                                0x7ffc1fd2683a
                                                                                                                                                0x7ffc1fd26840
                                                                                                                                                0x7ffc1fd2684d
                                                                                                                                                0x7ffc1fd2684f
                                                                                                                                                0x7ffc1fd26853
                                                                                                                                                0x7ffc1fd2685a
                                                                                                                                                0x7ffc1fd26860
                                                                                                                                                0x7ffc1fd26866
                                                                                                                                                0x7ffc1fd2686d
                                                                                                                                                0x7ffc1fd26875
                                                                                                                                                0x7ffc1fd26883
                                                                                                                                                0x7ffc1fd26885
                                                                                                                                                0x7ffc1fd26897
                                                                                                                                                0x7ffc1fd26899
                                                                                                                                                0x7ffc1fd268a8
                                                                                                                                                0x7ffc1fd268b4
                                                                                                                                                0x7ffc1fd268ba
                                                                                                                                                0x7ffc1fd268c6
                                                                                                                                                0x7ffc1fd268ca
                                                                                                                                                0x7ffc1fd268cc
                                                                                                                                                0x7ffc1fd268d4
                                                                                                                                                0x7ffc1fd268dd
                                                                                                                                                0x7ffc1fd268e2
                                                                                                                                                0x7ffc1fd268e6
                                                                                                                                                0x7ffc1fd268ed
                                                                                                                                                0x7ffc1fd268ef
                                                                                                                                                0x7ffc1fd268f5
                                                                                                                                                0x7ffc1fd268fa
                                                                                                                                                0x7ffc1fd26902
                                                                                                                                                0x7ffc1fd2690f
                                                                                                                                                0x7ffc1fd26933

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CloseHandle$EventReleaseSemaphore$ObjectSingleWait
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1488515630-0
                                                                                                                                                • Opcode ID: 3bcf2f0ad8178168a7f8be7a2930863f511e61aaff0b105efb4953fc0a99a83f
                                                                                                                                                • Instruction ID: 62669b753b1799706f76044d2d8f62e2656f700ec1d2f00633457a2bc8757ab2
                                                                                                                                                • Opcode Fuzzy Hash: 3bcf2f0ad8178168a7f8be7a2930863f511e61aaff0b105efb4953fc0a99a83f
                                                                                                                                                • Instruction Fuzzy Hash: D1419162A04FAD8AEB14AF25D844679A360FB45BB8F184631EE2D437D4DF38D461C3E0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF2190 Relevance: 9.1, APIs: 6, Instructions: 118COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2016347663-0
                                                                                                                                                • Opcode ID: dfbe2bb97fd55202672e72005a79ffd0a429575f79d2377de772fcddb129c807
                                                                                                                                                • Instruction ID: 8e693456fe309fa6c8c514114a3c99b4575ad54622f5876c6505462df3780119
                                                                                                                                                • Opcode Fuzzy Hash: dfbe2bb97fd55202672e72005a79ffd0a429575f79d2377de772fcddb129c807
                                                                                                                                                • Instruction Fuzzy Hash: CC41CF62B09EAA81FA24AF12A4142A9A356AB45BF4F480631DE5D4B7C5CF7CE061D360
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD059F0 Relevance: 9.1, APIs: 6, Instructions: 117COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • memmove.VCRUNTIME140(?,?,?,?,00007FFC1FD0C1BC,?,?,?,?,?,00007FFC1FD0C11C,?,?,?,00007FFC1FD0D3B9), ref: 00007FFC1FD05ADE
                                                                                                                                                • memset.VCRUNTIME140(?,?,?,?,00007FFC1FD0C1BC,?,?,?,?,?,00007FFC1FD0C11C,?,?,?,00007FFC1FD0D3B9), ref: 00007FFC1FD05AEC
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFC1FD0C1BC,?,?,?,?,?,00007FFC1FD0C11C,?,?,?,00007FFC1FD0D3B9), ref: 00007FFC1FD05B25
                                                                                                                                                • memmove.VCRUNTIME140(?,?,?,?,00007FFC1FD0C1BC,?,?,?,?,?,00007FFC1FD0C11C,?,?,?,00007FFC1FD0D3B9), ref: 00007FFC1FD05B2F
                                                                                                                                                • memset.VCRUNTIME140(?,?,?,?,00007FFC1FD0C1BC,?,?,?,?,?,00007FFC1FD0C11C,?,?,?,00007FFC1FD0D3B9), ref: 00007FFC1FD05B3D
                                                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFC1FD05B72
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memmovememset$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2171940698-0
                                                                                                                                                • Opcode ID: 34bb71b0ba394ae16318a7d290492d0c7af7ec8d63b37f31e4ad3571e89afd36
                                                                                                                                                • Instruction ID: e18af417cc218811321d3acad4e1dde1ebd56f8e128bfd8acfbc053364333274
                                                                                                                                                • Opcode Fuzzy Hash: 34bb71b0ba394ae16318a7d290492d0c7af7ec8d63b37f31e4ad3571e89afd36
                                                                                                                                                • Instruction Fuzzy Hash: 0E41A321A09A9D85EA18AF12A5443B9A356EF84BE0F880631DE5D0B7D5CF7CE061C3A4
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD214B0 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 338COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FFC1FD2160E
                                                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FFC1FD218FF
                                                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FFC1FD21A9C
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ?write@?$basic_ostream@D@std@@@std@@U?$char_traits@V12@
                                                                                                                                                • String ID: ''''$0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures
                                                                                                                                                • API String ID: 2277189856-568624354
                                                                                                                                                • Opcode ID: f3eae634b5f49669f20d308f01c8813e58f466c40bdd9b7c1452c2ca4684f687
                                                                                                                                                • Instruction ID: 938ce626a6f6932dbb089e787c9231c74b2d003388e51d71f74e81bec7b7384a
                                                                                                                                                • Opcode Fuzzy Hash: f3eae634b5f49669f20d308f01c8813e58f466c40bdd9b7c1452c2ca4684f687
                                                                                                                                                • Instruction Fuzzy Hash: DDE1841BD28FEB40F3035B3968125B4A710AFE7790F10D72BFEA432912EB299361D254
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD21B10 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 331COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FFC1FD21C9B
                                                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FFC1FD21EE9
                                                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FFC1FD220D2
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ?write@?$basic_ostream@D@std@@@std@@U?$char_traits@V12@
                                                                                                                                                • String ID: ''''$0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures
                                                                                                                                                • API String ID: 2277189856-568624354
                                                                                                                                                • Opcode ID: 5c4c044f33b61bb6b48a3a84244ff2c7c72e4787eb40354a53abca28040c53ac
                                                                                                                                                • Instruction ID: f71ea9db534b6c6af2f930ea9be871a367bdbf2fb39de82c7f875a683d8d27da
                                                                                                                                                • Opcode Fuzzy Hash: 5c4c044f33b61bb6b48a3a84244ff2c7c72e4787eb40354a53abca28040c53ac
                                                                                                                                                • Instruction Fuzzy Hash: 85E1A116E38BDB40F3125B3DA8065B4A710BFE7790F11D727FE9832A12EF299251D294
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF3510 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 127COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 58%
                                                                                                                                                			E00007FFC7FFC1FCF3510(long long __rbx, signed char* __rcx, void* __rdx, long long __rdi, long long __rsi, intOrPtr* __r8, char _a8, long long _a16, long long _a24, long long _a32) {
				void* _v8;
				signed int _t31;
				void* _t43;
				void* _t49;
				signed char* _t56;
				signed char* _t57;
				char* _t58;
				signed char* _t59;
				intOrPtr _t67;
				signed char* _t74;
				void* _t85;
				char* _t87;

				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t74 = __rcx;
				r9d =  *__rcx & 0x000000ff;
				if (r9b >= 0) goto 0x1fcf354a;
				_t56 =  &(__rcx[1]);
				if (_t56 == __rdx) goto 0x1fcf3551;
				if (( *_t56 & 0xc0) == 0x80) goto 0x1fcf3537;
				goto 0x1fcf354e;
				_t57 =  &(__rcx[1]);
				_t43 = _t57 - __rdx;
				_t58 =  ==  ? __rcx : _t57;
				if (_t43 == 0) goto 0x1fcf358f;
				if (_t43 == 0) goto 0x1fcf3588;
				if (_t43 == 0) goto 0x1fcf3581;
				if ( *_t58 - 0x3a == 0x20) goto 0x1fcf357a;
				if (_t58 == __rcx) goto 0x1fcf3632;
				_t59 = __rcx;
				goto 0x1fcf3555;
				goto 0x1fcf3594;
				goto 0x1fcf3594;
				goto 0x1fcf3594;
				if (__rcx == __rcx) goto 0x1fcf35f6;
				if (r9b != 0x7b) goto 0x1fcf35b8;
				_a8 = 0;
				E00007FFC7FFC1FD150C0(__rcx, "invalid fill character \'{\'");
				goto 0x1fcf3632;
				_t85 = _t59 - _t74;
				_t87 =  *__r8 + 0x11;
				if (_t85 - 4 > 0) goto 0x1fcf364c;
				_t49 = _t85;
				if (_t49 == 0) goto 0x1fcf35f0;
				 *_t87 =  *(_t74 - _t87 + _t87) & 0x000000ff;
				if (_t49 != 0) goto 0x1fcf35e0;
				 *((intOrPtr*)(_t87 + 4)) = r8b;
				goto 0x1fcf35f9;
				if (1 != 4) goto 0x1fcf3624;
				if ( *((intOrPtr*)(__r8 + 0x20)) - 1 - 0xb <= 0) goto 0x1fcf3624;
				_a8 = 0;
				E00007FFC7FFC1FD150C0(_t74 - _t87, "format specifier requires numeric argument");
				_t67 =  *__r8;
				_t31 =  *(_t67 + 0xc) & 0xfffffff0 | 0x00000001;
				 *(_t67 + 0xc) = _t31;
				return _t31;
			}















                                                                                                                                                0x7ffc1fcf3510
                                                                                                                                                0x7ffc1fcf3515
                                                                                                                                                0x7ffc1fcf351a
                                                                                                                                                0x7ffc1fcf3528
                                                                                                                                                0x7ffc1fcf352e
                                                                                                                                                0x7ffc1fcf3535
                                                                                                                                                0x7ffc1fcf3537
                                                                                                                                                0x7ffc1fcf353d
                                                                                                                                                0x7ffc1fcf3546
                                                                                                                                                0x7ffc1fcf3548
                                                                                                                                                0x7ffc1fcf354a
                                                                                                                                                0x7ffc1fcf354e
                                                                                                                                                0x7ffc1fcf3551
                                                                                                                                                0x7ffc1fcf355b
                                                                                                                                                0x7ffc1fcf3560
                                                                                                                                                0x7ffc1fcf3565
                                                                                                                                                0x7ffc1fcf356a
                                                                                                                                                0x7ffc1fcf356f
                                                                                                                                                0x7ffc1fcf3575
                                                                                                                                                0x7ffc1fcf3578
                                                                                                                                                0x7ffc1fcf357f
                                                                                                                                                0x7ffc1fcf3586
                                                                                                                                                0x7ffc1fcf358d
                                                                                                                                                0x7ffc1fcf3597
                                                                                                                                                0x7ffc1fcf359d
                                                                                                                                                0x7ffc1fcf35a1
                                                                                                                                                0x7ffc1fcf35b1
                                                                                                                                                0x7ffc1fcf35b6
                                                                                                                                                0x7ffc1fcf35bb
                                                                                                                                                0x7ffc1fcf35c1
                                                                                                                                                0x7ffc1fcf35c9
                                                                                                                                                0x7ffc1fcf35cf
                                                                                                                                                0x7ffc1fcf35d2
                                                                                                                                                0x7ffc1fcf35e4
                                                                                                                                                0x7ffc1fcf35ee
                                                                                                                                                0x7ffc1fcf35f0
                                                                                                                                                0x7ffc1fcf35f4
                                                                                                                                                0x7ffc1fcf3600
                                                                                                                                                0x7ffc1fcf360b
                                                                                                                                                0x7ffc1fcf360f
                                                                                                                                                0x7ffc1fcf361f
                                                                                                                                                0x7ffc1fcf3624
                                                                                                                                                0x7ffc1fcf362d
                                                                                                                                                0x7ffc1fcf362f
                                                                                                                                                0x7ffc1fcf364b

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExceptionThrow__std_exception_copy
                                                                                                                                                • String ID: format specifier requires numeric argument$invalid fill$invalid fill character '{'
                                                                                                                                                • API String ID: 1552479455-4061151604
                                                                                                                                                • Opcode ID: 5c02c8c272ac9fefe5d792e7419a5383d88d5e431b2cf8836fd372669443061f
                                                                                                                                                • Instruction ID: f313ad46f0b5ffe9fcdbf45ca505bd41dba225cae87f049958831e84396ec89c
                                                                                                                                                • Opcode Fuzzy Hash: 5c02c8c272ac9fefe5d792e7419a5383d88d5e431b2cf8836fd372669443061f
                                                                                                                                                • Instruction Fuzzy Hash: 44413322E0CEAE91FB30CF28E5201B9E790EB857A0F584172E68C47695CF2CE561D760
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCFA8F0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 123COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 51%
                                                                                                                                                			E00007FFC7FFC1FCFA8F0(long long __rcx, long long __rdx, void* __rbp, long long __r9) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v96;
				long long _v104;
				short _v116;
				char _v120;
				char _v136;
				char _v144;
				char _v152;
				char _v160;
				char _v168;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				void* __rbx;
				void* __r14;
				char _t47;
				void* _t54;
				signed long long _t77;
				signed long long _t78;
				intOrPtr* _t93;
				char _t103;
				long long _t112;
				intOrPtr _t117;
				intOrPtr _t120;
				long long _t123;
				long long _t124;
				void* _t126;
				void* _t129;
				void* _t135;
				void* _t136;
				long long _t137;

				_t135 = _t126;
				_t127 = _t126 - 0xc0;
				_t77 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_t78 = _t77 ^ _t126 - 0x000000c0;
				_v56 = _t78;
				_t93 = __r9;
				r14d = r8d;
				_t123 = __rdx;
				_t124 = __rcx;
				_v160 = r14d;
				r15d = 0;
				 *((long long*)(_t135 - 0x78)) = _t137;
				 *((long long*)(_t135 - 0x60)) = 0xf;
				 *((long long*)(_t135 - 0x68)) = 6;
				_t47 = "system"; // 0x74737973
				_v120 = _t47;
				_v116 =  *0x1fd2ba84 & 0x0000ffff;
				 *((intOrPtr*)(_t135 - 0x72)) = r15b;
				 *((long long*)(_t135 - 0x58)) = _t137;
				asm("movdqa xmm0, [0x31a3f]");
				asm("repe inc ecx");
				 *((intOrPtr*)(_t135 - 0x58)) = r15b;
				E00007FFC7FFC1FD0D640(__r9, __rcx, _t129);
				if ( &_v88 == _t78) goto 0x1fcfa99b;
				if ( *((long long*)(_t78 + 0x18)) - 0x10 < 0) goto 0x1fcfa98b;
				E00007FFC7FFC1FCF9100(__r9,  &_v88,  *_t78,  *((intOrPtr*)(_t78 + 0x10)), _t136);
				E00007FFC7FFC1FD106F0( *((long long*)(_t78 + 0x18)) - 0x10,  *_t78,  &_v120,  *((intOrPtr*)(_t78 + 0x10)));
				_t112 = _v96;
				if (_t112 - 0x10 < 0) goto 0x1fcfa9e9;
				if (_t112 + 1 - 0x1000 < 0) goto 0x1fcfa9e4;
				if (_v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfa9e4;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v104 = _t137;
				_v96 = 0xf;
				_v120 = 0;
				 *((intOrPtr*)(__r9)) = r15d;
				_v168 = r15d;
				_v144 = __r9;
				_v136 = _t123;
				_v152 = _t124;
				_v176 =  &_v144;
				_v184 =  &_v160;
				_v192 =  &_v136;
				_v200 =  &_v152;
				r8d = 0x94;
				E00007FFC7FFC1FCF6160(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_readport {:#x}, {:#x}, {}, {:#x}");
				_t54 = E00007FFC7FFC1FCFE0D0( *((intOrPtr*)(_v120 - 8)), "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp");
				_v200 =  &_v168;
				_t131 = _t123;
				E00007FFC7FFC1FD007C0(_t54);
				 *_t93 = _v168;
				E00007FFC7FFC1FD106F0(_v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8 - 0x1f,  &_v152,  &_v88, _t123);
				_t117 = _v64;
				if (_t117 - 0x10 < 0) goto 0x1fcfaadb;
				_t103 = _v88;
				if (_t117 + 1 - 0x1000 < 0) goto 0x1fcfaad5;
				_t89 = _t103 -  *((intOrPtr*)(_t103 - 8)) + 0xfffffff8;
				_t72 = _t103 -  *((intOrPtr*)(_t103 - 8)) + 0xfffffff8 - 0x1f;
				if (_t103 -  *((intOrPtr*)(_t103 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfaad5;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				E00007FFC7FFC1FD106F0(_t72, _t89,  &_v88, _t131);
				_t120 = _v64;
				if (_t120 - 0x10 < 0) goto 0x1fcfab36;
				if (_t120 + 1 - 0x1000 < 0) goto 0x1fcfab30;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfab30;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				return E00007FFC7FFC1FD15E20(0, 1, _v56 ^ _t127);
			}





































                                                                                                                                                0x7ffc1fcfa8f0
                                                                                                                                                0x7ffc1fcfa8fa
                                                                                                                                                0x7ffc1fcfa901
                                                                                                                                                0x7ffc1fcfa908
                                                                                                                                                0x7ffc1fcfa90b
                                                                                                                                                0x7ffc1fcfa913
                                                                                                                                                0x7ffc1fcfa916
                                                                                                                                                0x7ffc1fcfa919
                                                                                                                                                0x7ffc1fcfa91c
                                                                                                                                                0x7ffc1fcfa91f
                                                                                                                                                0x7ffc1fcfa924
                                                                                                                                                0x7ffc1fcfa927
                                                                                                                                                0x7ffc1fcfa92b
                                                                                                                                                0x7ffc1fcfa933
                                                                                                                                                0x7ffc1fcfa93b
                                                                                                                                                0x7ffc1fcfa941
                                                                                                                                                0x7ffc1fcfa94c
                                                                                                                                                0x7ffc1fcfa951
                                                                                                                                                0x7ffc1fcfa955
                                                                                                                                                0x7ffc1fcfa959
                                                                                                                                                0x7ffc1fcfa961
                                                                                                                                                0x7ffc1fcfa967
                                                                                                                                                0x7ffc1fcfa96b
                                                                                                                                                0x7ffc1fcfa97b
                                                                                                                                                0x7ffc1fcfa986
                                                                                                                                                0x7ffc1fcfa996
                                                                                                                                                0x7ffc1fcfa9a0
                                                                                                                                                0x7ffc1fcfa9a6
                                                                                                                                                0x7ffc1fcfa9b2
                                                                                                                                                0x7ffc1fcfa9c6
                                                                                                                                                0x7ffc1fcfa9db
                                                                                                                                                0x7ffc1fcfa9dd
                                                                                                                                                0x7ffc1fcfa9e3
                                                                                                                                                0x7ffc1fcfa9e4
                                                                                                                                                0x7ffc1fcfa9e9
                                                                                                                                                0x7ffc1fcfa9f1
                                                                                                                                                0x7ffc1fcfa9fd
                                                                                                                                                0x7ffc1fcfaa02
                                                                                                                                                0x7ffc1fcfaa05
                                                                                                                                                0x7ffc1fcfaa0a
                                                                                                                                                0x7ffc1fcfaa0f
                                                                                                                                                0x7ffc1fcfaa14
                                                                                                                                                0x7ffc1fcfaa1e
                                                                                                                                                0x7ffc1fcfaa28
                                                                                                                                                0x7ffc1fcfaa32
                                                                                                                                                0x7ffc1fcfaa3c
                                                                                                                                                0x7ffc1fcfaa48
                                                                                                                                                0x7ffc1fcfaa5a
                                                                                                                                                0x7ffc1fcfaa5f
                                                                                                                                                0x7ffc1fcfaa6d
                                                                                                                                                0x7ffc1fcfaa72
                                                                                                                                                0x7ffc1fcfaa7b
                                                                                                                                                0x7ffc1fcfaa85
                                                                                                                                                0x7ffc1fcfaa8f
                                                                                                                                                0x7ffc1fcfaa94
                                                                                                                                                0x7ffc1fcfaaa0
                                                                                                                                                0x7ffc1fcfaaa5
                                                                                                                                                0x7ffc1fcfaab7
                                                                                                                                                0x7ffc1fcfaac4
                                                                                                                                                0x7ffc1fcfaac8
                                                                                                                                                0x7ffc1fcfaacc
                                                                                                                                                0x7ffc1fcfaace
                                                                                                                                                0x7ffc1fcfaad4
                                                                                                                                                0x7ffc1fcfaad5
                                                                                                                                                0x7ffc1fcfaaea
                                                                                                                                                0x7ffc1fcfaaef
                                                                                                                                                0x7ffc1fcfaafb
                                                                                                                                                0x7ffc1fcfab12
                                                                                                                                                0x7ffc1fcfab27
                                                                                                                                                0x7ffc1fcfab29
                                                                                                                                                0x7ffc1fcfab2f
                                                                                                                                                0x7ffc1fcfab30
                                                                                                                                                0x7ffc1fcfab56

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00007FFC1FD0D640: __tlregdtor.LIBCMT ref: 00007FFC1FD0D690
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFA9DD
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFAACE
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_readport {:#x}, {:#x}, {}, {:#x}$system
                                                                                                                                                • API String ID: 333172304-2826333439
                                                                                                                                                • Opcode ID: 63654d137c15f83f08eb559c95b2f5fad86409a222d48f8664635b54fdbb5bfd
                                                                                                                                                • Instruction ID: 410680514e8990793d59557214e20d1065d81e4de94076ca445a85ceffaaf371
                                                                                                                                                • Opcode Fuzzy Hash: 63654d137c15f83f08eb559c95b2f5fad86409a222d48f8664635b54fdbb5bfd
                                                                                                                                                • Instruction Fuzzy Hash: 50519F62A08F9985E720DF25F4443AEB3A1FB857A0F400235EA9D03B95DF7CD494CB50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCFAE80 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 122COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 53%
                                                                                                                                                			E00007FFC7FFC1FCFAE80(long long __rcx, long long __rdx, void* __rbp, long long __r9) {
				signed int _v56;
				intOrPtr _v64;
				char _v88;
				long long _v96;
				long long _v104;
				short _v116;
				char _v120;
				char _v136;
				char _v144;
				char _v152;
				char _v160;
				char _v168;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				void* __rbx;
				void* __r14;
				char _t47;
				void* _t54;
				void* _t64;
				signed long long _t78;
				signed long long _t79;
				intOrPtr* _t94;
				char _t104;
				long long _t113;
				intOrPtr _t118;
				intOrPtr _t121;
				long long _t124;
				long long _t125;
				void* _t127;
				void* _t130;
				void* _t136;
				void* _t137;
				long long _t138;

				_t136 = _t127;
				_t128 = _t127 - 0xc0;
				_t78 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_t79 = _t78 ^ _t127 - 0x000000c0;
				_v56 = _t79;
				_t94 = __r9;
				r14d = r8d;
				_t124 = __rdx;
				_t125 = __rcx;
				_v160 = r14d;
				r15d = 0;
				 *((long long*)(_t136 - 0x78)) = _t138;
				 *((long long*)(_t136 - 0x60)) = 0xf;
				 *((long long*)(_t136 - 0x68)) = 6;
				_t47 = "system"; // 0x74737973
				_v120 = _t47;
				_v116 =  *0x1fd2ba84 & 0x0000ffff;
				 *((intOrPtr*)(_t136 - 0x72)) = r15b;
				 *((long long*)(_t136 - 0x58)) = _t138;
				asm("movdqa xmm0, [0x314af]");
				asm("repe inc ecx");
				 *((intOrPtr*)(_t136 - 0x58)) = r15b;
				E00007FFC7FFC1FD0D640(__r9, __rcx, _t130);
				if ( &_v88 == _t79) goto 0x1fcfaf2b;
				if ( *((long long*)(_t79 + 0x18)) - 0x10 < 0) goto 0x1fcfaf1b;
				E00007FFC7FFC1FCF9100(__r9,  &_v88,  *_t79,  *((intOrPtr*)(_t79 + 0x10)), _t137);
				E00007FFC7FFC1FD106F0( *((long long*)(_t79 + 0x18)) - 0x10,  *_t79,  &_v120,  *((intOrPtr*)(_t79 + 0x10)));
				_t113 = _v96;
				if (_t113 - 0x10 < 0) goto 0x1fcfaf79;
				if (_t113 + 1 - 0x1000 < 0) goto 0x1fcfaf74;
				if (_v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfaf74;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v104 = _t138;
				_v96 = 0xf;
				_v120 = 0;
				 *((intOrPtr*)(__r9)) = r15d;
				_v168 = r15d;
				_v144 = __r9;
				_v136 = _t124;
				_v152 = _t125;
				_v176 =  &_v144;
				_v184 =  &_v160;
				_v192 =  &_v136;
				_v200 =  &_v152;
				r8d = 0xa7;
				E00007FFC7FFC1FCF6160(0, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_writeport {:#x}, {:#x}, {}, {:#x}");
				_t54 = E00007FFC7FFC1FCFE0D0( *((intOrPtr*)(_v120 - 8)), "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp");
				_v200 =  &_v168;
				_t132 = _t124;
				E00007FFC7FFC1FD02420(_t54, _t64, _t94,  &_v152, _t125, _t124, _t124 + _t137);
				 *_t94 = _v168;
				E00007FFC7FFC1FD106F0(_v120 -  *((intOrPtr*)(_v120 - 8)) + 0xfffffff8 - 0x1f,  &_v152,  &_v88, _t124);
				_t118 = _v64;
				if (_t118 - 0x10 < 0) goto 0x1fcfb068;
				_t104 = _v88;
				if (_t118 + 1 - 0x1000 < 0) goto 0x1fcfb062;
				_t90 = _t104 -  *((intOrPtr*)(_t104 - 8)) + 0xfffffff8;
				_t73 = _t104 -  *((intOrPtr*)(_t104 - 8)) + 0xfffffff8 - 0x1f;
				if (_t104 -  *((intOrPtr*)(_t104 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfb062;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				E00007FFC7FFC1FD106F0(_t73, _t90,  &_v88, _t132);
				_t121 = _v64;
				if (_t121 - 0x10 < 0) goto 0x1fcfb0c3;
				if (_t121 + 1 - 0x1000 < 0) goto 0x1fcfb0bd;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfb0bd;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				return E00007FFC7FFC1FD15E20(0, 0, _v56 ^ _t128);
			}






































                                                                                                                                                0x7ffc1fcfae80
                                                                                                                                                0x7ffc1fcfae8a
                                                                                                                                                0x7ffc1fcfae91
                                                                                                                                                0x7ffc1fcfae98
                                                                                                                                                0x7ffc1fcfae9b
                                                                                                                                                0x7ffc1fcfaea3
                                                                                                                                                0x7ffc1fcfaea6
                                                                                                                                                0x7ffc1fcfaea9
                                                                                                                                                0x7ffc1fcfaeac
                                                                                                                                                0x7ffc1fcfaeaf
                                                                                                                                                0x7ffc1fcfaeb4
                                                                                                                                                0x7ffc1fcfaeb7
                                                                                                                                                0x7ffc1fcfaebb
                                                                                                                                                0x7ffc1fcfaec3
                                                                                                                                                0x7ffc1fcfaecb
                                                                                                                                                0x7ffc1fcfaed1
                                                                                                                                                0x7ffc1fcfaedc
                                                                                                                                                0x7ffc1fcfaee1
                                                                                                                                                0x7ffc1fcfaee5
                                                                                                                                                0x7ffc1fcfaee9
                                                                                                                                                0x7ffc1fcfaef1
                                                                                                                                                0x7ffc1fcfaef7
                                                                                                                                                0x7ffc1fcfaefb
                                                                                                                                                0x7ffc1fcfaf0b
                                                                                                                                                0x7ffc1fcfaf16
                                                                                                                                                0x7ffc1fcfaf26
                                                                                                                                                0x7ffc1fcfaf30
                                                                                                                                                0x7ffc1fcfaf36
                                                                                                                                                0x7ffc1fcfaf42
                                                                                                                                                0x7ffc1fcfaf56
                                                                                                                                                0x7ffc1fcfaf6b
                                                                                                                                                0x7ffc1fcfaf6d
                                                                                                                                                0x7ffc1fcfaf73
                                                                                                                                                0x7ffc1fcfaf74
                                                                                                                                                0x7ffc1fcfaf79
                                                                                                                                                0x7ffc1fcfaf81
                                                                                                                                                0x7ffc1fcfaf8d
                                                                                                                                                0x7ffc1fcfaf92
                                                                                                                                                0x7ffc1fcfaf95
                                                                                                                                                0x7ffc1fcfaf9a
                                                                                                                                                0x7ffc1fcfaf9f
                                                                                                                                                0x7ffc1fcfafa4
                                                                                                                                                0x7ffc1fcfafae
                                                                                                                                                0x7ffc1fcfafb8
                                                                                                                                                0x7ffc1fcfafc2
                                                                                                                                                0x7ffc1fcfafcc
                                                                                                                                                0x7ffc1fcfafd8
                                                                                                                                                0x7ffc1fcfafe7
                                                                                                                                                0x7ffc1fcfafec
                                                                                                                                                0x7ffc1fcfaffa
                                                                                                                                                0x7ffc1fcfafff
                                                                                                                                                0x7ffc1fcfb008
                                                                                                                                                0x7ffc1fcfb012
                                                                                                                                                0x7ffc1fcfb01c
                                                                                                                                                0x7ffc1fcfb021
                                                                                                                                                0x7ffc1fcfb02d
                                                                                                                                                0x7ffc1fcfb032
                                                                                                                                                0x7ffc1fcfb044
                                                                                                                                                0x7ffc1fcfb051
                                                                                                                                                0x7ffc1fcfb055
                                                                                                                                                0x7ffc1fcfb059
                                                                                                                                                0x7ffc1fcfb05b
                                                                                                                                                0x7ffc1fcfb061
                                                                                                                                                0x7ffc1fcfb062
                                                                                                                                                0x7ffc1fcfb077
                                                                                                                                                0x7ffc1fcfb07c
                                                                                                                                                0x7ffc1fcfb088
                                                                                                                                                0x7ffc1fcfb09f
                                                                                                                                                0x7ffc1fcfb0b4
                                                                                                                                                0x7ffc1fcfb0b6
                                                                                                                                                0x7ffc1fcfb0bc
                                                                                                                                                0x7ffc1fcfb0bd
                                                                                                                                                0x7ffc1fcfb0e3

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00007FFC1FD0D640: __tlregdtor.LIBCMT ref: 00007FFC1FD0D690
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFAF6D
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFB05B
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_writeport {:#x}, {:#x}, {}, {:#x}$system
                                                                                                                                                • API String ID: 333172304-2630413138
                                                                                                                                                • Opcode ID: ddacbfdd1a9649652c7a86655d04096a8500b7752d6a0cdd5784e42f15562c43
                                                                                                                                                • Instruction ID: 1cc2dcf29ed1cde9e0aaef134f9cd3e6addb9d817074bfb024bee6e9c7c1c070
                                                                                                                                                • Opcode Fuzzy Hash: ddacbfdd1a9649652c7a86655d04096a8500b7752d6a0cdd5784e42f15562c43
                                                                                                                                                • Instruction Fuzzy Hash: FA518062A08F9981EB24DF24F4543AEB3A5FB857A0F400235EA9D07BA5DF7CD494C750
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCFC470 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 106COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 42%
                                                                                                                                                			E00007FFC7FFC1FCFC470(long long __rcx, long long __rdx, void* __rbp, long long __r8, void* __r14) {
				signed int _v40;
				intOrPtr _v48;
				char _v72;
				long long _v80;
				long long _v88;
				char _v104;
				char _v120;
				char _v128;
				char _v136;
				char _v144;
				char _v152;
				long long _v168;
				long long _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				void* __rbx;
				char _t41;
				signed long long _t61;
				signed long long _t62;
				long long _t75;
				long long _t89;
				intOrPtr _t93;
				long long _t96;
				long long _t97;
				void* _t99;
				void* _t105;

				_t105 = _t99;
				_t61 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_t62 = _t61 ^ _t99 - 0x000000d0;
				_v40 = _t62;
				_t75 = __r8;
				_t97 = __rdx;
				_t96 = __rcx;
				_v136 = __r8;
				_v152 = r9d;
				 *((long long*)(_t105 - 0x68)) = 0;
				 *((long long*)(_t105 - 0x50)) = 0xf;
				 *((long long*)(_t105 - 0x58)) = 6;
				_t41 = "rundll"; // 0x646e7572
				 *((intOrPtr*)(_t105 - 0x68)) = _t41;
				 *((short*)(_t105 - 0x64)) =  *0x1fd2bfe8 & 0x0000ffff;
				 *((char*)(_t105 - 0x62)) = 0;
				 *((long long*)(_t105 - 0x48)) = 0;
				asm("movdqa xmm0, [0x2febb]");
				asm("repe inc ecx");
				 *((char*)(_t105 - 0x48)) = 0;
				E00007FFC7FFC1FD0D640(__r8, __rcx, __r8);
				if ( &_v72 == _t62) goto 0x1fcfc520;
				if ( *((long long*)(_t62 + 0x18)) - 0x10 < 0) goto 0x1fcfc510;
				E00007FFC7FFC1FCF9100(__r8,  &_v72,  *_t62,  *((intOrPtr*)(_t62 + 0x10)), __r14);
				E00007FFC7FFC1FD106F0( *((long long*)(_t62 + 0x18)) - 0x10,  *_t62,  &_v104,  *((intOrPtr*)(_t62 + 0x10)));
				_t89 = _v80;
				if (_t89 - 0x10 < 0) goto 0x1fcfc574;
				if (_t89 + 1 - 0x1000 < 0) goto 0x1fcfc56f;
				if (_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfc56f;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v88 = 0;
				_v80 = 0xf;
				_v104 = 0;
				_v128 = _t75;
				_v120 = _t97;
				_v144 = _t96;
				_v168 =  &_v152;
				_v176 =  &_v136;
				_v184 =  &_v128;
				_v192 =  &_v120;
				_v200 =  &_v144;
				r8d = 0x113;
				E00007FFC7FFC1FCF6330(1, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "RunDllCallback {:#x}, {:#x}, {:#x} -> \'{}\', {}");
				E00007FFC7FFC1FD106F0(_v104 -  *((intOrPtr*)(_v104 - 8)) + 0xfffffff8 - 0x1f,  &_v144,  &_v72,  *((intOrPtr*)(_t62 + 0x10)));
				_t93 = _v48;
				if (_t93 - 0x10 < 0) goto 0x1fcfc648;
				if (_t93 + 1 - 0x1000 < 0) goto 0x1fcfc642;
				if (_v72 -  *((intOrPtr*)(_v72 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfc642;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFC7FFC1FD15E20(E00007FFC7FFC1FD156E4(), 1, _v40 ^ _t99 - 0x000000d0);
			}






























                                                                                                                                                0x7ffc1fcfc470
                                                                                                                                                0x7ffc1fcfc47d
                                                                                                                                                0x7ffc1fcfc484
                                                                                                                                                0x7ffc1fcfc487
                                                                                                                                                0x7ffc1fcfc48f
                                                                                                                                                0x7ffc1fcfc492
                                                                                                                                                0x7ffc1fcfc495
                                                                                                                                                0x7ffc1fcfc498
                                                                                                                                                0x7ffc1fcfc49d
                                                                                                                                                0x7ffc1fcfc4a2
                                                                                                                                                0x7ffc1fcfc4aa
                                                                                                                                                0x7ffc1fcfc4b2
                                                                                                                                                0x7ffc1fcfc4ba
                                                                                                                                                0x7ffc1fcfc4c0
                                                                                                                                                0x7ffc1fcfc4cb
                                                                                                                                                0x7ffc1fcfc4d0
                                                                                                                                                0x7ffc1fcfc4d5
                                                                                                                                                0x7ffc1fcfc4dd
                                                                                                                                                0x7ffc1fcfc4e5
                                                                                                                                                0x7ffc1fcfc4eb
                                                                                                                                                0x7ffc1fcfc4f0
                                                                                                                                                0x7ffc1fcfc500
                                                                                                                                                0x7ffc1fcfc50b
                                                                                                                                                0x7ffc1fcfc51b
                                                                                                                                                0x7ffc1fcfc528
                                                                                                                                                0x7ffc1fcfc52e
                                                                                                                                                0x7ffc1fcfc53a
                                                                                                                                                0x7ffc1fcfc551
                                                                                                                                                0x7ffc1fcfc566
                                                                                                                                                0x7ffc1fcfc568
                                                                                                                                                0x7ffc1fcfc56e
                                                                                                                                                0x7ffc1fcfc56f
                                                                                                                                                0x7ffc1fcfc574
                                                                                                                                                0x7ffc1fcfc580
                                                                                                                                                0x7ffc1fcfc58c
                                                                                                                                                0x7ffc1fcfc594
                                                                                                                                                0x7ffc1fcfc599
                                                                                                                                                0x7ffc1fcfc59e
                                                                                                                                                0x7ffc1fcfc5a8
                                                                                                                                                0x7ffc1fcfc5b2
                                                                                                                                                0x7ffc1fcfc5bc
                                                                                                                                                0x7ffc1fcfc5c6
                                                                                                                                                0x7ffc1fcfc5d0
                                                                                                                                                0x7ffc1fcfc5dc
                                                                                                                                                0x7ffc1fcfc5ee
                                                                                                                                                0x7ffc1fcfc5fc
                                                                                                                                                0x7ffc1fcfc601
                                                                                                                                                0x7ffc1fcfc60d
                                                                                                                                                0x7ffc1fcfc624
                                                                                                                                                0x7ffc1fcfc639
                                                                                                                                                0x7ffc1fcfc63b
                                                                                                                                                0x7ffc1fcfc641
                                                                                                                                                0x7ffc1fcfc662

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00007FFC1FD0D640: __tlregdtor.LIBCMT ref: 00007FFC1FD0D690
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFC568
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFC63B
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                                                • String ID: RunDllCallback {:#x}, {:#x}, {:#x} -> '{}', {}$c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$rundll
                                                                                                                                                • API String ID: 333172304-2456309662
                                                                                                                                                • Opcode ID: a6f49f52a633823130ec69534744436b55779717cb7c8cb33321a036e829d2c8
                                                                                                                                                • Instruction ID: d32a0630f0d33b98d8f39ec81ea7e39a70875bd31d6fbc7374231a03df622db5
                                                                                                                                                • Opcode Fuzzy Hash: a6f49f52a633823130ec69534744436b55779717cb7c8cb33321a036e829d2c8
                                                                                                                                                • Instruction Fuzzy Hash: 0A516A72A18F9981EB24DF14E4543AEB361FB857A0F400236DA9C02B99DF7DD494D790
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCFA000 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 93COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 51%
                                                                                                                                                			E00007FFC7FFC1FCFA000(long long __rcx, void* __rbp, void* __r14) {
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				long long _v64;
				long long _v72;
				char _v82;
				short _v84;
				char _v88;
				char _v104;
				long long _v120;
				void* __rbx;
				char _t33;
				void* _t50;
				signed long long _t63;
				signed long long _t64;
				long long _t76;
				char _t85;
				long long _t93;
				intOrPtr _t98;
				intOrPtr _t101;
				void* _t104;
				void* _t105;
				void* _t106;
				signed long long _t107;
				void* _t108;

				_t106 = __rbp;
				_t63 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_t64 = _t63 ^ _t107;
				_v24 = _t64;
				_t76 = __rcx;
				_v88 = 0;
				_v64 = 0xf;
				_v72 = 6;
				_t33 = "system"; // 0x74737973
				_v88 = _t33;
				_v84 =  *0x1fd2ba84 & 0x0000ffff;
				_v82 = 0;
				_v56 = 0;
				asm("movdqa xmm0, [0x3233b]");
				asm("movdqu [esp+0x70], xmm0");
				_v56 = 0;
				E00007FFC7FFC1FD0D640(__rcx, __rcx, _t108);
				if ( &_v56 == _t64) goto 0x1fcfa09a;
				_t109 =  *((intOrPtr*)(_t64 + 0x10));
				if ( *((long long*)(_t64 + 0x18)) - 0x10 < 0) goto 0x1fcfa08d;
				E00007FFC7FFC1FCF9100(_t76,  &_v56,  *_t64,  *((intOrPtr*)(_t64 + 0x10)), __r14);
				E00007FFC7FFC1FD106F0( *((long long*)(_t64 + 0x18)) - 0x10,  *_t64,  &_v88,  *((intOrPtr*)(_t64 + 0x10)));
				_t93 = _v64;
				if (_t93 - 0x10 < 0) goto 0x1fcfa0e5;
				if (_t93 + 1 - 0x1000 < 0) goto 0x1fcfa0e0;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfa0e0;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v72 = 0;
				_v64 = 0xf;
				_v88 = 0;
				_v104 = _t76;
				_v120 =  &_v104;
				r8d = 0xc8;
				E00007FFC7FFC1FCF5DB0(0, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_enddocport {:#x}");
				E00007FFC7FFC1FCFE730(E00007FFC7FFC1FCFE0D0( *((intOrPtr*)(_v88 - 8)), "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp"), _t50, _t76,  &_v104, _t76, _t104, _t105, _t106,  *((intOrPtr*)(_t64 + 0x10)));
				E00007FFC7FFC1FD106F0(_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f,  &_v104,  &_v56,  *((intOrPtr*)(_t64 + 0x10)));
				_t98 = _v32;
				if (_t98 - 0x10 < 0) goto 0x1fcfa182;
				_t85 = _v56;
				if (_t98 + 1 - 0x1000 < 0) goto 0x1fcfa17c;
				_t72 = _t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8;
				_t58 = _t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8 - 0x1f;
				if (_t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfa17c;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				E00007FFC7FFC1FD106F0(_t58, _t72,  &_v56, _t109);
				_t101 = _v32;
				if (_t101 - 0x10 < 0) goto 0x1fcfa1d4;
				if (_t101 + 1 - 0x1000 < 0) goto 0x1fcfa1ce;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfa1ce;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				return E00007FFC7FFC1FD15E20(0, 0, _v24 ^ _t107);
			}




























                                                                                                                                                0x7ffc1fcfa000
                                                                                                                                                0x7ffc1fcfa009
                                                                                                                                                0x7ffc1fcfa010
                                                                                                                                                0x7ffc1fcfa013
                                                                                                                                                0x7ffc1fcfa01b
                                                                                                                                                0x7ffc1fcfa01e
                                                                                                                                                0x7ffc1fcfa027
                                                                                                                                                0x7ffc1fcfa030
                                                                                                                                                0x7ffc1fcfa039
                                                                                                                                                0x7ffc1fcfa03f
                                                                                                                                                0x7ffc1fcfa04a
                                                                                                                                                0x7ffc1fcfa04f
                                                                                                                                                0x7ffc1fcfa054
                                                                                                                                                0x7ffc1fcfa05d
                                                                                                                                                0x7ffc1fcfa065
                                                                                                                                                0x7ffc1fcfa06b
                                                                                                                                                0x7ffc1fcfa070
                                                                                                                                                0x7ffc1fcfa07d
                                                                                                                                                0x7ffc1fcfa07f
                                                                                                                                                0x7ffc1fcfa088
                                                                                                                                                0x7ffc1fcfa095
                                                                                                                                                0x7ffc1fcfa09f
                                                                                                                                                0x7ffc1fcfa0a5
                                                                                                                                                0x7ffc1fcfa0ae
                                                                                                                                                0x7ffc1fcfa0c2
                                                                                                                                                0x7ffc1fcfa0d7
                                                                                                                                                0x7ffc1fcfa0d9
                                                                                                                                                0x7ffc1fcfa0df
                                                                                                                                                0x7ffc1fcfa0e0
                                                                                                                                                0x7ffc1fcfa0e5
                                                                                                                                                0x7ffc1fcfa0ee
                                                                                                                                                0x7ffc1fcfa0f7
                                                                                                                                                0x7ffc1fcfa0fc
                                                                                                                                                0x7ffc1fcfa106
                                                                                                                                                0x7ffc1fcfa112
                                                                                                                                                0x7ffc1fcfa121
                                                                                                                                                0x7ffc1fcfa131
                                                                                                                                                0x7ffc1fcfa13c
                                                                                                                                                0x7ffc1fcfa141
                                                                                                                                                0x7ffc1fcfa14a
                                                                                                                                                0x7ffc1fcfa14f
                                                                                                                                                0x7ffc1fcfa15e
                                                                                                                                                0x7ffc1fcfa16b
                                                                                                                                                0x7ffc1fcfa16f
                                                                                                                                                0x7ffc1fcfa173
                                                                                                                                                0x7ffc1fcfa175
                                                                                                                                                0x7ffc1fcfa17b
                                                                                                                                                0x7ffc1fcfa17c
                                                                                                                                                0x7ffc1fcfa18e
                                                                                                                                                0x7ffc1fcfa193
                                                                                                                                                0x7ffc1fcfa19c
                                                                                                                                                0x7ffc1fcfa1b0
                                                                                                                                                0x7ffc1fcfa1c5
                                                                                                                                                0x7ffc1fcfa1c7
                                                                                                                                                0x7ffc1fcfa1cd
                                                                                                                                                0x7ffc1fcfa1ce
                                                                                                                                                0x7ffc1fcfa1ee

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00007FFC1FD0D640: __tlregdtor.LIBCMT ref: 00007FFC1FD0D690
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFA0D9
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFA175
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_enddocport {:#x}$system
                                                                                                                                                • API String ID: 333172304-3202253893
                                                                                                                                                • Opcode ID: 57bfcb7602752614298551ab384cecd1973dc53a3eb87004b246696b6192037e
                                                                                                                                                • Instruction ID: 8e0a1b6358d8266b0c5568d4b7c1d8c7d9f9ebeb18caacbc7dbd7bbcd1681fcb
                                                                                                                                                • Opcode Fuzzy Hash: 57bfcb7602752614298551ab384cecd1973dc53a3eb87004b246696b6192037e
                                                                                                                                                • Instruction Fuzzy Hash: 8441BF22A18E9E82FB14EF28F05437AA361FB857A0F404231E69D06BD5DFBCE054D790
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF9780 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 93COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 53%
                                                                                                                                                			E00007FFC7FFC1FCF9780(long long __rcx, void* __rbp, void* __r14) {
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				long long _v64;
				long long _v72;
				char _v82;
				short _v84;
				char _v88;
				char _v104;
				long long _v120;
				void* __rbx;
				char _t34;
				signed long long _t63;
				signed long long _t64;
				long long _t76;
				char _t85;
				long long _t93;
				intOrPtr _t98;
				intOrPtr _t101;
				void* _t104;
				signed long long _t106;
				void* _t107;
				intOrPtr _t108;

				_t63 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_t64 = _t63 ^ _t106;
				_v24 = _t64;
				_t76 = __rcx;
				_v88 = 0;
				_v64 = 0xf;
				_v72 = 6;
				_t34 = "system"; // 0x74737973
				_v88 = _t34;
				_v84 =  *0x1fd2ba84 & 0x0000ffff;
				_v82 = 0;
				_v56 = 0;
				asm("movdqa xmm0, [0x32bbb]");
				asm("movdqu [esp+0x70], xmm0");
				_v56 = 0;
				E00007FFC7FFC1FD0D640(__rcx, __rcx, _t107);
				if ( &_v56 == _t64) goto 0x1fcf981a;
				_t108 =  *((intOrPtr*)(_t64 + 0x10));
				if ( *((long long*)(_t64 + 0x18)) - 0x10 < 0) goto 0x1fcf980d;
				E00007FFC7FFC1FCF9100(_t76,  &_v56,  *_t64, _t108, __r14);
				E00007FFC7FFC1FD106F0( *((long long*)(_t64 + 0x18)) - 0x10,  *_t64,  &_v88, _t108);
				_t93 = _v64;
				if (_t93 - 0x10 < 0) goto 0x1fcf9865;
				if (_t93 + 1 - 0x1000 < 0) goto 0x1fcf9860;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcf9860;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				_v72 = 0;
				_v64 = 0xf;
				_v88 = 0;
				_v104 = _t76;
				_v120 =  &_v104;
				r8d = 0x42;
				_t50 = _t108 - 0x41;
				E00007FFC7FFC1FCF5DB0(_t108 - 0x41, "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp", "monitor_closeport {:#x}");
				E00007FFC7FFC1FCFE5B0(E00007FFC7FFC1FCFE0D0( *((intOrPtr*)(_v88 - 8)), "c:\\design\\wiservice\\fax_printer\\win\\WinFaxPrinterDllmain.cpp"), _t76,  &_v104, _t76, _t104);
				E00007FFC7FFC1FD106F0(_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f,  &_v104,  &_v56, _t108);
				_t98 = _v32;
				if (_t98 - 0x10 < 0) goto 0x1fcf9904;
				_t85 = _v56;
				if (_t98 + 1 - 0x1000 < 0) goto 0x1fcf98fe;
				_t72 = _t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8;
				_t58 = _t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8 - 0x1f;
				if (_t85 -  *((intOrPtr*)(_t85 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcf98fe;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				E00007FFC7FFC1FD106F0(_t58, _t72,  &_v56, _t108);
				_t101 = _v32;
				if (_t101 - 0x10 < 0) goto 0x1fcf9956;
				if (_t101 + 1 - 0x1000 < 0) goto 0x1fcf9950;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcf9950;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				return E00007FFC7FFC1FD15E20(0, _t50, _v24 ^ _t106);
			}


























                                                                                                                                                0x7ffc1fcf9789
                                                                                                                                                0x7ffc1fcf9790
                                                                                                                                                0x7ffc1fcf9793
                                                                                                                                                0x7ffc1fcf979b
                                                                                                                                                0x7ffc1fcf979e
                                                                                                                                                0x7ffc1fcf97a7
                                                                                                                                                0x7ffc1fcf97b0
                                                                                                                                                0x7ffc1fcf97b9
                                                                                                                                                0x7ffc1fcf97bf
                                                                                                                                                0x7ffc1fcf97ca
                                                                                                                                                0x7ffc1fcf97cf
                                                                                                                                                0x7ffc1fcf97d4
                                                                                                                                                0x7ffc1fcf97dd
                                                                                                                                                0x7ffc1fcf97e5
                                                                                                                                                0x7ffc1fcf97eb
                                                                                                                                                0x7ffc1fcf97f0
                                                                                                                                                0x7ffc1fcf97fd
                                                                                                                                                0x7ffc1fcf97ff
                                                                                                                                                0x7ffc1fcf9808
                                                                                                                                                0x7ffc1fcf9815
                                                                                                                                                0x7ffc1fcf981f
                                                                                                                                                0x7ffc1fcf9825
                                                                                                                                                0x7ffc1fcf982e
                                                                                                                                                0x7ffc1fcf9842
                                                                                                                                                0x7ffc1fcf9857
                                                                                                                                                0x7ffc1fcf9859
                                                                                                                                                0x7ffc1fcf985f
                                                                                                                                                0x7ffc1fcf9860
                                                                                                                                                0x7ffc1fcf9865
                                                                                                                                                0x7ffc1fcf986e
                                                                                                                                                0x7ffc1fcf9877
                                                                                                                                                0x7ffc1fcf987c
                                                                                                                                                0x7ffc1fcf9886
                                                                                                                                                0x7ffc1fcf9892
                                                                                                                                                0x7ffc1fcf989f
                                                                                                                                                0x7ffc1fcf98a3
                                                                                                                                                0x7ffc1fcf98b3
                                                                                                                                                0x7ffc1fcf98be
                                                                                                                                                0x7ffc1fcf98c3
                                                                                                                                                0x7ffc1fcf98cc
                                                                                                                                                0x7ffc1fcf98d1
                                                                                                                                                0x7ffc1fcf98e0
                                                                                                                                                0x7ffc1fcf98ed
                                                                                                                                                0x7ffc1fcf98f1
                                                                                                                                                0x7ffc1fcf98f5
                                                                                                                                                0x7ffc1fcf98f7
                                                                                                                                                0x7ffc1fcf98fd
                                                                                                                                                0x7ffc1fcf98fe
                                                                                                                                                0x7ffc1fcf9910
                                                                                                                                                0x7ffc1fcf9915
                                                                                                                                                0x7ffc1fcf991e
                                                                                                                                                0x7ffc1fcf9932
                                                                                                                                                0x7ffc1fcf9947
                                                                                                                                                0x7ffc1fcf9949
                                                                                                                                                0x7ffc1fcf994f
                                                                                                                                                0x7ffc1fcf9950
                                                                                                                                                0x7ffc1fcf9970

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00007FFC1FD0D640: __tlregdtor.LIBCMT ref: 00007FFC1FD0D690
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF9859
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCF98F7
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__tlregdtor
                                                                                                                                                • String ID: c:\design\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_closeport {:#x}$system
                                                                                                                                                • API String ID: 333172304-1932419764
                                                                                                                                                • Opcode ID: c233e20f0ecee108d1a02a7d94f0f0a992bf656e7a8d8815467a65db118e4f11
                                                                                                                                                • Instruction ID: 4863e1973a08060a8788c14e41043f2173a61cb1d4be001018125450355b6460
                                                                                                                                                • Opcode Fuzzy Hash: c233e20f0ecee108d1a02a7d94f0f0a992bf656e7a8d8815467a65db118e4f11
                                                                                                                                                • Instruction Fuzzy Hash: D1419D62A1CE9D82FB14AF15F4543BAA361FB857A0F400235E69E06BD9DF7CE054C790
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD06B50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FFC1FD06BBB
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD082B2
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD082CC
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD082F6
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD08320
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: std::_Facet_Register.LIBCPMT ref: 00007FFC1FD08339
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD08358
                                                                                                                                                • ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@DD@Z.MSVCP140 ref: 00007FFC1FD06C2B
                                                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FFC1FD06C60
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: U?$char_traits@$V?$ostreambuf_iterator@$D@std@@@std@@@std@@Lockit@std@@$??0_??1_?flush@?$basic_ostream@?getloc@ios_base@std@@?put@?$time_put@Bid@locale@std@@D@std@@@2@D@std@@@std@@Facet_Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@RegisterUtm@@V12@V32@V42@@Vfacet@locale@2@Vios_base@2@Vlocale@2@std::_
                                                                                                                                                • String ID: $b
                                                                                                                                                • API String ID: 2374335714-2505604640
                                                                                                                                                • Opcode ID: c6cd45424e9051ab469fa1244db57bbf8476600e3f5e0e57702211fa5840139c
                                                                                                                                                • Instruction ID: 4c4560483d3cf18ad7b9e3c9993faccdf2b31a88c6a6acbba98e8896c2b6baa7
                                                                                                                                                • Opcode Fuzzy Hash: c6cd45424e9051ab469fa1244db57bbf8476600e3f5e0e57702211fa5840139c
                                                                                                                                                • Instruction Fuzzy Hash: 37316D62A08BC982EB14DF64E4903BEB760FBD9B98F148122DA8D47716DF7CD094C750
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD06A20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FFC1FD06A8B
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD082B2
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD082CC
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD082F6
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD08320
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: std::_Facet_Register.LIBCPMT ref: 00007FFC1FD08339
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD08358
                                                                                                                                                • ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@DD@Z.MSVCP140 ref: 00007FFC1FD06AFB
                                                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FFC1FD06B30
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: U?$char_traits@$V?$ostreambuf_iterator@$D@std@@@std@@@std@@Lockit@std@@$??0_??1_?flush@?$basic_ostream@?getloc@ios_base@std@@?put@?$time_put@Bid@locale@std@@D@std@@@2@D@std@@@std@@Facet_Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@RegisterUtm@@V12@V32@V42@@Vfacet@locale@2@Vios_base@2@Vlocale@2@std::_
                                                                                                                                                • String ID: $a
                                                                                                                                                • API String ID: 2374335714-206647194
                                                                                                                                                • Opcode ID: 40208c702b3025eb7d6e4bcea59c6ce640fd8d329c515ba2f42296a91b8afa97
                                                                                                                                                • Instruction ID: 59e1b6c50e27bf43f310a6c8a6cf77f93f376d81e68607ca51f4e2fc3213230d
                                                                                                                                                • Opcode Fuzzy Hash: 40208c702b3025eb7d6e4bcea59c6ce640fd8d329c515ba2f42296a91b8afa97
                                                                                                                                                • Instruction Fuzzy Hash: 4C316D62A08BC982EB14DF64E4903BAB760FBD9B98F149122DA8D47716DF7CD094C750
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD068F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FFC1FD0695B
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD082B2
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD082CC
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD082F6
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD08320
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: std::_Facet_Register.LIBCPMT ref: 00007FFC1FD08339
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD08358
                                                                                                                                                • ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@DD@Z.MSVCP140 ref: 00007FFC1FD069CB
                                                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FFC1FD06A00
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: U?$char_traits@$V?$ostreambuf_iterator@$D@std@@@std@@@std@@Lockit@std@@$??0_??1_?flush@?$basic_ostream@?getloc@ios_base@std@@?put@?$time_put@Bid@locale@std@@D@std@@@2@D@std@@@std@@Facet_Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@RegisterUtm@@V12@V32@V42@@Vfacet@locale@2@Vios_base@2@Vlocale@2@std::_
                                                                                                                                                • String ID: $B
                                                                                                                                                • API String ID: 2374335714-2922798824
                                                                                                                                                • Opcode ID: 4c90dcd5b17b733bbf7a0741c09f34c9d962b6272dfb0017e2fd1e9677194e17
                                                                                                                                                • Instruction ID: 3f6c4a6e35093e2758a2d5f50ff56a68dc2b893a7e3771be629ee175ffc23697
                                                                                                                                                • Opcode Fuzzy Hash: 4c90dcd5b17b733bbf7a0741c09f34c9d962b6272dfb0017e2fd1e9677194e17
                                                                                                                                                • Instruction Fuzzy Hash: 0D316F62608BC982EB14DF65E4903BAB760FBD9B54F148122DB8D47B16DF7CD094C750
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD067C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FFC1FD0682B
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD082B2
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD082CC
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD082F6
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD08320
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: std::_Facet_Register.LIBCPMT ref: 00007FFC1FD08339
                                                                                                                                                  • Part of subcall function 00007FFC1FD082A0: ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,?,00007FFC1FD1AECA), ref: 00007FFC1FD08358
                                                                                                                                                • ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@DD@Z.MSVCP140 ref: 00007FFC1FD0689B
                                                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FFC1FD068D0
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: U?$char_traits@$V?$ostreambuf_iterator@$D@std@@@std@@@std@@Lockit@std@@$??0_??1_?flush@?$basic_ostream@?getloc@ios_base@std@@?put@?$time_put@Bid@locale@std@@D@std@@@2@D@std@@@std@@Facet_Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@RegisterUtm@@V12@V32@V42@@Vfacet@locale@2@Vios_base@2@Vlocale@2@std::_
                                                                                                                                                • String ID: $A
                                                                                                                                                • API String ID: 2374335714-926879570
                                                                                                                                                • Opcode ID: 23fbfba1f362895d4738c1b54d018f1fa61c5d990b0208e7b8aa9063b041dc4d
                                                                                                                                                • Instruction ID: dcd56c07adc06e60960d0e1d58ed3434d8393f1ec24ea71f25dbc1d9352d3a2d
                                                                                                                                                • Opcode Fuzzy Hash: 23fbfba1f362895d4738c1b54d018f1fa61c5d990b0208e7b8aa9063b041dc4d
                                                                                                                                                • Instruction Fuzzy Hash: 64316D62A08BC982EB14DF64E4903BAB760FBD9B98F148122DB8D47756DF7CD098C750
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCFE5B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 61COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 16%
                                                                                                                                                			E00007FFC7FFC1FCFE5B0(void* __eax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long _a8, long long _a24) {
				void* _v8;
				signed int _v16;
				long long _v80;
				void* _t15;
				signed long long _t21;
				intOrPtr* _t23;
				void* _t28;
				intOrPtr* _t35;
				void* _t40;

				_t28 = __rcx;
				_a8 = __rbx;
				_a24 = __rsi;
				_t41 = _t40 - 0x70;
				_t21 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_v16 = _t21 ^ _t40 - 0x00000070;
				_t4 = _t28 + 0x70; // 0x70
				_v80 = _t4;
				0x1fd15430();
				if (__eax != 0) goto 0x1fcfe636;
				_t35 =  *((intOrPtr*)(__rcx + 0x60));
				_t23 =  *_t35;
				if (_t23 == _t35) goto 0x1fcfe63e;
				if ( *((intOrPtr*)(_t23 + 0x10)) == __rdx) goto 0x1fcfe608;
				if ( *_t23 == _t35) goto 0x1fcfe63e;
				goto 0x1fcfe5f5;
				 *((char*)(__rdx + 0xa0)) = 0;
				0x1fd15436();
				return E00007FFC7FFC1FD15E20(__eax, _t15, _v16 ^ _t41);
			}












                                                                                                                                                0x7ffc1fcfe5b0
                                                                                                                                                0x7ffc1fcfe5b0
                                                                                                                                                0x7ffc1fcfe5b5
                                                                                                                                                0x7ffc1fcfe5bb
                                                                                                                                                0x7ffc1fcfe5bf
                                                                                                                                                0x7ffc1fcfe5c9
                                                                                                                                                0x7ffc1fcfe5d4
                                                                                                                                                0x7ffc1fcfe5d8
                                                                                                                                                0x7ffc1fcfe5e0
                                                                                                                                                0x7ffc1fcfe5e7
                                                                                                                                                0x7ffc1fcfe5e9
                                                                                                                                                0x7ffc1fcfe5ed
                                                                                                                                                0x7ffc1fcfe5f3
                                                                                                                                                0x7ffc1fcfe5f9
                                                                                                                                                0x7ffc1fcfe604
                                                                                                                                                0x7ffc1fcfe606
                                                                                                                                                0x7ffc1fcfe608
                                                                                                                                                0x7ffc1fcfe612
                                                                                                                                                0x7ffc1fcfe635

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: C_error@std@@ExceptionMtx_lockMtx_unlockThrowThrow_
                                                                                                                                                • String ID: port object {:#x} is not present in the list
                                                                                                                                                • API String ID: 2666407778-719059081
                                                                                                                                                • Opcode ID: 7a01bff67824c97406ef6f3f9ff31e7dfe46c6d7f30b8d93a14c55eb0ff5df53
                                                                                                                                                • Instruction ID: 288ddbbe373ed3206af4db0d2291dc55b38887153951d0a71bab2740f2d9f0c0
                                                                                                                                                • Opcode Fuzzy Hash: 7a01bff67824c97406ef6f3f9ff31e7dfe46c6d7f30b8d93a14c55eb0ff5df53
                                                                                                                                                • Instruction Fuzzy Hash: 75118E21B18F6E81EA24DF21E4601BEA3A0FB85BD0F944131EA9D43B65DF3CE461CB50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD09720 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 59COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 24%
                                                                                                                                                			E00007FFC7FFC1FD09720(signed long long __rcx) {
				signed int _v24;
				long long _v32;
				long long _v40;
				signed long long _v56;
				char _v64;
				signed long long _v72;
				void* _t17;
				intOrPtr _t19;
				void* _t21;
				signed long long _t28;
				signed long long _t29;
				long long* _t37;
				signed long long _t39;
				intOrPtr _t46;
				signed long long _t49;

				_t28 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_t29 = _t28 ^ _t49;
				_v24 = _t29;
				_t37 = __rcx;
				_v72 = __rcx;
				E00007FFC7FFC1FD156A8(_t17, _t29, __rcx);
				asm("movups xmm0, [0x23932]");
				_t39 = _t29;
				_v40 = 0x26;
				_v32 = 0x2f;
				asm("movups [eax], xmm0");
				_v72 = _t39;
				asm("movups xmm1, [0x2391a]");
				_v64 = 1;
				asm("xorps xmm0, xmm0");
				asm("movups [eax+0x10], xmm1");
				_t19 = M00007FFC7FFC1FD2D0A0; // 0x39392e2e
				 *((intOrPtr*)(_t39 + 0x20)) = _t19;
				 *((short*)(_t39 + 0x24)) =  *0x1fd2d0a4 & 0x0000ffff;
				 *((char*)(_t39 + 0x26)) = 0;
				_v56 = _t39;
				 *_t37 = 0x1fd2b9e8;
				asm("movups [edx], xmm0");
				0x1fd270e3();
				_t46 = _v32;
				 *_t37 = 0x1fd2cfa0;
				if (_t46 - 0x10 < 0) goto 0x1fd09800;
				if (_t46 + 1 - 0x1000 < 0) goto 0x1fd097fb;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fd097fb;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t21 = E00007FFC7FFC1FD156E4();
				 *_t37 = 0x1fd2d070;
				return E00007FFC7FFC1FD15E20(_t21, 0x30, _v24 ^ _t49);
			}


















                                                                                                                                                0x7ffc1fd09726
                                                                                                                                                0x7ffc1fd0972d
                                                                                                                                                0x7ffc1fd09730
                                                                                                                                                0x7ffc1fd09735
                                                                                                                                                0x7ffc1fd09738
                                                                                                                                                0x7ffc1fd09742
                                                                                                                                                0x7ffc1fd09747
                                                                                                                                                0x7ffc1fd0974e
                                                                                                                                                0x7ffc1fd09751
                                                                                                                                                0x7ffc1fd0975a
                                                                                                                                                0x7ffc1fd09767
                                                                                                                                                0x7ffc1fd0976a
                                                                                                                                                0x7ffc1fd0976f
                                                                                                                                                0x7ffc1fd09776
                                                                                                                                                0x7ffc1fd0977b
                                                                                                                                                0x7ffc1fd0977e
                                                                                                                                                0x7ffc1fd09782
                                                                                                                                                0x7ffc1fd09788
                                                                                                                                                0x7ffc1fd09792
                                                                                                                                                0x7ffc1fd0979d
                                                                                                                                                0x7ffc1fd097a1
                                                                                                                                                0x7ffc1fd097ab
                                                                                                                                                0x7ffc1fd097ae
                                                                                                                                                0x7ffc1fd097b1
                                                                                                                                                0x7ffc1fd097b6
                                                                                                                                                0x7ffc1fd097c2
                                                                                                                                                0x7ffc1fd097c9
                                                                                                                                                0x7ffc1fd097dd
                                                                                                                                                0x7ffc1fd097f2
                                                                                                                                                0x7ffc1fd097f4
                                                                                                                                                0x7ffc1fd097fa
                                                                                                                                                0x7ffc1fd097fb
                                                                                                                                                0x7ffc1fd09807
                                                                                                                                                0x7ffc1fd0981f

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00007FFC1FD156A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFC1FCF8F4E), ref: 00007FFC1FD156C2
                                                                                                                                                • __std_exception_copy.VCRUNTIME140 ref: 00007FFC1FD097B1
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD097F4
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                                                • String ID: &$..9999$/
                                                                                                                                                • API String ID: 4226527432-2119091122
                                                                                                                                                • Opcode ID: 81d1829f8e264f58d2a2cc28af89bcd8bfff8cd77fa475b3c54e2f2bdf5b4a77
                                                                                                                                                • Instruction ID: dfcc3841463e70be47cb007d9cba7bca337ebdadbd5015ce716a85fa54982d4c
                                                                                                                                                • Opcode Fuzzy Hash: 81d1829f8e264f58d2a2cc28af89bcd8bfff8cd77fa475b3c54e2f2bdf5b4a77
                                                                                                                                                • Instruction Fuzzy Hash: 29219162918F9D85EB15EF24E5503797360FB897A8F504331EA9C063A9EF7CE1A1C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD2A8A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExclusiveLock$AcquireRelease_invalid_parameter_noinfo_noreturn
                                                                                                                                                • String ID: _old.txt$pe
                                                                                                                                                • API String ID: 2194057460-2532907229
                                                                                                                                                • Opcode ID: 19375733d42b06231c66649bbc83495ebd19588091db51a5034f5594767d68ad
                                                                                                                                                • Instruction ID: 63c79a3421a98bc0d62a463fae7135267591c4cc4bdbcb7ca31b66b1b5402be2
                                                                                                                                                • Opcode Fuzzy Hash: 19375733d42b06231c66649bbc83495ebd19588091db51a5034f5594767d68ad
                                                                                                                                                • Instruction Fuzzy Hash: 16113864F18EAE40FB0ABF69A8553381210AF867F5F801331D5EC41EE5EF6C60A1C2E1
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD10F50 Relevance: 7.6, APIs: 5, Instructions: 150windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 19%
                                                                                                                                                			E00007FFC7FFC1FD10F50(int __edx, long long __rbx, long long __rcx, long long _a24) {
				signed int _v56;
				long long _v64;
				long long _v72;
				char _v88;
				long long _v96;
				void* _v104;
				long long _v112;
				long long _v120;
				intOrPtr _v128;
				long long _v136;
				void* __rbp;
				void* __r14;
				int _t51;
				int _t54;
				void* _t56;
				int _t71;
				signed long long _t89;
				int _t113;
				void* _t119;
				long long _t121;
				void* _t125;
				long long _t127;
				void* _t129;
				intOrPtr _t133;
				void* _t134;
				char _t136;
				void* _t137;
				long long _t139;

				_a24 = __rbx;
				_t89 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_v56 = _t89 ^ _t129 - 0x00000080;
				_t71 = __edx;
				_t127 = __rcx;
				_v104 = __rcx;
				r15d = 0;
				_v104 = _t139;
				_v120 = _t139;
				_v128 = r15d;
				_v136 =  &_v104;
				r9d = 0x400;
				r8d = __edx;
				if (FormatMessageW(??, ??, ??, ??, ??, ??, ??) != 0) goto 0x1fd10fc0;
				E00007FFC7FFC1FD11450(__edx, FormatMessageW(??, ??, ??, ??, ??, ??, ??), __rcx, _t119, _t129, _t134, _t137);
				goto 0x1fd11159;
				_v96 = _v104;
				_v112 = _t139;
				_v120 = _t139;
				_v128 = r15d;
				_v136 = _t139;
				r9d = 0xffffffff;
				_t51 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				_t138 = _t51;
				if (_t51 != 0) goto 0x1fd11005;
				E00007FFC7FFC1FD11450(__edx, _t51, __rcx, _t119, _t129, _t134, _t51);
				goto 0x1fd11150;
				_v88 = _t139;
				_v72 = _t139;
				_v64 = 0xf;
				_v88 = 0;
				r8d = 0;
				E00007FFC7FFC1FD0C1D0(_v104,  &_v88, _t51, _t51);
				_t93 =  >=  ? _v88 :  &_v88;
				_v112 = _t139;
				_v120 = _t139;
				_v128 = r14d;
				_v136 =  >=  ? _v88 :  &_v88;
				r9d = 0xffffffff;
				_t133 = _v104;
				_t54 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				r8d = _t54;
				if (_t54 != 0) goto 0x1fd110b8;
				E00007FFC7FFC1FD11450(_t71, _t54, _t127, _t51, _t129, _t134, _t138);
				_t121 = _v64;
				if (_t121 - 0x10 < 0) goto 0x1fd11140;
				if (_t121 + 1 - 0x1000 < 0) goto 0x1fd110ae;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fd110ae;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t56 = E00007FFC7FFC1FD156E4();
				goto 0x1fd11140;
				r8d = r8d - 1;
				_t113 = r8d;
				_t136 = _v88;
				if (r8d <= 0) goto 0x1fd11122;
				_t98 =  >=  ? _t136 :  &_v88;
				if ( *((char*)(_t113 + ( >=  ? _t136 :  &_v88) - 1)) == 0xa) goto 0x1fd110f6;
				_t100 =  >=  ? _t136 :  &_v88;
				if ( *((char*)(_t113 + ( >=  ? _t136 :  &_v88) - 1)) != 0xd) goto 0x1fd11101;
				r8d = r8d - 1;
				if (_t113 - 1 > 0) goto 0x1fd110d0;
				if (r8d <= 0) goto 0x1fd11122;
				_t125 =  >=  ? _t136 :  &_v88;
				_t40 = _t133 - 1; // -3
				r8d =  ==  ? _t40 : r8d;
				r8d = 0;
				E00007FFC7FFC1FD10430(_t56,  &_v88, r8d);
				asm("movups xmm0, [ebp-0x30]");
				asm("movups [edi], xmm0");
				asm("movups xmm1, [ebp-0x20]");
				asm("movups [edi+0x10], xmm1");
				_v88 = 0;
				_v64 = 0xf;
				_v72 = _t139;
				return E00007FFC7FFC1FD15E20(LocalFree(??), _t40, _v56 ^ _t129 - 0x00000080);
			}































                                                                                                                                                0x7ffc1fd10f50
                                                                                                                                                0x7ffc1fd10f66
                                                                                                                                                0x7ffc1fd10f70
                                                                                                                                                0x7ffc1fd10f74
                                                                                                                                                0x7ffc1fd10f76
                                                                                                                                                0x7ffc1fd10f79
                                                                                                                                                0x7ffc1fd10f7d
                                                                                                                                                0x7ffc1fd10f80
                                                                                                                                                0x7ffc1fd10f84
                                                                                                                                                0x7ffc1fd10f89
                                                                                                                                                0x7ffc1fd10f92
                                                                                                                                                0x7ffc1fd10f97
                                                                                                                                                0x7ffc1fd10f9d
                                                                                                                                                0x7ffc1fd10faf
                                                                                                                                                0x7ffc1fd10fb6
                                                                                                                                                0x7ffc1fd10fbb
                                                                                                                                                0x7ffc1fd10fc4
                                                                                                                                                0x7ffc1fd10fc8
                                                                                                                                                0x7ffc1fd10fcd
                                                                                                                                                0x7ffc1fd10fd2
                                                                                                                                                0x7ffc1fd10fd7
                                                                                                                                                0x7ffc1fd10fdc
                                                                                                                                                0x7ffc1fd10fe9
                                                                                                                                                0x7ffc1fd10fef
                                                                                                                                                0x7ffc1fd10ff4
                                                                                                                                                0x7ffc1fd10ffb
                                                                                                                                                0x7ffc1fd11000
                                                                                                                                                0x7ffc1fd11005
                                                                                                                                                0x7ffc1fd11009
                                                                                                                                                0x7ffc1fd1100d
                                                                                                                                                0x7ffc1fd11015
                                                                                                                                                0x7ffc1fd1101c
                                                                                                                                                0x7ffc1fd11023
                                                                                                                                                0x7ffc1fd11032
                                                                                                                                                0x7ffc1fd11037
                                                                                                                                                0x7ffc1fd1103c
                                                                                                                                                0x7ffc1fd11041
                                                                                                                                                0x7ffc1fd11046
                                                                                                                                                0x7ffc1fd1104b
                                                                                                                                                0x7ffc1fd11051
                                                                                                                                                0x7ffc1fd11059
                                                                                                                                                0x7ffc1fd1105f
                                                                                                                                                0x7ffc1fd11064
                                                                                                                                                0x7ffc1fd1106b
                                                                                                                                                0x7ffc1fd11071
                                                                                                                                                0x7ffc1fd11079
                                                                                                                                                0x7ffc1fd11090
                                                                                                                                                0x7ffc1fd110a5
                                                                                                                                                0x7ffc1fd110a7
                                                                                                                                                0x7ffc1fd110ad
                                                                                                                                                0x7ffc1fd110ae
                                                                                                                                                0x7ffc1fd110b3
                                                                                                                                                0x7ffc1fd110b8
                                                                                                                                                0x7ffc1fd110bb
                                                                                                                                                0x7ffc1fd110c2
                                                                                                                                                0x7ffc1fd110c9
                                                                                                                                                0x7ffc1fd110d8
                                                                                                                                                0x7ffc1fd110e1
                                                                                                                                                0x7ffc1fd110eb
                                                                                                                                                0x7ffc1fd110f4
                                                                                                                                                0x7ffc1fd110f6
                                                                                                                                                0x7ffc1fd110ff
                                                                                                                                                0x7ffc1fd11104
                                                                                                                                                0x7ffc1fd1110e
                                                                                                                                                0x7ffc1fd11112
                                                                                                                                                0x7ffc1fd1111e
                                                                                                                                                0x7ffc1fd11125
                                                                                                                                                0x7ffc1fd1112c
                                                                                                                                                0x7ffc1fd11131
                                                                                                                                                0x7ffc1fd11135
                                                                                                                                                0x7ffc1fd11138
                                                                                                                                                0x7ffc1fd1113c
                                                                                                                                                0x7ffc1fd11140
                                                                                                                                                0x7ffc1fd11144
                                                                                                                                                0x7ffc1fd1114c
                                                                                                                                                0x7ffc1fd1117e

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ByteCharFormatFreeLocalMessageMultiWide
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2906450291-0
                                                                                                                                                • Opcode ID: af953d9cff2a8f05137041803a2c7d5d08e1c9e19b80ec48ea067704dbc0be7f
                                                                                                                                                • Instruction ID: 0bd5f6ee064659e27d144d631f550da7a929ed162e946c94615e4b2d3c4bedf3
                                                                                                                                                • Opcode Fuzzy Hash: af953d9cff2a8f05137041803a2c7d5d08e1c9e19b80ec48ea067704dbc0be7f
                                                                                                                                                • Instruction Fuzzy Hash: 0951C323F28F7985FB14DF75A8407BD66A5BB45BA8F404634EE4D12A89DF38D051C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD03FF0 Relevance: 7.6, APIs: 5, Instructions: 140COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FFC1FD03B6C), ref: 00007FFC1FD0404F
                                                                                                                                                • memset.VCRUNTIME140(?,?,?,?,00000000,?,?,?,00000000,00007FFC1FD03B6C), ref: 00007FFC1FD040AC
                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FFC1FD03B6C), ref: 00007FFC1FD040EA
                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00007FFC1FD03B6C), ref: 00007FFC1FD04117
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000,?,?,?,00000000,00007FFC1FD03B6C), ref: 00007FFC1FD04178
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ByteCharMultiWide$_invalid_parameter_noinfo_noreturnmemset
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2536929686-0
                                                                                                                                                • Opcode ID: afe144113961a97d98ef3f5f0637efb7c2706ae311b8a217db6a83da57d6f214
                                                                                                                                                • Instruction ID: 1520e93051699bfa9f1c1ad375cfcded6c9396247b4154e80791bdb48fb81f20
                                                                                                                                                • Opcode Fuzzy Hash: afe144113961a97d98ef3f5f0637efb7c2706ae311b8a217db6a83da57d6f214
                                                                                                                                                • Instruction Fuzzy Hash: C441C622A18B6D81E618EF12A40463AB694FF55BF0F154635DAAC03BD4DF7CD451C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD07ED0 Relevance: 7.6, APIs: 5, Instructions: 127COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00007FFC1FD09000: __std_exception_copy.VCRUNTIME140(?,?,?,00007FFC1FD07EE1), ref: 00007FFC1FD0902F
                                                                                                                                                • _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFC1FD0E5AE), ref: 00007FFC1FD07EED
                                                                                                                                                • _CxxThrowException.VCRUNTIME140 ref: 00007FFC1FD07F20
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExceptionThrow$__std_exception_copy
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 174860668-0
                                                                                                                                                • Opcode ID: c1cb6d9bcfe73680954b05bd2f00705a56892c5753c6a787038471f4f98fb298
                                                                                                                                                • Instruction ID: c425894763b3e0246d9f3cc07fd24ce3d512a832004271c6eea4f4ea7fa62304
                                                                                                                                                • Opcode Fuzzy Hash: c1cb6d9bcfe73680954b05bd2f00705a56892c5753c6a787038471f4f98fb298
                                                                                                                                                • Instruction Fuzzy Hash: DE417962608E9981DB18AF25D1903BDA760FB85FD4F188132DA4E47B69CF3CD46AC390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF8330 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 119COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memmove
                                                                                                                                                • String ID: false
                                                                                                                                                • API String ID: 2162964266-734881840
                                                                                                                                                • Opcode ID: bc025fc7f03d0eb2bbeeb250945b171c69d13fae9fd529cdf8a4856c7184f660
                                                                                                                                                • Instruction ID: ef8f0c306c33c6c555a511f567fdfb9f4fc9bf15b1069e1c501094f288c464d3
                                                                                                                                                • Opcode Fuzzy Hash: bc025fc7f03d0eb2bbeeb250945b171c69d13fae9fd529cdf8a4856c7184f660
                                                                                                                                                • Instruction Fuzzy Hash: 80410962B04EA982EB24DF22E5150AEE762EB49FE470C8032CF4D17B89CE3CD416D350
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD0CBA0 Relevance: 7.6, APIs: 5, Instructions: 117COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD0CBDC
                                                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FFC1FD0CC39
                                                                                                                                                • ??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FFC1FD0CC46
                                                                                                                                                • ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FFC1FD0CC50
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD0CCBF
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: D@std@@@std@@U?$char_traits@$_invalid_parameter_noinfo_noreturn$??1?$basic_streambuf@?flush@?$basic_ostream@D?$basic_ostream@V12@
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2012728387-0
                                                                                                                                                • Opcode ID: e1402780647fd9f5ba4265f82a7b71ad14e8cddf1fc0af9fd9e8ab2e09c68d73
                                                                                                                                                • Instruction ID: 40877a5ab4a547030912efc95c99fea5408ae6a88df4efa6e5f27f16bdeed13e
                                                                                                                                                • Opcode Fuzzy Hash: e1402780647fd9f5ba4265f82a7b71ad14e8cddf1fc0af9fd9e8ab2e09c68d73
                                                                                                                                                • Instruction Fuzzy Hash: B241AB62A09F9D81EF18AF25E49437C2261EB44FE4F588131DA5D0B7A8CF7CD8A5C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD06C80 Relevance: 7.6, APIs: 5, Instructions: 103COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FFC1FD06CE1
                                                                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FFC1FD06D09
                                                                                                                                                • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FFC1FD06D35
                                                                                                                                                • ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FFC1FD06DAC
                                                                                                                                                • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FFC1FD06DB8
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: D@std@@@std@@U?$char_traits@$?flush@?$basic_ostream@V12@$?getloc@ios_base@std@@?uncaught_exception@std@@Osfx@?$basic_ostream@Vlocale@2@
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3671896189-0
                                                                                                                                                • Opcode ID: 4e65773688b1f2c42ebbc07e31e0dda28c504954d5f195be2978443c76955207
                                                                                                                                                • Instruction ID: e7f3dd5c3999f044384307139f405c221841718712b26c4ff50a690ec7801fdc
                                                                                                                                                • Opcode Fuzzy Hash: 4e65773688b1f2c42ebbc07e31e0dda28c504954d5f195be2978443c76955207
                                                                                                                                                • Instruction Fuzzy Hash: 7B414A66609F5981EB58AF26D09037C67A0EF85FA5F288536CE4E07764CF3CD465C3A0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD23EBC Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: EventExceptionThrow$CloseCurrentHandleOpenProcess
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1106008904-0
                                                                                                                                                • Opcode ID: b2a194da56109f0ab5883906832dcec0df51a9c864678fda844bfaa8af52e3a9
                                                                                                                                                • Instruction ID: 4b8d77ffde571e528c2e9bf379ccab8feed9131d332bc3038fcfdda6b24d0977
                                                                                                                                                • Opcode Fuzzy Hash: b2a194da56109f0ab5883906832dcec0df51a9c864678fda844bfaa8af52e3a9
                                                                                                                                                • Instruction Fuzzy Hash: 6221AEA2B18E9E92EB28EF24E4402BC6360FB48BA0F444131D76D47695DF2CE568C3D0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD29B80 Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExceptionThrow$LockShared$AcquireReleasefree
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3699279316-0
                                                                                                                                                • Opcode ID: 31515549c75ed788ea0c1695023ac1dc9ebf407b0dee6fe39a9ddf696b84dbfb
                                                                                                                                                • Instruction ID: c11db631a9727f86158ea13516aa11f9eaedd652f2892c2692833445184b0e1b
                                                                                                                                                • Opcode Fuzzy Hash: 31515549c75ed788ea0c1695023ac1dc9ebf407b0dee6fe39a9ddf696b84dbfb
                                                                                                                                                • Instruction Fuzzy Hash: 8911A326A09E5D45EB5DFF3198153BD2361AF86794F088434DD4F46685CF3CD065D2D0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD14BC0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00007FFC7FFC1FD14BC0(void* __edx, long long __rbx, long long* __rcx, long long _a8) {
				intOrPtr _t27;

				_a8 = __rbx;
				 *__rcx = 0x1fd2e0f8;
				_t27 =  *((intOrPtr*)(__rcx + 8));
				if (_t27 == __rcx + 0x20) goto 0x1fd14c14;
				if ( *(__rcx + 0x18) << 2 - 0x1000 < 0) goto 0x1fd14c0f;
				if (_t27 -  *((intOrPtr*)(_t27 - 8)) - 8 - 0x1f > 0) goto 0x1fd14c35;
				E00007FFC7FFC1FD156E4();
				if ((dil & 0x00000001) == 0) goto 0x1fd14c27;
				return E00007FFC7FFC1FD156E4();
			}




                                                                                                                                                0x7ffc1fd14bc0
                                                                                                                                                0x7ffc1fd14bd4
                                                                                                                                                0x7ffc1fd14bd9
                                                                                                                                                0x7ffc1fd14be4
                                                                                                                                                0x7ffc1fd14bf5
                                                                                                                                                0x7ffc1fd14c0a
                                                                                                                                                0x7ffc1fd14c0f
                                                                                                                                                0x7ffc1fd14c18
                                                                                                                                                0x7ffc1fd14c34

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: free$??1facet@locale@std@@_invalid_parameter_noinfo_noreturn
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3103965028-0
                                                                                                                                                • Opcode ID: 0f3a1de6d07cd520c0ec4f5498015560fe15efa5a9c32b99f513729eb7fec998
                                                                                                                                                • Instruction ID: 1a520da5c61701b36ec98b8f8738f9d36a850c0e2560d420be4302aa07ef5746
                                                                                                                                                • Opcode Fuzzy Hash: 0f3a1de6d07cd520c0ec4f5498015560fe15efa5a9c32b99f513729eb7fec998
                                                                                                                                                • Instruction Fuzzy Hash: 8E218031B19E5E82EB08AF25E5902786361FF8AFD4F584032CA4D07B65DE6CD4A5C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD1AC20 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 195COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 46%
                                                                                                                                                			E00007FFC7FFC1FD1AC20(void* __eax, void* __edi, long long __rcx, void* __rdx, long long __r8, void* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* _t57;
				void* _t70;
				signed long long _t87;
				void* _t90;
				void* _t98;
				void* _t102;
				void* _t109;
				long long _t111;
				long long _t117;
				void* _t134;
				intOrPtr _t135;
				signed char* _t139;
				long long _t141;
				void* _t143;
				void* _t144;
				signed long long _t145;
				long long _t161;
				void* _t162;
				long long _t167;

				_t143 = _t144 - 0x98;
				_t145 = _t144 - 0x198;
				_t87 =  *0x1fd3ec78; // 0x18cf064c5a8d
				 *(_t143 + 0x80) = _t87 ^ _t145;
				_t167 = __r8;
				_t161 = __rcx;
				 *((long long*)(_t145 + 0x48)) = __rcx;
				 *((long long*)(_t145 + 0x50)) = _t141;
				r13d = 0x100;
				_t90 =  >  ? _t162 : __r9;
				if (__rcx == __rdx) goto 0x1fd1ae59;
				if (_t90 == 0) goto 0x1fd1ae59;
				_t6 = _t143 - 0x80; // 0x80
				 *((long long*)(_t145 + 0x40)) = _t6;
				_t8 = _t143 - 0x80; // 0x80
				 *((long long*)(_t145 + 0x38)) = _t145 + 0x40;
				 *((long long*)(_t145 + 0x30)) = _t90 + _t8;
				_t12 = _t143 - 0x80; // 0x80
				 *((long long*)(_t145 + 0x28)) = _t12;
				 *((long long*)(_t145 + 0x20)) = _t145 + 0x48;
				__imp__?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z();
				_t70 = __eax;
				if (_t70 == 0) goto 0x1fd1acfe;
				if (_t70 != 0) goto 0x1fd1ad39;
				_t17 = _t143 - 0x80; // 0x80
				if ( *((intOrPtr*)(_t145 + 0x40)) != _t17) goto 0x1fd1ad03;
				if ( *((intOrPtr*)(_t145 + 0x48)) != __rdx) goto 0x1fd1ae85;
				goto 0x1fd1ae59;
				_t21 = _t143 - 0x80; // 0x80
				_t117 = __r8;
				_t57 = E00007FFC7FFC1FD03030(__r9, __r8, _t141,  *((intOrPtr*)(_t145 + 0x40)) - _t21);
				_t24 = _t143 - 0x80; // 0x80
				_t109 = __r9 -  *((intOrPtr*)(_t145 + 0x40)) + _t24;
				_t98 =  >  ? _t162 : _t109;
				goto 0x1fd1ac82;
				if (_t57 != 2) goto 0x1fd1ae85;
				_t139 =  *((intOrPtr*)(_t145 + 0x48));
				_t110 =  <  ? __rdx - _t139 >> 1 : _t109;
				_t166 = ( <  ? __rdx - _t139 >> 1 : _t109) + _t110;
				_t111 = ( <  ? __rdx - _t139 >> 1 : _t109) + _t110 + _t139;
				 *((long long*)(_t145 + 0x70)) = _t141;
				 *((long long*)(_t145 + 0x78)) = _t117;
				 *((intOrPtr*)(_t145 + 0x60)) = sil;
				if (_t111 - _t139 >> 1 - 0x10 < 0) goto 0x1fd1ad96;
				r8d = 0;
				E00007FFC7FFC1FD1AAD0(_t111, _t145 + 0x60, _t111 - _t139 >> 1, _t141);
				 *((long long*)(_t145 + 0x70)) = _t141;
				 *((long long*)(_t145 + 0x58)) = _t145 + 0x60;
				if (_t139 == _t111) goto 0x1fd1adf5;
				r9d =  *_t139 & 0x000000ff;
				if (_t141 -  *((intOrPtr*)(_t145 + 0x78)) >= 0) goto 0x1fd1add1;
				_t37 = _t141 + 1; // 0x1
				 *((long long*)(_t145 + 0x70)) = _t37;
				_t102 =  >=  ?  *((void*)(_t145 + 0x60)) : _t145 + 0x60;
				 *((intOrPtr*)(_t102 + _t141)) = r9b;
				 *((char*)(_t102 + _t141 + 1)) = 0;
				goto 0x1fd1ade2;
				r8d = 0;
				E00007FFC7FFC1FD029B0(_t111, _t145 + 0x60, _t111 - _t139 >> 1, _t139, _t161);
				if ( &(_t139[2]) != _t111) goto 0x1fd1ada5;
				_t134 =  >=  ?  *((void*)(_t145 + 0x60)) : _t145 + 0x60;
				E00007FFC7FFC1FD03030(_t111, _t167,  *((intOrPtr*)(_t145 + 0x70)),  *((intOrPtr*)(_t145 + 0x70)));
				_t135 =  *((intOrPtr*)(_t145 + 0x78));
				if (_t135 - 0x10 < 0) goto 0x1fd1ae51;
				if (_t135 + 1 - 0x1000 < 0) goto 0x1fd1ae4b;
				if ( *((intOrPtr*)(_t145 + 0x60)) -  *((intOrPtr*)( *((intOrPtr*)(_t145 + 0x60)) - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fd1ae4b;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFC7FFC1FD15E20(E00007FFC7FFC1FD156E4(), 0xf,  *(_t143 + 0x80) ^ _t145);
			}



























                                                                                                                                                0x7ffc1fd1ac2d
                                                                                                                                                0x7ffc1fd1ac35
                                                                                                                                                0x7ffc1fd1ac3c
                                                                                                                                                0x7ffc1fd1ac46
                                                                                                                                                0x7ffc1fd1ac50
                                                                                                                                                0x7ffc1fd1ac56
                                                                                                                                                0x7ffc1fd1ac5c
                                                                                                                                                0x7ffc1fd1ac6a
                                                                                                                                                0x7ffc1fd1ac72
                                                                                                                                                0x7ffc1fd1ac7b
                                                                                                                                                0x7ffc1fd1ac82
                                                                                                                                                0x7ffc1fd1ac8b
                                                                                                                                                0x7ffc1fd1ac91
                                                                                                                                                0x7ffc1fd1ac95
                                                                                                                                                0x7ffc1fd1ac9a
                                                                                                                                                0x7ffc1fd1aca6
                                                                                                                                                0x7ffc1fd1acab
                                                                                                                                                0x7ffc1fd1acb0
                                                                                                                                                0x7ffc1fd1acb4
                                                                                                                                                0x7ffc1fd1acbe
                                                                                                                                                0x7ffc1fd1acce
                                                                                                                                                0x7ffc1fd1acd4
                                                                                                                                                0x7ffc1fd1acd6
                                                                                                                                                0x7ffc1fd1acdb
                                                                                                                                                0x7ffc1fd1acdd
                                                                                                                                                0x7ffc1fd1ace9
                                                                                                                                                0x7ffc1fd1acf3
                                                                                                                                                0x7ffc1fd1acf9
                                                                                                                                                0x7ffc1fd1ad03
                                                                                                                                                0x7ffc1fd1ad0e
                                                                                                                                                0x7ffc1fd1ad11
                                                                                                                                                0x7ffc1fd1ad1b
                                                                                                                                                0x7ffc1fd1ad1f
                                                                                                                                                0x7ffc1fd1ad28
                                                                                                                                                0x7ffc1fd1ad34
                                                                                                                                                0x7ffc1fd1ad3c
                                                                                                                                                0x7ffc1fd1ad42
                                                                                                                                                0x7ffc1fd1ad50
                                                                                                                                                0x7ffc1fd1ad54
                                                                                                                                                0x7ffc1fd1ad58
                                                                                                                                                0x7ffc1fd1ad5c
                                                                                                                                                0x7ffc1fd1ad66
                                                                                                                                                0x7ffc1fd1ad6b
                                                                                                                                                0x7ffc1fd1ad7d
                                                                                                                                                0x7ffc1fd1ad7f
                                                                                                                                                0x7ffc1fd1ad87
                                                                                                                                                0x7ffc1fd1ad8c
                                                                                                                                                0x7ffc1fd1ad9b
                                                                                                                                                0x7ffc1fd1ada3
                                                                                                                                                0x7ffc1fd1ada5
                                                                                                                                                0x7ffc1fd1adac
                                                                                                                                                0x7ffc1fd1adae
                                                                                                                                                0x7ffc1fd1adb2
                                                                                                                                                0x7ffc1fd1adc0
                                                                                                                                                0x7ffc1fd1adc6
                                                                                                                                                0x7ffc1fd1adca
                                                                                                                                                0x7ffc1fd1adcf
                                                                                                                                                0x7ffc1fd1add1
                                                                                                                                                0x7ffc1fd1addd
                                                                                                                                                0x7ffc1fd1adf3
                                                                                                                                                0x7ffc1fd1adfe
                                                                                                                                                0x7ffc1fd1ae0a
                                                                                                                                                0x7ffc1fd1ae10
                                                                                                                                                0x7ffc1fd1ae19
                                                                                                                                                0x7ffc1fd1ae2d
                                                                                                                                                0x7ffc1fd1ae42
                                                                                                                                                0x7ffc1fd1ae44
                                                                                                                                                0x7ffc1fd1ae4a
                                                                                                                                                0x7ffc1fd1ae84

                                                                                                                                                APIs
                                                                                                                                                • ?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z.MSVCP140 ref: 00007FFC1FD1ACCE
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD1AE44
                                                                                                                                                  • Part of subcall function 00007FFC1FD1AAD0: memmove.VCRUNTIME140(?,?,00007FFC1FD1AD8C), ref: 00007FFC1FD1ABAE
                                                                                                                                                  • Part of subcall function 00007FFC1FD029B0: memmove.VCRUNTIME140(?,?,?,?,?,?,00000000,00007FFC1FD14980), ref: 00007FFC1FD02A8F
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memmove$?out@?$codecvt@_Mbstatet@@Mbstatet@@@std@@_invalid_parameter_noinfo_noreturn
                                                                                                                                                • String ID: Could not convert character encoding$libs\log\src\code_conversion.cpp
                                                                                                                                                • API String ID: 2223218856-1764552477
                                                                                                                                                • Opcode ID: b4ca010a03664398e9c2d555ce7183f5ee86bda077ef919516c3c594d6c8e1c8
                                                                                                                                                • Instruction ID: a1328088b5f8088c7a5fbbe87788b58215cd87cf47b8872fa03552cc70f80ffa
                                                                                                                                                • Opcode Fuzzy Hash: b4ca010a03664398e9c2d555ce7183f5ee86bda077ef919516c3c594d6c8e1c8
                                                                                                                                                • Instruction Fuzzy Hash: 9B71AF72B0CFAD85EA14AF65E4402BA67A5FB867E4F940032EA8D03B99DF3CD154C740
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD05B80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 145COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 29%
                                                                                                                                                			E00007FFC7FFC1FD05B80(void* __edx, long long __rbx, void* __rcx, void* __rdx, long long __rsi, signed long long __r8, long long __r12, void* __r13) {
				void* __rdi;
				void* __r14;
				void* __r15;
				void* _t40;
				void* _t41;
				void* _t42;
				signed char _t43;
				intOrPtr* _t71;
				long long _t84;
				void* _t114;
				signed long long _t115;
				void* _t117;
				long long* _t119;
				intOrPtr* _t124;
				long long _t126;
				intOrPtr* _t127;
				long long* _t128;
				void* _t131;
				void* _t132;
				long long _t141;
				void* _t144;
				intOrPtr _t145;
				long long* _t146;
				long long* _t147;
				void* _t149;
				intOrPtr _t151;
				long long* _t152;
				void* _t153;

				_t141 = __r12;
				_t83 = __rbx;
				 *((long long*)(_t131 + 0x10)) = __rbx;
				 *((long long*)(_t131 + 0x18)) = _t126;
				 *((long long*)(_t131 + 0x20)) = __rsi;
				_t132 = _t131 - 0x40;
				_t43 = r9b & 0xffffffff;
				_t115 = __r8;
				if ((__rdx - __rcx & 0xfffffff0) - 0x200 <= 0) goto 0x1fd05c48;
				if (__r8 <= 0) goto 0x1fd05cdd;
				r9d = _t43 & 0x000000ff;
				E00007FFC7FFC1FD05550(__rbx, _t132 + 0x30, __rcx, __rcx, _t126, __rdx, _t149, _t144);
				_t145 =  *((intOrPtr*)(_t132 + 0x30));
				_t127 =  *((intOrPtr*)(_t132 + 0x38));
				_t117 = (_t115 >> 1) + (_t115 >> 2);
				r9d = _t43 & 0x000000ff;
				if ((_t145 - __rcx & 0xfffffff0) - (__rdx - _t127 & 0xfffffff0) >= 0) goto 0x1fd05c24;
				E00007FFC7FFC1FD05B80(__edx, _t83, __rcx, _t145, __rcx, _t117, __r12, __r13);
				_t124 = _t127;
				goto 0x1fd05c32;
				_t40 = E00007FFC7FFC1FD05B80(__edx, _t83, _t127, __rdx, _t124, _t117, _t141, __r13);
				_t151 = _t145;
				if ((_t151 - _t124 & 0xfffffff0) - 0x200 > 0) goto 0x1fd05bc0;
				if (_t124 == _t151) goto 0x1fd05dba;
				_t128 = _t124 + 0x10;
				if (_t128 == _t151) goto 0x1fd05dba;
				 *((long long*)(_t132 + 0x60)) = _t141;
				asm("o16 nop [eax+eax]");
				asm("movups xmm0, [ebp]");
				_t146 = _t128;
				asm("movups [esp+0x30], xmm0");
				_t84 =  *((intOrPtr*)(_t132 + 0x30));
				0x1fd27119(_t114);
				if (_t40 >= 0) goto 0x1fd05d59;
				if (_t128 == _t124) goto 0x1fd05ccc;
				_t11 = _t128 + 8; // 0x8
				asm("o16 nop [eax+eax]");
				_t71 = _t11 - 0x10;
				 *((long long*)(_t71 + 8)) =  *((intOrPtr*)(_t71 - 8));
				 *((long long*)(_t71 + 0x10)) =  *_t71;
				if (_t71 - 8 != _t124) goto 0x1fd05cb0;
				 *((long long*)(_t124 + 8)) =  *((intOrPtr*)(_t132 + 0x38));
				 *_t124 = _t84;
				goto 0x1fd05da8;
				r8d = _t43 & 0x000000ff;
				_t41 = E00007FFC7FFC1FD052C0(_t40, __edx, _t84, _t124, _t151, _t117, _t141, __r13, _t146, _t151);
				if ((_t151 - _t124 & 0xfffffff0) - 0x20 < 0) goto 0x1fd05dba;
				_t152 = _t151 + 0xfffffff0;
				asm("inc ecx");
				 *_t152 =  *_t124;
				 *(_t132 + 0x20) = _t43;
				asm("movups [esp+0x30], xmm0");
				 *((long long*)(_t152 - _t124 + _t124 + 8)) =  *((intOrPtr*)(_t124 + 8));
				_t42 = E00007FFC7FFC1FD058B0(_t41, _t84, _t124, _t151, _t124, _t128, _t152 - _t124 >> 4, _t132 + 0x30);
				_t153 = _t152 - 0x10;
				if ((_t117 - _t124 + _t153 & 0xfffffff0) - 0x20 >= 0) goto 0x1fd05d10;
				goto 0x1fd05dba;
				_t26 = _t128 - 0x10; // -16
				_t119 = _t26;
				0x1fd27119();
				if (_t42 >= 0) goto 0x1fd05d9c;
				 *_t146 =  *_t119;
				 *((long long*)(_t146 + 8)) =  *((intOrPtr*)(_t119 + 8));
				_t147 = _t119;
				0x1fd27119();
				if (_t42 < 0) goto 0x1fd05d72;
				 *((long long*)(_t147 + 8)) =  *((intOrPtr*)(_t132 + 0x38));
				 *_t147 = _t84;
				if (_t128 + 0x10 != _t153) goto 0x1fd05c70;
				return _t42;
			}































                                                                                                                                                0x7ffc1fd05b80
                                                                                                                                                0x7ffc1fd05b80
                                                                                                                                                0x7ffc1fd05b80
                                                                                                                                                0x7ffc1fd05b85
                                                                                                                                                0x7ffc1fd05b8a
                                                                                                                                                0x7ffc1fd05b94
                                                                                                                                                0x7ffc1fd05b9b
                                                                                                                                                0x7ffc1fd05ba2
                                                                                                                                                0x7ffc1fd05bb5
                                                                                                                                                0x7ffc1fd05bc3
                                                                                                                                                0x7ffc1fd05bc9
                                                                                                                                                0x7ffc1fd05bd8
                                                                                                                                                0x7ffc1fd05bdd
                                                                                                                                                0x7ffc1fd05be5
                                                                                                                                                0x7ffc1fd05bfb
                                                                                                                                                0x7ffc1fd05bfe
                                                                                                                                                0x7ffc1fd05c12
                                                                                                                                                0x7ffc1fd05c1a
                                                                                                                                                0x7ffc1fd05c1f
                                                                                                                                                0x7ffc1fd05c22
                                                                                                                                                0x7ffc1fd05c2a
                                                                                                                                                0x7ffc1fd05c2f
                                                                                                                                                0x7ffc1fd05c42
                                                                                                                                                0x7ffc1fd05c4b
                                                                                                                                                0x7ffc1fd05c51
                                                                                                                                                0x7ffc1fd05c58
                                                                                                                                                0x7ffc1fd05c5e
                                                                                                                                                0x7ffc1fd05c67
                                                                                                                                                0x7ffc1fd05c70
                                                                                                                                                0x7ffc1fd05c77
                                                                                                                                                0x7ffc1fd05c7e
                                                                                                                                                0x7ffc1fd05c83
                                                                                                                                                0x7ffc1fd05c8c
                                                                                                                                                0x7ffc1fd05c93
                                                                                                                                                0x7ffc1fd05c9c
                                                                                                                                                0x7ffc1fd05c9e
                                                                                                                                                0x7ffc1fd05ca6
                                                                                                                                                0x7ffc1fd05cb0
                                                                                                                                                0x7ffc1fd05cbc
                                                                                                                                                0x7ffc1fd05cc3
                                                                                                                                                0x7ffc1fd05cca
                                                                                                                                                0x7ffc1fd05cd1
                                                                                                                                                0x7ffc1fd05cd5
                                                                                                                                                0x7ffc1fd05cd8
                                                                                                                                                0x7ffc1fd05cdd
                                                                                                                                                0x7ffc1fd05ce7
                                                                                                                                                0x7ffc1fd05cfa
                                                                                                                                                0x7ffc1fd05d00
                                                                                                                                                0x7ffc1fd05d18
                                                                                                                                                0x7ffc1fd05d1c
                                                                                                                                                0x7ffc1fd05d2b
                                                                                                                                                0x7ffc1fd05d32
                                                                                                                                                0x7ffc1fd05d37
                                                                                                                                                0x7ffc1fd05d40
                                                                                                                                                0x7ffc1fd05d45
                                                                                                                                                0x7ffc1fd05d55
                                                                                                                                                0x7ffc1fd05d57
                                                                                                                                                0x7ffc1fd05d5d
                                                                                                                                                0x7ffc1fd05d5d
                                                                                                                                                0x7ffc1fd05d69
                                                                                                                                                0x7ffc1fd05d70
                                                                                                                                                0x7ffc1fd05d79
                                                                                                                                                0x7ffc1fd05d80
                                                                                                                                                0x7ffc1fd05d84
                                                                                                                                                0x7ffc1fd05d93
                                                                                                                                                0x7ffc1fd05d9a
                                                                                                                                                0x7ffc1fd05da1
                                                                                                                                                0x7ffc1fd05da5
                                                                                                                                                0x7ffc1fd05daf
                                                                                                                                                0x7ffc1fd05dd2

                                                                                                                                                APIs
                                                                                                                                                • __std_type_info_compare.VCRUNTIME140 ref: 00007FFC1FD05C8C
                                                                                                                                                  • Part of subcall function 00007FFC1FD05550: __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FFC1FD05BDD), ref: 00007FFC1FD05643
                                                                                                                                                  • Part of subcall function 00007FFC1FD05550: __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FFC1FD05BDD), ref: 00007FFC1FD0565A
                                                                                                                                                  • Part of subcall function 00007FFC1FD05550: __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FFC1FD05BDD), ref: 00007FFC1FD0567E
                                                                                                                                                  • Part of subcall function 00007FFC1FD05550: __std_type_info_compare.VCRUNTIME140(?,?,00000000,00007FFC1FD05BDD), ref: 00007FFC1FD05695
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: __std_type_info_compare
                                                                                                                                                • String ID: pe
                                                                                                                                                • API String ID: 4241632388-324909747
                                                                                                                                                • Opcode ID: 58baf9a0845eb98950ee1bb8c4eca4588ce26731afac6e4d1a474861e94dfe0a
                                                                                                                                                • Instruction ID: 94ac80a00967d857609b46ed950058ed93f74836d02b98408edd1a7b20a19a12
                                                                                                                                                • Opcode Fuzzy Hash: 58baf9a0845eb98950ee1bb8c4eca4588ce26731afac6e4d1a474861e94dfe0a
                                                                                                                                                • Instruction Fuzzy Hash: E8519C23714F9986EA149F25E4042B9A761FB84BB0F848732EEBD03BD5DB38D151C350
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCFBB20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExceptionThrow__std_exception_copymemmove
                                                                                                                                                • String ID: string pointer is null
                                                                                                                                                • API String ID: 1395217600-3607014066
                                                                                                                                                • Opcode ID: fb3f8f756672564908c9e7ba31fd6963de6eb85cf41dbd966318a02d497566a4
                                                                                                                                                • Instruction ID: 974f0c35536649c4b070369271b752c139b5a6abe203c711a4c594b77e659998
                                                                                                                                                • Opcode Fuzzy Hash: fb3f8f756672564908c9e7ba31fd6963de6eb85cf41dbd966318a02d497566a4
                                                                                                                                                • Instruction Fuzzy Hash: 8631F432608E9A85EB30DF11F4501AAB760FB447E4F988232EBAD436A9DF3CD595C740
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD095E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 22%
                                                                                                                                                			E00007FFC7FFC1FD095E0(signed long long __rcx) {
				signed int _v24;
				long long _v32;
				long long _v40;
				signed long long _v56;
				char _v64;
				signed long long _v72;
				void* _t16;
				void* _t19;
				signed long long _t26;
				signed long long _t27;
				long long* _t35;
				signed long long _t37;
				intOrPtr _t44;
				signed long long _t47;

				_t26 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_t27 = _t26 ^ _t47;
				_v24 = _t27;
				_t35 = __rcx;
				_v72 = __rcx;
				E00007FFC7FFC1FD156A8(_t16, _t27, __rcx);
				asm("movups xmm0, [0x23ab2]");
				_t37 = _t27;
				_v40 = 0x22;
				_v32 = 0x2f;
				asm("movups [eax], xmm0");
				_v72 = _t37;
				asm("movups xmm1, [0x23a9a]");
				_v64 = 1;
				asm("xorps xmm0, xmm0");
				asm("movups [eax+0x10], xmm1");
				 *((short*)(_t37 + 0x20)) =  *0x1fd2d0e0 & 0x0000ffff;
				 *((char*)(_t37 + 0x22)) = 0;
				_v56 = _t37;
				 *_t35 = 0x1fd2b9e8;
				asm("movups [edx], xmm0");
				0x1fd270e3();
				_t44 = _v32;
				 *_t35 = 0x1fd2cfa0;
				if (_t44 - 0x10 < 0) goto 0x1fd096b7;
				if (_t44 + 1 - 0x1000 < 0) goto 0x1fd096b2;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fd096b2;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t19 = E00007FFC7FFC1FD156E4();
				 *_t35 = 0x1fd2d0b0;
				return E00007FFC7FFC1FD15E20(_t19, 0x30, _v24 ^ _t47);
			}

















                                                                                                                                                0x7ffc1fd095e6
                                                                                                                                                0x7ffc1fd095ed
                                                                                                                                                0x7ffc1fd095f0
                                                                                                                                                0x7ffc1fd095f5
                                                                                                                                                0x7ffc1fd095f8
                                                                                                                                                0x7ffc1fd09602
                                                                                                                                                0x7ffc1fd09607
                                                                                                                                                0x7ffc1fd0960e
                                                                                                                                                0x7ffc1fd09611
                                                                                                                                                0x7ffc1fd0961a
                                                                                                                                                0x7ffc1fd09627
                                                                                                                                                0x7ffc1fd0962a
                                                                                                                                                0x7ffc1fd0962f
                                                                                                                                                0x7ffc1fd09636
                                                                                                                                                0x7ffc1fd0963b
                                                                                                                                                0x7ffc1fd0963e
                                                                                                                                                0x7ffc1fd09649
                                                                                                                                                0x7ffc1fd09654
                                                                                                                                                0x7ffc1fd09658
                                                                                                                                                0x7ffc1fd09662
                                                                                                                                                0x7ffc1fd09665
                                                                                                                                                0x7ffc1fd09668
                                                                                                                                                0x7ffc1fd0966d
                                                                                                                                                0x7ffc1fd09679
                                                                                                                                                0x7ffc1fd09680
                                                                                                                                                0x7ffc1fd09694
                                                                                                                                                0x7ffc1fd096a9
                                                                                                                                                0x7ffc1fd096ab
                                                                                                                                                0x7ffc1fd096b1
                                                                                                                                                0x7ffc1fd096b2
                                                                                                                                                0x7ffc1fd096be
                                                                                                                                                0x7ffc1fd096d6

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00007FFC1FD156A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFC1FCF8F4E), ref: 00007FFC1FD156C2
                                                                                                                                                • __std_exception_copy.VCRUNTIME140 ref: 00007FFC1FD09668
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD096AB
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                                                • String ID: "$/
                                                                                                                                                • API String ID: 4226527432-2662438755
                                                                                                                                                • Opcode ID: 25be6593ff39839adf9dae0128da7741ad21c040c35b5679c3610abc14d7f62f
                                                                                                                                                • Instruction ID: 352fbcebd75a3ddb1a89ef7aff8d0e920dbc494401e01fa7c9bc1fb01c7023f5
                                                                                                                                                • Opcode Fuzzy Hash: 25be6593ff39839adf9dae0128da7741ad21c040c35b5679c3610abc14d7f62f
                                                                                                                                                • Instruction Fuzzy Hash: B4219161918F9D81EB15AF24E8503797360FB997A8F404231EA9C027A5EF7CE1E4C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD094A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00007FFC1FD156A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFC1FCF8F4E), ref: 00007FFC1FD156C2
                                                                                                                                                • __std_exception_copy.VCRUNTIME140 ref: 00007FFC1FD09527
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD0956A
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                                                • String ID: ($/
                                                                                                                                                • API String ID: 4226527432-2468745909
                                                                                                                                                • Opcode ID: 0f5e06a4e1f9924c716afe6e1175edec89951b74fb7e40c62514e7ce66276040
                                                                                                                                                • Instruction ID: 53842f4730b0adbffd58c034fcdf85649e6c70b161c348d25f53e841c0bb636d
                                                                                                                                                • Opcode Fuzzy Hash: 0f5e06a4e1f9924c716afe6e1175edec89951b74fb7e40c62514e7ce66276040
                                                                                                                                                • Instruction Fuzzy Hash: FE218B62918F9D81EB15AF24E8543797360FB997A4F404231EA9D023A5EF7CE1E4C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD1FD40 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 26memoryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00007FFC7FFC1FD1FD40(long* __rcx) {
				long _t1;

				_t1 = TlsAlloc();
				 *__rcx = _t1;
				if (_t1 == 0xffffffff) goto 0x1fd1fd5f;
				return _t1;
			}




                                                                                                                                                0x7ffc1fd1fd49
                                                                                                                                                0x7ffc1fd1fd4f
                                                                                                                                                0x7ffc1fd1fd54
                                                                                                                                                0x7ffc1fd1fd5e

                                                                                                                                                APIs
                                                                                                                                                • TlsAlloc.KERNEL32(?,?,?,00007FFC1FD1F2EA,?,?,?,00007FFC1FD1F238,?,?,00000000,00007FFC1FD19BEB), ref: 00007FFC1FD1FD49
                                                                                                                                                • TlsFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FFC1FD1F238,?,?,00000000), ref: 00007FFC1FD1FD86
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AllocFree
                                                                                                                                                • String ID: TLS capacity depleted$libs\log\src\thread_specific.cpp
                                                                                                                                                • API String ID: 265982327-1379514790
                                                                                                                                                • Opcode ID: 2da7fdbe9f74d92ae2a317cc93a0c19ac98a3e4cc68a1e0e506d05d2aa7d149e
                                                                                                                                                • Instruction ID: fd88c7ef038730d4fb81a92617bceb38ec059434b5f03ebf39955895f437fbcf
                                                                                                                                                • Opcode Fuzzy Hash: 2da7fdbe9f74d92ae2a317cc93a0c19ac98a3e4cc68a1e0e506d05d2aa7d149e
                                                                                                                                                • Instruction Fuzzy Hash: 43E06521A04A1E82E71C7F71E4495782320EB19725F580930C61D0B6A0CE7C71ABCBD1
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF15C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                • String ID: CreateSymbolicLinkW$kernel32.dll
                                                                                                                                                • API String ID: 1646373207-1962376091
                                                                                                                                                • Opcode ID: 9ce60637c7c4a04aeee00a5780b9a9fa102b5b6ddd0c21e76d712e7f5f0034dd
                                                                                                                                                • Instruction ID: 14b51d456703c894d5b495edda549ae004750d20dbbbc4752a724c7b6ec7aa71
                                                                                                                                                • Opcode Fuzzy Hash: 9ce60637c7c4a04aeee00a5780b9a9fa102b5b6ddd0c21e76d712e7f5f0034dd
                                                                                                                                                • Instruction Fuzzy Hash: DDD09224A09E2E91E70DBF42EC810782260BF58771B800431C40E02220AE6CA1AAC3F0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF1590 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                • String ID: CreateHardLinkW$kernel32.dll
                                                                                                                                                • API String ID: 1646373207-294928789
                                                                                                                                                • Opcode ID: f533e6e589203d47c4bec02eb5c913d7c44bec4a566d467f0d3de59559b5d85c
                                                                                                                                                • Instruction ID: a9ba719229228c93592ddf99ecf41335e663ed1a36c9f53c12ad6ab8240a9a3b
                                                                                                                                                • Opcode Fuzzy Hash: f533e6e589203d47c4bec02eb5c913d7c44bec4a566d467f0d3de59559b5d85c
                                                                                                                                                • Instruction Fuzzy Hash: C0D09224A09E2E91E70DBF42EC4507822A0BF68761B800531C40E01220AF6CA16AC3E0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF44C1 Relevance: 6.4, APIs: 5, Instructions: 138COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 58%
                                                                                                                                                			E00007FFC7FFC1FCF44C1(long long* __rax, long long __rbx, long long __rsi, char* __r9, void* __r15) {
				void* _t48;
				char* _t57;
				intOrPtr* _t61;
				long long* _t62;
				intOrPtr _t66;
				void* _t77;
				char* _t83;
				void* _t87;
				signed long long _t89;

				_t62 = __rbx;
				asm("dec ax");
				asm("psrldq xmm0, 0x8");
				asm("dec ax");
				 *__rax();
				goto 0x1fcf45a6;
				 *(_t87 - 0x14) =  *(_t87 - 0x14) & 0xffffff80;
				 *(_t87 - 0x10) =  *(_t87 - 0x10) & 0x000000fe;
				 *((intOrPtr*)(_t87 - 0xf)) = 0;
				 *((intOrPtr*)(_t87 - 0x20)) = 0;
				 *((long long*)(_t89 + 0x70)) = _t87 - 0x20;
				_t57 = _t89 + 0x70;
				 *((intOrPtr*)(_t87 - 0x1c)) = 0xffffffff;
				 *((long long*)(_t87 - 0x78)) = _t57;
				 *((intOrPtr*)(_t87 - 0x70)) =  *((intOrPtr*)(__rsi + 0x58));
				 *((char*)(_t87 - 0x18)) = 0;
				 *((char*)(_t87 - 0xf)) = 0x20;
				 *((char*)(_t87 - 0xb)) = 1;
				 *((long long*)(_t89 + 0x78)) = __rsi;
				 *((long long*)(_t87 - 0x80)) = __rbx;
				E00007FFC7FFC1FCF3CC0(_t57, __rbx, __r9, __r15, _t89 + 0x70);
				_t83 = _t57;
				if (_t57 == __r15) goto 0x1fcf4547;
				if ( *_t57 == 0x7d) goto 0x1fcf4556;
				E00007FFC7FFC1FD150C0(_t62, "missing \'}\' in format string");
				_t66 =  *((intOrPtr*)(__rsi));
				 *((long long*)(_t89 + 0x40)) = _t62;
				_t77 = _t83 - _t66;
				 *((long long*)(_t89 + 0x48)) = __rsi;
				 *((long long*)(__rsi)) = _t77 + _t66;
				 *((intOrPtr*)(__rsi + 8)) =  *((intOrPtr*)(__rsi + 8)) - _t77;
				 *((long long*)(_t89 + 0x28)) =  *_t62;
				 *((long long*)(_t89 + 0x30)) =  *((intOrPtr*)(_t62 + 0x28));
				_t61 = _t87 - 0x20;
				 *((long long*)(_t89 + 0x38)) = _t61;
				E00007FFC7FFC1FCF4AF0();
				 *_t62 =  *_t61;
				if (_t83 == __r15) goto 0x1fcf45d0;
				if ( *_t83 != 0x7d) goto 0x1fcf45d0;
				_t33 = _t83 + 1; // 0x2
				if (_t33 == __r15) goto 0x1fcf45e8;
				goto 0x1fcf4022;
				E00007FFC7FFC1FCF8C80(_t61, _t62, _t89 + 0x58, _t33, _t87, __r15, __r15);
				goto 0x1fcf45e8;
				goto 0x1fcf45e0;
				return E00007FFC7FFC1FD15E20(E00007FFC7FFC1FD150C0(_t62, "invalid format string"), _t48,  *(_t87 - 8) ^ _t89);
			}












                                                                                                                                                0x7ffc1fcf44c1
                                                                                                                                                0x7ffc1fcf44c9
                                                                                                                                                0x7ffc1fcf44ce
                                                                                                                                                0x7ffc1fcf44d3
                                                                                                                                                0x7ffc1fcf44d8
                                                                                                                                                0x7ffc1fcf44dd
                                                                                                                                                0x7ffc1fcf44e2
                                                                                                                                                0x7ffc1fcf44eb
                                                                                                                                                0x7ffc1fcf44f1
                                                                                                                                                0x7ffc1fcf44fb
                                                                                                                                                0x7ffc1fcf4502
                                                                                                                                                0x7ffc1fcf450a
                                                                                                                                                0x7ffc1fcf450f
                                                                                                                                                0x7ffc1fcf4516
                                                                                                                                                0x7ffc1fcf451d
                                                                                                                                                0x7ffc1fcf4520
                                                                                                                                                0x7ffc1fcf4524
                                                                                                                                                0x7ffc1fcf4528
                                                                                                                                                0x7ffc1fcf452c
                                                                                                                                                0x7ffc1fcf4531
                                                                                                                                                0x7ffc1fcf4535
                                                                                                                                                0x7ffc1fcf453a
                                                                                                                                                0x7ffc1fcf4540
                                                                                                                                                0x7ffc1fcf4545
                                                                                                                                                0x7ffc1fcf4551
                                                                                                                                                0x7ffc1fcf4556
                                                                                                                                                0x7ffc1fcf4560
                                                                                                                                                0x7ffc1fcf4565
                                                                                                                                                0x7ffc1fcf4568
                                                                                                                                                0x7ffc1fcf4571
                                                                                                                                                0x7ffc1fcf4578
                                                                                                                                                0x7ffc1fcf4584
                                                                                                                                                0x7ffc1fcf458d
                                                                                                                                                0x7ffc1fcf4592
                                                                                                                                                0x7ffc1fcf4596
                                                                                                                                                0x7ffc1fcf459b
                                                                                                                                                0x7ffc1fcf45a3
                                                                                                                                                0x7ffc1fcf45a9
                                                                                                                                                0x7ffc1fcf45ae
                                                                                                                                                0x7ffc1fcf45b0
                                                                                                                                                0x7ffc1fcf45b7
                                                                                                                                                0x7ffc1fcf45b9
                                                                                                                                                0x7ffc1fcf45c9
                                                                                                                                                0x7ffc1fcf45ce
                                                                                                                                                0x7ffc1fcf45d7
                                                                                                                                                0x7ffc1fcf4621

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memchr$memmove
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 4199700744-0
                                                                                                                                                • Opcode ID: 73a91e6077936b72f932de7d3562217ea11923a2af180b412c3a42b8658b6dad
                                                                                                                                                • Instruction ID: ae3f9d7e2b3159345e8e509025bcb58ea4a1a1668e58ad7a4d351e2808ee45a6
                                                                                                                                                • Opcode Fuzzy Hash: 73a91e6077936b72f932de7d3562217ea11923a2af180b412c3a42b8658b6dad
                                                                                                                                                • Instruction Fuzzy Hash: 22518A62A08F9982EB30DF21E450269E7A0EB44BE4F544136DF8E43B95DF3CE164E350
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD08800 Relevance: 6.4, APIs: 5, Instructions: 131COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memmove
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2162964266-0
                                                                                                                                                • Opcode ID: adc04215cd4fd4c0a0b031881e90294048e23f6722abfe3fe1c836f0e6035876
                                                                                                                                                • Instruction ID: ca2b98542323610d6a2f8076c91739cbbe5a1a96d43586f58bcd165add8d3f3e
                                                                                                                                                • Opcode Fuzzy Hash: adc04215cd4fd4c0a0b031881e90294048e23f6722abfe3fe1c836f0e6035876
                                                                                                                                                • Instruction Fuzzy Hash: A341BF23A08F9982EB28EF26E5451A96361F715BD4F144631CFAD07786CF7CE1A0C380
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD104D0 Relevance: 6.4, APIs: 5, Instructions: 107COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExceptionThrow$__std_exception_copy
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 174860668-0
                                                                                                                                                • Opcode ID: 2b85e97540acae1fd1ae92cc4f75c51f67c6c691b0947c5b1685b7861ca35d75
                                                                                                                                                • Instruction ID: 1568d293f852ee15f46a2484e78297bb3a6e821cc92318bc6cce509371c71ccf
                                                                                                                                                • Opcode Fuzzy Hash: 2b85e97540acae1fd1ae92cc4f75c51f67c6c691b0947c5b1685b7861ca35d75
                                                                                                                                                • Instruction Fuzzy Hash: 53115152A28D5E92DF28FF20D8451BE7330FB94794FA08131D29E465B6DE2CE219C790
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD14470 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 193COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memmove
                                                                                                                                                • String ID: #$%
                                                                                                                                                • API String ID: 2162964266-2141590602
                                                                                                                                                • Opcode ID: 34b4d6372bd322e99289d8db90c65af6c82bb6af3c9b5a6835dcb834b3bcb206
                                                                                                                                                • Instruction ID: 2591a67b9c6ccb48841ef544178cd73ad46de8b72c22c4e0e52d09b16a9630e1
                                                                                                                                                • Opcode Fuzzy Hash: 34b4d6372bd322e99289d8db90c65af6c82bb6af3c9b5a6835dcb834b3bcb206
                                                                                                                                                • Instruction Fuzzy Hash: 8D710262A0CEAD85FB19AF25D5043BEABA1AB53F98F455032DE0907394CF7CD465C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD14200 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 191COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memmove
                                                                                                                                                • String ID: #$%
                                                                                                                                                • API String ID: 2162964266-2141590602
                                                                                                                                                • Opcode ID: 88576e8595118c141d0c5084a1eeabb62c25855a64c728a16ca8d9d51b900290
                                                                                                                                                • Instruction ID: 30f78231ef19df33f7a6995a89687acf6b49df0da0173147b5fc5fd5c863f232
                                                                                                                                                • Opcode Fuzzy Hash: 88576e8595118c141d0c5084a1eeabb62c25855a64c728a16ca8d9d51b900290
                                                                                                                                                • Instruction Fuzzy Hash: 1B712662A0CEAD81EB19AF25D5043BDBBA1EB93FA8F445132DE0903294CF3DD465C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD1DC80 Relevance: 6.2, APIs: 4, Instructions: 187COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00007FFC1FD0E130: ?exceptions@ios_base@std@@QEAAXH@Z.MSVCP140 ref: 00007FFC1FD0E154
                                                                                                                                                  • Part of subcall function 00007FFC1FD0E130: ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FFC1FD0E180
                                                                                                                                                • ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z.MSVCP140 ref: 00007FFC1FD1DCB3
                                                                                                                                                • ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z.MSVCP140 ref: 00007FFC1FD1DCD9
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD1DDC9
                                                                                                                                                • ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FFC1FD1DE99
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@$?exceptions@ios_base@std@@?imbue@?$basic_ios@Init@locale@std@@Locimp@12@_V32@@Vlocale@2@_invalid_parameter_noinfo_noreturn
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 978063264-0
                                                                                                                                                • Opcode ID: 7c179fa7e38723518c3218bd85d501dedec9c9c6932b32ffb1529c17292451b2
                                                                                                                                                • Instruction ID: 4e8f356a4fa0cf332f81c598bab29e95be9d2a8ebb6f9f3c9e86a790964d268b
                                                                                                                                                • Opcode Fuzzy Hash: 7c179fa7e38723518c3218bd85d501dedec9c9c6932b32ffb1529c17292451b2
                                                                                                                                                • Instruction Fuzzy Hash: 18816632B09F5D8AEB18EF65D0603BC23A1EB85BA8F044635DA1D57799DF38E461C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD1D5B0 Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExceptionThrow__std_type_info_compare
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3388463524-0
                                                                                                                                                • Opcode ID: c35758f14d44a799a8c35d17a8bcf98a6c816de844ec3c8dc4c5bbe731fe70a6
                                                                                                                                                • Instruction ID: 5a1572efafd54bc82ef59ace5caf931d2091e937b1d04c713a083e94180a98d4
                                                                                                                                                • Opcode Fuzzy Hash: c35758f14d44a799a8c35d17a8bcf98a6c816de844ec3c8dc4c5bbe731fe70a6
                                                                                                                                                • Instruction Fuzzy Hash: 9451B972A18FA982EB18EF11E48026977A4FB89BA4F598131EF8D43755DF3CD460C790
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF2760 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 149COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • d, xrefs: 00007FFC1FCF28DC
                                                                                                                                                • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 00007FFC1FCF276F
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memmove
                                                                                                                                                • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899$d
                                                                                                                                                • API String ID: 2162964266-2578503166
                                                                                                                                                • Opcode ID: d9538af6f6fb65ed1b744a2bdaafe5a0bfe8cf28f0b10d7f76bfbc04cc0fbc31
                                                                                                                                                • Instruction ID: 016b17a34baf67f0566d6b5afc179010391b3d24ce82ea308e88190663e9d606
                                                                                                                                                • Opcode Fuzzy Hash: d9538af6f6fb65ed1b744a2bdaafe5a0bfe8cf28f0b10d7f76bfbc04cc0fbc31
                                                                                                                                                • Instruction Fuzzy Hash: AE51BC73A08A9886EB29CF66E4501BABB61F749B90B044472CF8E03761DF3CD565C320
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD1FA00 Relevance: 6.1, APIs: 4, Instructions: 140timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 52%
                                                                                                                                                			E00007FFC7FFC1FD1FA00(void* __esi, long long __rbx, intOrPtr* __rcx, unsigned int __rdx, long long _a24) {
				signed int _v40;
				void* _v80;
				signed long long _v88;
				long long _v96;
				long long _v104;
				long long _v112;
				signed long long _v120;
				void* _v124;
				void* _v128;
				signed short _v134;
				signed int _v136;
				signed int _t37;
				signed short _t52;
				signed long long _t61;
				signed long long _t89;
				void* _t90;

				_a24 = __rbx;
				_t61 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_v40 = _t61 ^ _t90 - 0x00000090;
				GetSystemTimeAsFileTime(??);
				_t89 = __rdx >> 0x12;
				_v120 = _t89;
				 *__rdx();
				_t37 =  *0x431BDE82D7B634E7 & 0x0000ffff;
				if (0x431bde82d7b634dc - 2 < 0) goto 0x1fd1fb6a;
				if (_t37 - 0x1f > 0) goto 0x1fd1fb7b;
				_t52 = ( *0x431BDE82D7B634EB & 0x0000ffff) + 1;
				if ((_t52 & 0x0000ffff) + 1 - 2 < 0) goto 0x1fd1fb8c;
				if (_t52 - 0xc > 0) goto 0x1fd1fb9a;
				r9d =  *0x431BDE82D7B634EF & 0x0000ffff;
				r9w = r9w + 0x76c;
				if ((r9w & 0xffffffff) + 1 - 0x579 < 0) goto 0x1fd1fba8;
				if (r9w - 0x270f > 0) goto 0x1fd1fbba;
				_v112 =  *((intOrPtr*)(0x431bde82d7b634e3));
				_v104 =  *((intOrPtr*)(0x431bde82d7b634df));
				asm("movups xmm0, [esp+0x38]");
				_v96 =  *0xd7b634db;
				asm("movups [edi+0x8], xmm0");
				_v136 = r9w;
				_v134 = _t52;
				_v88 = _t89 * 0xf4240;
				asm("movups xmm1, [esp+0x48]");
				 *((intOrPtr*)(__rcx)) = _v136;
				 *(__rcx + 4) = _t37;
				asm("movups [edi+0x18], xmm1");
				return E00007FFC7FFC1FD15E20(_t37, _v136, _v40 ^ _t90 - 0x00000090);
			}



















                                                                                                                                                0x7ffc1fd1fa00
                                                                                                                                                0x7ffc1fd1fa0f
                                                                                                                                                0x7ffc1fd1fa19
                                                                                                                                                0x7ffc1fd1fa2c
                                                                                                                                                0x7ffc1fd1fa7c
                                                                                                                                                0x7ffc1fd1fa80
                                                                                                                                                0x7ffc1fd1fa85
                                                                                                                                                0x7ffc1fd1fa8a
                                                                                                                                                0x7ffc1fd1fa94
                                                                                                                                                0x7ffc1fd1fa9d
                                                                                                                                                0x7ffc1fd1faa8
                                                                                                                                                0x7ffc1fd1fab3
                                                                                                                                                0x7ffc1fd1fabd
                                                                                                                                                0x7ffc1fd1fac3
                                                                                                                                                0x7ffc1fd1facd
                                                                                                                                                0x7ffc1fd1fadd
                                                                                                                                                0x7ffc1fd1faec
                                                                                                                                                0x7ffc1fd1faf6
                                                                                                                                                0x7ffc1fd1faff
                                                                                                                                                0x7ffc1fd1fb07
                                                                                                                                                0x7ffc1fd1fb0c
                                                                                                                                                0x7ffc1fd1fb18
                                                                                                                                                0x7ffc1fd1fb1c
                                                                                                                                                0x7ffc1fd1fb25
                                                                                                                                                0x7ffc1fd1fb2c
                                                                                                                                                0x7ffc1fd1fb31
                                                                                                                                                0x7ffc1fd1fb3a
                                                                                                                                                0x7ffc1fd1fb3c
                                                                                                                                                0x7ffc1fd1fb43
                                                                                                                                                0x7ffc1fd1fb69

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Time$EventFileSystem__acrt_iob_funcfflush
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1736211985-0
                                                                                                                                                • Opcode ID: 8fbe9deb50a2553d171e416f978606913200a09efcb97367198c30951ce863af
                                                                                                                                                • Instruction ID: 64e672dcd89cd0d40e17345cae6c64585bea70d4678c3b3cbab2690bac24a4bb
                                                                                                                                                • Opcode Fuzzy Hash: 8fbe9deb50a2553d171e416f978606913200a09efcb97367198c30951ce863af
                                                                                                                                                • Instruction Fuzzy Hash: A7514822E1CA6D86EB2CAF15E46577D6361FB99790F504039EB8E03B96CE3CD061CB50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD09AD0 Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140(?,?,00000000,?,?,00007FFC1FD0610B), ref: 00007FFC1FD09B1D
                                                                                                                                                • ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140(?,?,00000000,?,?,00007FFC1FD0610B), ref: 00007FFC1FD09C07
                                                                                                                                                • ?exceptions@ios_base@std@@QEAAXH@Z.MSVCP140(?,?,00000000,?,?,00007FFC1FD0610B), ref: 00007FFC1FD09C4A
                                                                                                                                                • ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z.MSVCP140(?,?,00000000,?,?,00007FFC1FD0610B), ref: 00007FFC1FD09C6D
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_ostream@??0?$basic_streambuf@?exceptions@ios_base@std@@?imbue@?$basic_ios@D@std@@@1@_V32@@V?$basic_streambuf@Vlocale@2@
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3082451130-0
                                                                                                                                                • Opcode ID: dfa9646fe9e0be64b99a0445435a78fa881cac96ef5718e27f178ab5221fabdc
                                                                                                                                                • Instruction ID: ebfe797ba90190cc66a83b1fff04b2b2ce5d6e5d2a6c9c5364e254704c940119
                                                                                                                                                • Opcode Fuzzy Hash: dfa9646fe9e0be64b99a0445435a78fa881cac96ef5718e27f178ab5221fabdc
                                                                                                                                                • Instruction Fuzzy Hash: 76513932601F5886EB08AF2AD89036977A4FB44FA8F588535CF5E03769DF38D4A5C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF7C90 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 130COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memset$memmove
                                                                                                                                                • String ID: 0123456789ABCDEF$0123456789abcdef
                                                                                                                                                • API String ID: 3527438329-885041942
                                                                                                                                                • Opcode ID: 14467a850397d71f4521ba6fb74fd089cd7297abefd54ac757396e2f3bfaa3af
                                                                                                                                                • Instruction ID: 47ea9e860a690989d9e959fb68d0a24864373cc0bd9905203dd3cb474e133b7c
                                                                                                                                                • Opcode Fuzzy Hash: 14467a850397d71f4521ba6fb74fd089cd7297abefd54ac757396e2f3bfaa3af
                                                                                                                                                • Instruction Fuzzy Hash: 67419262B08E6982EB189F16E4500ADA760FB89FE4B484072DF4D47B5ADF3CD4A6D310
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF7E50 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 129COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memset$memmove
                                                                                                                                                • String ID: 0123456789ABCDEF$0123456789abcdef
                                                                                                                                                • API String ID: 3527438329-885041942
                                                                                                                                                • Opcode ID: dc2d0f8758767eedb8bc0c1c55c45d24d763a193a406e3e405cb67d4d1cce00b
                                                                                                                                                • Instruction ID: c64af98082203239e89799da17ad70caee3c569a2c49591758dd7d32672969de
                                                                                                                                                • Opcode Fuzzy Hash: dc2d0f8758767eedb8bc0c1c55c45d24d763a193a406e3e405cb67d4d1cce00b
                                                                                                                                                • Instruction Fuzzy Hash: B741A062B08E6982EB149F1AE4501ACB760FB89FE4B484072DF4C47B5ADF3CD4A6D350
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD0C1D0 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 68%
                                                                                                                                                			E00007FFC7FFC1FD0C1D0(long long __rbx, long long* __rcx, signed int __rdx, long long __r14) {
				void* _t21;
				void* _t22;
				void* _t25;
				void* _t43;
				long long _t44;
				long long* _t48;
				signed long long _t53;
				unsigned long long _t63;
				int _t66;
				int _t73;
				long long _t76;
				unsigned long long _t77;
				void* _t79;
				long long _t88;
				void* _t90;

				 *((long long*)(_t79 + 0x10)) = __rbx;
				 *((long long*)(_t79 + 0x18)) = _t76;
				_t77 =  *((intOrPtr*)(__rcx + 0x18));
				r15d = r8b;
				_t48 = __rcx;
				if (__rdx - _t77 > 0) goto 0x1fd0c21c;
				if (_t77 - 0x10 < 0) goto 0x1fd0c201;
				 *((long long*)(__rcx + 0x10)) = __rdx;
				_t21 = memset(_t90, _t66, _t73);
				 *((char*)( *((intOrPtr*)(__rcx)) + __rdx)) = 0;
				goto 0x1fd0c30b;
				if (__rdx - 0xffffffff > 0) goto 0x1fd0c328;
				 *((long long*)(_t79 - 0x20 + 0x40)) = __r14;
				_t53 = __rdx | 0x0000000f;
				if (_t53 - 0xffffffff > 0) goto 0x1fd0c27a;
				_t63 = _t77 >> 1;
				if (_t77 - 0xffffffff - _t63 > 0) goto 0x1fd0c27a;
				_t43 = _t63 + _t77;
				_t8 = ( <  ? _t43 : _t53) + 1; // 0x9
				_t44 = _t8;
				if (_t44 - 0x1000 < 0) goto 0x1fd0c2a0;
				_t9 = _t44 + 0x27; // 0x30
				if (_t9 - _t44 <= 0) goto 0x1fd0c32e;
				goto 0x1fd0c284;
				_t22 = E00007FFC7FFC1FD156A8(_t21, _t44, 0x27);
				if (_t44 == 0) goto 0x1fd0c321;
				_t10 = _t44 + 0x27; // 0x27
				 *((long long*)((_t10 & 0xffffffe0) - 8)) = _t44;
				goto 0x1fd0c2b5;
				if (_t44 == 0) goto 0x1fd0c2b2;
				E00007FFC7FFC1FD156A8(_t22, _t44, _t44);
				_t88 = _t44;
				goto 0x1fd0c2b5;
				r14d = 0;
				 *((long long*)(_t48 + 0x10)) = __rdx;
				 *((long long*)(_t48 + 0x18)) =  <  ? _t43 : _t53;
				memset(??, ??, ??);
				 *((char*)(_t88 + __rdx)) = 0;
				if (_t77 - 0x10 < 0) goto 0x1fd0c303;
				if (_t77 + 1 - 0x1000 < 0) goto 0x1fd0c2fe;
				if ( *_t48 -  *((intOrPtr*)( *_t48 - 8)) - 8 - 0x1f > 0) goto 0x1fd0c321;
				_t25 = E00007FFC7FFC1FD156E4();
				 *_t48 = _t88;
				return _t25;
			}


















                                                                                                                                                0x7ffc1fd0c1d0
                                                                                                                                                0x7ffc1fd0c1d5
                                                                                                                                                0x7ffc1fd0c1e2
                                                                                                                                                0x7ffc1fd0c1e9
                                                                                                                                                0x7ffc1fd0c1ed
                                                                                                                                                0x7ffc1fd0c1f3
                                                                                                                                                0x7ffc1fd0c1fc
                                                                                                                                                0x7ffc1fd0c201
                                                                                                                                                0x7ffc1fd0c20e
                                                                                                                                                0x7ffc1fd0c213
                                                                                                                                                0x7ffc1fd0c217
                                                                                                                                                0x7ffc1fd0c229
                                                                                                                                                0x7ffc1fd0c232
                                                                                                                                                0x7ffc1fd0c237
                                                                                                                                                0x7ffc1fd0c23e
                                                                                                                                                0x7ffc1fd0c246
                                                                                                                                                0x7ffc1fd0c24f
                                                                                                                                                0x7ffc1fd0c251
                                                                                                                                                0x7ffc1fd0c25f
                                                                                                                                                0x7ffc1fd0c25f
                                                                                                                                                0x7ffc1fd0c269
                                                                                                                                                0x7ffc1fd0c26b
                                                                                                                                                0x7ffc1fd0c272
                                                                                                                                                0x7ffc1fd0c278
                                                                                                                                                0x7ffc1fd0c284
                                                                                                                                                0x7ffc1fd0c28c
                                                                                                                                                0x7ffc1fd0c292
                                                                                                                                                0x7ffc1fd0c29a
                                                                                                                                                0x7ffc1fd0c29e
                                                                                                                                                0x7ffc1fd0c2a3
                                                                                                                                                0x7ffc1fd0c2a8
                                                                                                                                                0x7ffc1fd0c2ad
                                                                                                                                                0x7ffc1fd0c2b0
                                                                                                                                                0x7ffc1fd0c2b2
                                                                                                                                                0x7ffc1fd0c2b8
                                                                                                                                                0x7ffc1fd0c2bf
                                                                                                                                                0x7ffc1fd0c2c6
                                                                                                                                                0x7ffc1fd0c2cb
                                                                                                                                                0x7ffc1fd0c2d4
                                                                                                                                                0x7ffc1fd0c2e4
                                                                                                                                                0x7ffc1fd0c2f9
                                                                                                                                                0x7ffc1fd0c2fe
                                                                                                                                                0x7ffc1fd0c303
                                                                                                                                                0x7ffc1fd0c320

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memset$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 674427795-0
                                                                                                                                                • Opcode ID: e342e99b685ff44c21d1a7456a9f6da6b9c40bf2ea54ffcf52156b01f710bb59
                                                                                                                                                • Instruction ID: eff02e9137dd2c90309532cdb11a0fe7adf3ae992bf4862f8d0c8f7b52cd3750
                                                                                                                                                • Opcode Fuzzy Hash: e342e99b685ff44c21d1a7456a9f6da6b9c40bf2ea54ffcf52156b01f710bb59
                                                                                                                                                • Instruction Fuzzy Hash: 5B31CD22B19FAE84EE18BF61951437C6252AB45BF0F580631DA2D07BD9DF7CE4A1C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD029B0 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 45%
                                                                                                                                                			E00007FFC7FFC1FD029B0(long long __rbx, long long* __rcx, void* __rdx, long long __rdi, long long __r12) {
				void* _t28;
				void* _t29;
				void* _t33;
				long long _t51;
				long long _t57;
				unsigned long long _t64;
				signed long long _t73;
				long long _t81;
				int _t83;
				long long* _t84;
				long long _t86;
				unsigned long long _t87;
				void* _t89;
				void* _t90;
				signed long long _t94;
				void* _t96;
				intOrPtr _t97;
				void* _t99;

				 *((long long*)(_t89 + 0x20)) = __rbx;
				_t90 = _t89 - 0x20;
				_t97 =  *((intOrPtr*)(__rcx + 0x10));
				r15d = r9b & 0xffffffff;
				_t84 = __rcx;
				if (0xffffffff - _t97 - __rdx < 0) goto 0x1fd02b0a;
				 *((long long*)(_t90 + 0x40)) = _t86;
				_t87 =  *((intOrPtr*)(__rcx + 0x18));
				 *((long long*)(_t90 + 0x48)) = __rdi;
				 *((long long*)(_t90 + 0x50)) = __r12;
				_t94 = _t97 + __rdx;
				_t73 = _t94 | 0x0000000f;
				if (_t73 - 0xffffffff > 0) goto 0x1fd02a3f;
				_t64 = _t87 >> 1;
				if (_t87 - 0xffffffff - _t64 > 0) goto 0x1fd02a3f;
				_t57 =  <  ? _t64 + _t87 : _t73;
				_t51 = _t57 + 1;
				if (_t51 - 0x1000 < 0) goto 0x1fd02a61;
				_t10 = _t51 + 0x27; // 0x27
				if (_t10 - _t51 <= 0) goto 0x1fd02b10;
				goto 0x1fd02a49;
				_t29 = E00007FFC7FFC1FD156A8(_t28, _t51, 0x27);
				if (_t51 == 0) goto 0x1fd02acd;
				_t11 = _t51 + 0x27; // 0x27
				 *((long long*)((_t11 & 0xffffffe0) - 8)) = _t51;
				goto 0x1fd02a75;
				if (_t51 == 0) goto 0x1fd02a73;
				E00007FFC7FFC1FD156A8(_t29, _t51, _t51);
				_t81 = _t51;
				goto 0x1fd02a75;
				 *(_t84 + 0x10) = _t94;
				 *((long long*)(_t84 + 0x18)) = _t57;
				if (_t87 - 0x10 < 0) goto 0x1fd02ad4;
				memmove(_t99, _t96, _t83);
				 *((intOrPtr*)(_t81 + _t97)) = r15b;
				 *((char*)(_t81 + _t97 + 1)) = 0;
				if (_t87 + 1 - 0x1000 < 0) goto 0x1fd02ac3;
				_t20 =  *_t84 -  *((intOrPtr*)( *_t84 - 8)) - 8; // 0x7ffffffffffffff7
				if (_t20 - 0x1f > 0) goto 0x1fd02acd;
				E00007FFC7FFC1FD156E4();
				goto 0x1fd02ae6;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				_t33 = memmove(??, ??, ??);
				 *((intOrPtr*)(_t81 + _t97)) = r15b;
				 *((char*)(_t81 + _t97 + 1)) = 0;
				 *_t84 = _t81;
				return _t33;
			}





















                                                                                                                                                0x7ffc1fd029b0
                                                                                                                                                0x7ffc1fd029ba
                                                                                                                                                0x7ffc1fd029be
                                                                                                                                                0x7ffc1fd029cf
                                                                                                                                                0x7ffc1fd029d6
                                                                                                                                                0x7ffc1fd029dc
                                                                                                                                                0x7ffc1fd029e2
                                                                                                                                                0x7ffc1fd029e7
                                                                                                                                                0x7ffc1fd029eb
                                                                                                                                                0x7ffc1fd029f0
                                                                                                                                                0x7ffc1fd029f5
                                                                                                                                                0x7ffc1fd029fc
                                                                                                                                                0x7ffc1fd02a03
                                                                                                                                                0x7ffc1fd02a0b
                                                                                                                                                0x7ffc1fd02a14
                                                                                                                                                0x7ffc1fd02a20
                                                                                                                                                0x7ffc1fd02a24
                                                                                                                                                0x7ffc1fd02a2e
                                                                                                                                                0x7ffc1fd02a30
                                                                                                                                                0x7ffc1fd02a37
                                                                                                                                                0x7ffc1fd02a3d
                                                                                                                                                0x7ffc1fd02a49
                                                                                                                                                0x7ffc1fd02a51
                                                                                                                                                0x7ffc1fd02a53
                                                                                                                                                0x7ffc1fd02a5b
                                                                                                                                                0x7ffc1fd02a5f
                                                                                                                                                0x7ffc1fd02a64
                                                                                                                                                0x7ffc1fd02a69
                                                                                                                                                0x7ffc1fd02a6e
                                                                                                                                                0x7ffc1fd02a71
                                                                                                                                                0x7ffc1fd02a75
                                                                                                                                                0x7ffc1fd02a7c
                                                                                                                                                0x7ffc1fd02a87
                                                                                                                                                0x7ffc1fd02a8f
                                                                                                                                                0x7ffc1fd02a98
                                                                                                                                                0x7ffc1fd02a9c
                                                                                                                                                0x7ffc1fd02aa9
                                                                                                                                                0x7ffc1fd02ab6
                                                                                                                                                0x7ffc1fd02abe
                                                                                                                                                0x7ffc1fd02ac6
                                                                                                                                                0x7ffc1fd02acb
                                                                                                                                                0x7ffc1fd02acd
                                                                                                                                                0x7ffc1fd02ad3
                                                                                                                                                0x7ffc1fd02ad7
                                                                                                                                                0x7ffc1fd02adc
                                                                                                                                                0x7ffc1fd02ae0
                                                                                                                                                0x7ffc1fd02ae6
                                                                                                                                                0x7ffc1fd02b09

                                                                                                                                                APIs
                                                                                                                                                • memmove.VCRUNTIME140(?,?,?,?,?,?,00000000,00007FFC1FD14980), ref: 00007FFC1FD02A8F
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,00007FFC1FD14980), ref: 00007FFC1FD02ACD
                                                                                                                                                • memmove.VCRUNTIME140(?,?,?,?,?,?,00000000,00007FFC1FD14980), ref: 00007FFC1FD02AD7
                                                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFC1FD02B10
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2016347663-0
                                                                                                                                                • Opcode ID: 886e374365119e1221a35c2cd39303fbd5fbd754e80a3eab4d3bbd931c25b5cc
                                                                                                                                                • Instruction ID: 8c47fc2d3d35db9b8b6583dfb61788051a7bd66cb02a513dc519a03a7e568874
                                                                                                                                                • Opcode Fuzzy Hash: 886e374365119e1221a35c2cd39303fbd5fbd754e80a3eab4d3bbd931c25b5cc
                                                                                                                                                • Instruction Fuzzy Hash: 9831D221B0ABAD94EF28AF15A504279A252EB44BE0F580635DF6D07BD5CF7CE061C3A0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD06430 Relevance: 6.1, APIs: 4, Instructions: 103COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 31%
                                                                                                                                                			E00007FFC7FFC1FD06430(long long __rax, long long __rbx, long long __rcx, void* __rdx, long long __rsi, void* __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				long long _v56;
				char _v64;
				void* _v72;
				char _v88;
				void* __rdi;
				void* _t31;
				void* _t37;
				void* _t43;
				void* _t51;
				void* _t55;
				long long _t57;
				intOrPtr* _t59;
				long long _t61;
				long long _t83;
				void* _t86;
				void* _t98;
				void* _t101;

				_t84 = __rsi;
				_t57 = __rax;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __r9;
				_a8 = __rcx;
				_t101 = __r8;
				_t61 = __rcx;
				_t31 = E00007FFC7FFC1FD26670(__rax);
				if (_t57 == 0) goto 0x1fd0647e;
				r10d =  *((intOrPtr*)(__rcx + 0x28));
				if ( *_t57 != r10d) goto 0x1fd0647e;
				goto 0x1fd064fe;
				_v56 = __rcx + 0x10;
				__imp__AcquireSRWLockShared();
				E00007FFC7FFC1FD156A8(_t31, _t57, __rcx + 0x10);
				_v64 = _t57;
				if (_t57 == 0) goto 0x1fd064bf;
				E00007FFC7FFC1FD09AD0(_t43,  *((intOrPtr*)(_t61 + 0x28)), _t51, _t61, _t57, _t61 + 0x38, _t61 + 0x30);
				_t83 = _t57;
				goto 0x1fd064c3;
				__imp__ReleaseSRWLockShared();
				E00007FFC7FFC1FD26670(_t57);
				_t55 = _t57 - _t83;
				if (_t55 == 0) goto 0x1fd064f6;
				_v88 = 1;
				E00007FFC7FFC1FD26E20( *((intOrPtr*)(_t61 + 0x28)), _t57, _t61, _t61 + 0x48, 0x1fd0c340, _t83, __rsi, _t86,  *((intOrPtr*)(_t61 + 0x48)), _t83, _t98);
				_v64 = _t83;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t83 + 0x128))))))();
				__imp__?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ();
				_t37 = E00007FFC7FFC1FD08A90( &_v72, _t101);
				_t22 = _t83 + 8; // 0x8
				E00007FFC7FFC1FD1E2D0(_t37, _t61, _a32, _t83, _t84, _t86, _t22);
				_t59 = _v72;
				 *_t59 =  *_t59 - 1;
				if (_t55 != 0) goto 0x1fd0657e;
				 *((intOrPtr*)(_t59 + 4)) = 0;
				asm("lock xadd [ecx], eax");
				asm("bt eax, 0x1e");
				if (_t55 < 0) goto 0x1fd0657e;
				if (0x80000000 - 0x80000000 <= 0) goto 0x1fd0657e;
				asm("lock bts dword [ecx], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x1fd0657e;
				E00007FFC7FFC1FD0D940(_t59 + 8);
				SetEvent(??);
				return E00007FFC7FFC1FD0A810(_t61,  &_v64);
			}





















                                                                                                                                                0x7ffc1fd06430
                                                                                                                                                0x7ffc1fd06430
                                                                                                                                                0x7ffc1fd06430
                                                                                                                                                0x7ffc1fd06435
                                                                                                                                                0x7ffc1fd0643a
                                                                                                                                                0x7ffc1fd0643f
                                                                                                                                                0x7ffc1fd06454
                                                                                                                                                0x7ffc1fd0645a
                                                                                                                                                0x7ffc1fd06461
                                                                                                                                                0x7ffc1fd0646c
                                                                                                                                                0x7ffc1fd0646e
                                                                                                                                                0x7ffc1fd06475
                                                                                                                                                0x7ffc1fd06479
                                                                                                                                                0x7ffc1fd06482
                                                                                                                                                0x7ffc1fd0648a
                                                                                                                                                0x7ffc1fd06496
                                                                                                                                                0x7ffc1fd0649b
                                                                                                                                                0x7ffc1fd064a3
                                                                                                                                                0x7ffc1fd064b3
                                                                                                                                                0x7ffc1fd064b8
                                                                                                                                                0x7ffc1fd064bd
                                                                                                                                                0x7ffc1fd064c6
                                                                                                                                                0x7ffc1fd064d0
                                                                                                                                                0x7ffc1fd064d5
                                                                                                                                                0x7ffc1fd064d8
                                                                                                                                                0x7ffc1fd064da
                                                                                                                                                0x7ffc1fd064f1
                                                                                                                                                0x7ffc1fd064fe
                                                                                                                                                0x7ffc1fd06514
                                                                                                                                                0x7ffc1fd0651d
                                                                                                                                                0x7ffc1fd0652b
                                                                                                                                                0x7ffc1fd06531
                                                                                                                                                0x7ffc1fd0653b
                                                                                                                                                0x7ffc1fd06541
                                                                                                                                                0x7ffc1fd06546
                                                                                                                                                0x7ffc1fd06549
                                                                                                                                                0x7ffc1fd0654b
                                                                                                                                                0x7ffc1fd06557
                                                                                                                                                0x7ffc1fd0655b
                                                                                                                                                0x7ffc1fd0655f
                                                                                                                                                0x7ffc1fd06566
                                                                                                                                                0x7ffc1fd06568
                                                                                                                                                0x7ffc1fd0656d
                                                                                                                                                0x7ffc1fd0656f
                                                                                                                                                0x7ffc1fd06577
                                                                                                                                                0x7ffc1fd065a1

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: LockShared$?flush@?$basic_ostream@AcquireD@std@@@std@@EventReleaseU?$char_traits@V12@
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3106982728-0
                                                                                                                                                • Opcode ID: dca59bed34d5218c9d0a5de8591030f77544f2d2cb362cc734211e3e6298320c
                                                                                                                                                • Instruction ID: 87027b069d958e2045924ba8fd54c4a30f7a91b33c6d5104ab4b2d3188f180f3
                                                                                                                                                • Opcode Fuzzy Hash: dca59bed34d5218c9d0a5de8591030f77544f2d2cb362cc734211e3e6298320c
                                                                                                                                                • Instruction Fuzzy Hash: C241BA62A08B6E92DB09EF61E4040B96360FB85BA4F504032EE4D03769CF3CE8A5C7D0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD062B0 Relevance: 6.1, APIs: 4, Instructions: 103COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 34%
                                                                                                                                                			E00007FFC7FFC1FD062B0(long long __rax, long long __rbx, long long __rcx, void* __rdx, long long __rsi, void* __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				long long _v56;
				char _v64;
				void* _v72;
				char _v88;
				void* __rdi;
				void* _t31;
				void* _t42;
				void* _t50;
				void* _t54;
				long long _t56;
				intOrPtr* _t58;
				long long _t60;
				long long _t82;
				void* _t85;
				void* _t97;
				void* _t100;

				_t56 = __rax;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __r9;
				_a8 = __rcx;
				_t100 = __r8;
				_t60 = __rcx;
				_t31 = E00007FFC7FFC1FD26670(__rax);
				if (_t56 == 0) goto 0x1fd062fe;
				r10d =  *((intOrPtr*)(__rcx + 0x28));
				if ( *_t56 != r10d) goto 0x1fd062fe;
				goto 0x1fd0637e;
				_v56 = __rcx + 0x10;
				__imp__AcquireSRWLockShared();
				E00007FFC7FFC1FD156A8(_t31, _t56, __rcx + 0x10);
				_v64 = _t56;
				if (_t56 == 0) goto 0x1fd0633f;
				E00007FFC7FFC1FD09AD0(_t42,  *((intOrPtr*)(_t60 + 0x28)), _t50, _t60, _t56, _t60 + 0x38, _t60 + 0x30);
				_t82 = _t56;
				goto 0x1fd06343;
				__imp__ReleaseSRWLockShared();
				E00007FFC7FFC1FD26670(_t56);
				_t54 = _t56 - _t82;
				if (_t54 == 0) goto 0x1fd06376;
				_v88 = 1;
				E00007FFC7FFC1FD26E20( *((intOrPtr*)(_t60 + 0x28)), _t56, _t60, _t60 + 0x48, 0x1fd0c340, _t82, __rsi, _t85,  *((intOrPtr*)(_t60 + 0x48)), _t82, _t97);
				_v64 = _t82;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t82 + 0x128))))))();
				__imp__?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ();
				E00007FFC7FFC1FD08A90( &_v72, _t100);
				E00007FFC7FFC1FD1DF50();
				_t58 = _v72;
				 *_t58 =  *_t58 - 1;
				if (_t54 != 0) goto 0x1fd063fe;
				 *((intOrPtr*)(_t58 + 4)) = 0;
				asm("lock xadd [ecx], eax");
				asm("bt eax, 0x1e");
				if (_t54 < 0) goto 0x1fd063fe;
				if (0x80000000 - 0x80000000 <= 0) goto 0x1fd063fe;
				asm("lock bts dword [ecx], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x1fd063fe;
				E00007FFC7FFC1FD0D940(_t58 + 8);
				SetEvent(??);
				return E00007FFC7FFC1FD0A810(_t60,  &_v64);
			}




















                                                                                                                                                0x7ffc1fd062b0
                                                                                                                                                0x7ffc1fd062b0
                                                                                                                                                0x7ffc1fd062b5
                                                                                                                                                0x7ffc1fd062ba
                                                                                                                                                0x7ffc1fd062bf
                                                                                                                                                0x7ffc1fd062d4
                                                                                                                                                0x7ffc1fd062da
                                                                                                                                                0x7ffc1fd062e1
                                                                                                                                                0x7ffc1fd062ec
                                                                                                                                                0x7ffc1fd062ee
                                                                                                                                                0x7ffc1fd062f5
                                                                                                                                                0x7ffc1fd062f9
                                                                                                                                                0x7ffc1fd06302
                                                                                                                                                0x7ffc1fd0630a
                                                                                                                                                0x7ffc1fd06316
                                                                                                                                                0x7ffc1fd0631b
                                                                                                                                                0x7ffc1fd06323
                                                                                                                                                0x7ffc1fd06333
                                                                                                                                                0x7ffc1fd06338
                                                                                                                                                0x7ffc1fd0633d
                                                                                                                                                0x7ffc1fd06346
                                                                                                                                                0x7ffc1fd06350
                                                                                                                                                0x7ffc1fd06355
                                                                                                                                                0x7ffc1fd06358
                                                                                                                                                0x7ffc1fd0635a
                                                                                                                                                0x7ffc1fd06371
                                                                                                                                                0x7ffc1fd0637e
                                                                                                                                                0x7ffc1fd06394
                                                                                                                                                0x7ffc1fd0639d
                                                                                                                                                0x7ffc1fd063ab
                                                                                                                                                0x7ffc1fd063bb
                                                                                                                                                0x7ffc1fd063c1
                                                                                                                                                0x7ffc1fd063c6
                                                                                                                                                0x7ffc1fd063c9
                                                                                                                                                0x7ffc1fd063cb
                                                                                                                                                0x7ffc1fd063d7
                                                                                                                                                0x7ffc1fd063db
                                                                                                                                                0x7ffc1fd063df
                                                                                                                                                0x7ffc1fd063e6
                                                                                                                                                0x7ffc1fd063e8
                                                                                                                                                0x7ffc1fd063ed
                                                                                                                                                0x7ffc1fd063ef
                                                                                                                                                0x7ffc1fd063f7
                                                                                                                                                0x7ffc1fd06421

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: LockShared$?flush@?$basic_ostream@AcquireD@std@@@std@@EventReleaseU?$char_traits@V12@
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3106982728-0
                                                                                                                                                • Opcode ID: 7797e0108a4ce0f3a894cfd757563918a1455e9daf6e17ce4efd5d9c6d1a6bcd
                                                                                                                                                • Instruction ID: f3aba23774700f31cca257c25960fa8c3cbf59ed61e3a39f7b1074f1a2746261
                                                                                                                                                • Opcode Fuzzy Hash: 7797e0108a4ce0f3a894cfd757563918a1455e9daf6e17ce4efd5d9c6d1a6bcd
                                                                                                                                                • Instruction Fuzzy Hash: 3C41BC72A09E6E92DB09EF26E4000B96360FB85BA4F544032EE4D03764CF3CE8A5C7D0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF9100 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 68%
                                                                                                                                                			E00007FFC7FFC1FCF9100(long long __rbx, long long* __rcx, void* __rdx, signed int __r8, long long __r14) {
				void* _t21;
				void* _t22;
				void* _t25;
				void* _t41;
				long long _t42;
				long long* _t46;
				signed long long _t51;
				unsigned long long _t61;
				void* _t65;
				int _t72;
				long long _t75;
				unsigned long long _t76;
				void* _t78;
				long long _t87;
				void* _t89;

				 *((long long*)(_t78 + 0x10)) = __rbx;
				 *((long long*)(_t78 + 0x18)) = _t75;
				_t76 =  *((intOrPtr*)(__rcx + 0x18));
				_t46 = __rcx;
				if (__r8 - _t76 > 0) goto 0x1fcf9145;
				if (_t76 - 0x10 < 0) goto 0x1fcf9130;
				 *((long long*)(__rcx + 0x10)) = __r8;
				_t21 = memmove(_t89, _t65, _t72);
				 *((char*)( *((intOrPtr*)(__rcx)) + __r8)) = 0;
				goto 0x1fcf9234;
				if (__r8 - 0xffffffff > 0) goto 0x1fcf9251;
				 *((long long*)(_t78 - 0x20 + 0x40)) = __r14;
				_t51 = __r8 | 0x0000000f;
				if (_t51 - 0xffffffff > 0) goto 0x1fcf91a3;
				_t61 = _t76 >> 1;
				if (_t76 - 0xffffffff - _t61 > 0) goto 0x1fcf91a3;
				_t41 = _t61 + _t76;
				_t8 = ( <  ? _t41 : _t51) + 1; // 0x100000001
				_t42 = _t8;
				if (_t42 - 0x1000 < 0) goto 0x1fcf91c9;
				_t9 = _t42 + 0x27; // 0x100000028
				if (_t9 - _t42 <= 0) goto 0x1fcf9257;
				goto 0x1fcf91ad;
				_t22 = E00007FFC7FFC1FD156A8(_t21, _t42, 0x27);
				if (_t42 == 0) goto 0x1fcf924a;
				_t10 = _t42 + 0x27; // 0x27
				 *((long long*)((_t10 & 0xffffffe0) - 8)) = _t42;
				goto 0x1fcf91de;
				if (_t42 == 0) goto 0x1fcf91db;
				E00007FFC7FFC1FD156A8(_t22, _t42, _t42);
				_t87 = _t42;
				goto 0x1fcf91de;
				r14d = 0;
				 *((long long*)(_t46 + 0x10)) = __r8;
				 *((long long*)(_t46 + 0x18)) =  <  ? _t41 : _t51;
				memmove(??, ??, ??);
				 *((char*)(_t87 + __r8)) = 0;
				if (_t76 - 0x10 < 0) goto 0x1fcf922c;
				_t15 = _t76 + 1; // 0x10
				if (_t15 - 0x1000 < 0) goto 0x1fcf9227;
				if ( *_t46 -  *((intOrPtr*)( *_t46 - 8)) - 8 - 0x1f > 0) goto 0x1fcf924a;
				_t25 = E00007FFC7FFC1FD156E4();
				 *_t46 = _t87;
				return _t25;
			}


















                                                                                                                                                0x7ffc1fcf9100
                                                                                                                                                0x7ffc1fcf9105
                                                                                                                                                0x7ffc1fcf9112
                                                                                                                                                0x7ffc1fcf911c
                                                                                                                                                0x7ffc1fcf9122
                                                                                                                                                0x7ffc1fcf912b
                                                                                                                                                0x7ffc1fcf9130
                                                                                                                                                0x7ffc1fcf9137
                                                                                                                                                0x7ffc1fcf913c
                                                                                                                                                0x7ffc1fcf9140
                                                                                                                                                0x7ffc1fcf9152
                                                                                                                                                0x7ffc1fcf915b
                                                                                                                                                0x7ffc1fcf9160
                                                                                                                                                0x7ffc1fcf9167
                                                                                                                                                0x7ffc1fcf916f
                                                                                                                                                0x7ffc1fcf9178
                                                                                                                                                0x7ffc1fcf917a
                                                                                                                                                0x7ffc1fcf9188
                                                                                                                                                0x7ffc1fcf9188
                                                                                                                                                0x7ffc1fcf9192
                                                                                                                                                0x7ffc1fcf9194
                                                                                                                                                0x7ffc1fcf919b
                                                                                                                                                0x7ffc1fcf91a1
                                                                                                                                                0x7ffc1fcf91ad
                                                                                                                                                0x7ffc1fcf91b5
                                                                                                                                                0x7ffc1fcf91bb
                                                                                                                                                0x7ffc1fcf91c3
                                                                                                                                                0x7ffc1fcf91c7
                                                                                                                                                0x7ffc1fcf91cc
                                                                                                                                                0x7ffc1fcf91d1
                                                                                                                                                0x7ffc1fcf91d6
                                                                                                                                                0x7ffc1fcf91d9
                                                                                                                                                0x7ffc1fcf91db
                                                                                                                                                0x7ffc1fcf91e1
                                                                                                                                                0x7ffc1fcf91e8
                                                                                                                                                0x7ffc1fcf91ef
                                                                                                                                                0x7ffc1fcf91f4
                                                                                                                                                0x7ffc1fcf91fd
                                                                                                                                                0x7ffc1fcf9202
                                                                                                                                                0x7ffc1fcf920d
                                                                                                                                                0x7ffc1fcf9222
                                                                                                                                                0x7ffc1fcf9227
                                                                                                                                                0x7ffc1fcf922c
                                                                                                                                                0x7ffc1fcf9249

                                                                                                                                                APIs
                                                                                                                                                • memmove.VCRUNTIME140(?,00000000,?,00007FFC1FD02B4F,?,?,?,?,?,?,?,?,?,?,00000000,00007FFC1FD14980), ref: 00007FFC1FCF9137
                                                                                                                                                • memmove.VCRUNTIME140(?,00000000,?,00007FFC1FD02B4F,?,?,?,?,?,?,?,?,?,?,00000000,00007FFC1FD14980), ref: 00007FFC1FCF91EF
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,00007FFC1FD02B4F,?,?,?,?,?,?,?,?,?,?,00000000,00007FFC1FD14980), ref: 00007FFC1FCF924A
                                                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFC1FCF9257
                                                                                                                                                  • Part of subcall function 00007FFC1FD156A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFC1FCF8F4E), ref: 00007FFC1FD156C2
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2075926362-0
                                                                                                                                                • Opcode ID: c2b970fc547b330d9855479c807baebc7d2066d06c889b2b930ac0434c1c65f7
                                                                                                                                                • Instruction ID: 6342d146046e9a5ce805ab0687f9d55cbb73b7efb3eb2156634844e6e023f7dc
                                                                                                                                                • Opcode Fuzzy Hash: c2b970fc547b330d9855479c807baebc7d2066d06c889b2b930ac0434c1c65f7
                                                                                                                                                • Instruction Fuzzy Hash: E631E222B09EAE84FE28AE15A9143B8A251AB45FF0F544531CA2E07BC5DF3CE4A1D350
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCFD4C0 Relevance: 6.1, APIs: 4, Instructions: 82COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 29%
                                                                                                                                                			E00007FFC7FFC1FCFD4C0(long long __rax, long long __rbx, signed long long* __rcx, void* __rdx, long long __rsi) {
				void* _t18;
				void* _t20;
				long long _t30;
				signed long long _t32;
				signed long long* _t35;
				void* _t39;
				long long _t41;
				void* _t45;
				signed long long _t52;
				long long _t54;
				signed long long _t55;
				void* _t57;

				 *((long long*)(_t57 + 0x10)) = __rbx;
				 *((long long*)(_t57 + 0x18)) = _t54;
				 *((long long*)(__rcx)) = __rax;
				_t35 = __rcx;
				 *((long long*)(__rcx + 0x10)) = __rax;
				 *((long long*)(__rcx + 0x18)) = __rax;
				_t55 =  *((intOrPtr*)(__rdx + 0x10));
				if ( *((long long*)(__rdx + 0x18)) - 0x10 < 0) goto 0x1fcfd4f0;
				 *((long long*)(_t57 - 0x20 + 0x30)) = __rsi;
				if (_t55 - 0x10 >= 0) goto 0x1fcfd508;
				asm("movups xmm0, [edi]");
				asm("movups [ecx], xmm0");
				goto 0x1fcfd577;
				_t52 =  >  ? 0xffffffff : _t55 | 0x0000000f;
				_t39 = _t52 + 1;
				if (_t39 - 0x1000 < 0) goto 0x1fcfd55b;
				_t30 = _t39 + 0x27;
				if (_t30 - _t39 <= 0) goto 0x1fcfd597;
				_t18 = E00007FFC7FFC1FD156A8(0, _t30, _t30);
				_t41 = _t30;
				if (_t30 == 0) goto 0x1fcfd554;
				_t32 = _t30 + 0x00000027 & 0xffffffe0;
				 *((long long*)(_t32 - 8)) = _t41;
				goto 0x1fcfd565;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				if (_t41 == 0) goto 0x1fcfd565;
				E00007FFC7FFC1FD156A8(_t18, _t32, _t41);
				 *_t35 = _t32;
				_t20 = memmove(_t45, ??);
				_t35[2] = _t55;
				_t35[3] = _t52;
				return _t20;
			}















                                                                                                                                                0x7ffc1fcfd4c0
                                                                                                                                                0x7ffc1fcfd4c5
                                                                                                                                                0x7ffc1fcfd4d4
                                                                                                                                                0x7ffc1fcfd4d7
                                                                                                                                                0x7ffc1fcfd4da
                                                                                                                                                0x7ffc1fcfd4de
                                                                                                                                                0x7ffc1fcfd4e7
                                                                                                                                                0x7ffc1fcfd4eb
                                                                                                                                                0x7ffc1fcfd4f0
                                                                                                                                                0x7ffc1fcfd4f9
                                                                                                                                                0x7ffc1fcfd4fb
                                                                                                                                                0x7ffc1fcfd503
                                                                                                                                                0x7ffc1fcfd506
                                                                                                                                                0x7ffc1fcfd51c
                                                                                                                                                0x7ffc1fcfd520
                                                                                                                                                0x7ffc1fcfd52b
                                                                                                                                                0x7ffc1fcfd52d
                                                                                                                                                0x7ffc1fcfd534
                                                                                                                                                0x7ffc1fcfd539
                                                                                                                                                0x7ffc1fcfd53e
                                                                                                                                                0x7ffc1fcfd544
                                                                                                                                                0x7ffc1fcfd54a
                                                                                                                                                0x7ffc1fcfd54e
                                                                                                                                                0x7ffc1fcfd552
                                                                                                                                                0x7ffc1fcfd554
                                                                                                                                                0x7ffc1fcfd55a
                                                                                                                                                0x7ffc1fcfd55e
                                                                                                                                                0x7ffc1fcfd560
                                                                                                                                                0x7ffc1fcfd569
                                                                                                                                                0x7ffc1fcfd572
                                                                                                                                                0x7ffc1fcfd577
                                                                                                                                                0x7ffc1fcfd57e
                                                                                                                                                0x7ffc1fcfd596

                                                                                                                                                APIs
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFC1FCFE21C,?,?,?,00007FFC1FD0D6C2), ref: 00007FFC1FCFD554
                                                                                                                                                • memmove.VCRUNTIME140(?,?,?,00007FFC1FCFE21C,?,?,?,00007FFC1FD0D6C2), ref: 00007FFC1FCFD572
                                                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFC1FCFD597
                                                                                                                                                • __std_exception_copy.VCRUNTIME140(?,?,?,?,?,?,?,00007FFC1FCFE21C,?,?,?,00007FFC1FD0D6C2), ref: 00007FFC1FCFD5C4
                                                                                                                                                  • Part of subcall function 00007FFC1FD156A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFC1FCF8F4E), ref: 00007FFC1FD156C2
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Concurrency::cancel_current_task__std_exception_copy_invalid_parameter_noinfo_noreturnmallocmemmove
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3686582625-0
                                                                                                                                                • Opcode ID: 15b018261a7cf0bc8f6df710f8455fdf24a97d8064d944bfca37451ac74d772f
                                                                                                                                                • Instruction ID: 49c24be93995bdce3d2f3c0a29ab5ce74ea0cde9313a7981067ff78f9d8988e3
                                                                                                                                                • Opcode Fuzzy Hash: 15b018261a7cf0bc8f6df710f8455fdf24a97d8064d944bfca37451ac74d772f
                                                                                                                                                • Instruction Fuzzy Hash: B631E262E09F5984EB19AF55E45027873A0EB08BA4F544630DA7D077C5DF3CE1A1C380
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF8C80 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • memchr.VCRUNTIME140(00000001,00000000,?,00007FFC1FCF45CE), ref: 00007FFC1FCF8CAA
                                                                                                                                                • memmove.VCRUNTIME140(00000001,00000000,?,00007FFC1FCF45CE), ref: 00007FFC1FCF8D4F
                                                                                                                                                  • Part of subcall function 00007FFC1FCFBA30: memmove.VCRUNTIME140 ref: 00007FFC1FCFBA87
                                                                                                                                                • memchr.VCRUNTIME140(00000001,00000000,?,00007FFC1FCF45CE), ref: 00007FFC1FCF8CF5
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memchrmemmove
                                                                                                                                                • String ID: unmatched '}' in format string
                                                                                                                                                • API String ID: 1132781299-1164737745
                                                                                                                                                • Opcode ID: e3a4b6110c697d36bd24bbe5557a8b97f08152c800b349514c7e98e6efbc01b0
                                                                                                                                                • Instruction ID: 518e6d143774d153bff90316411c0c1e41530cad50b2358c13da4a29767e0031
                                                                                                                                                • Opcode Fuzzy Hash: e3a4b6110c697d36bd24bbe5557a8b97f08152c800b349514c7e98e6efbc01b0
                                                                                                                                                • Instruction Fuzzy Hash: 5621B162B08EA981EB29DF12E5542AAA360EF45FE4F094032CF4C07789DF3CD466D350
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD26A20 Relevance: 6.1, APIs: 4, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 16%
                                                                                                                                                			E00007FFC7FFC1FD26A20(void* __ecx, void* __edx, void* __rax, long long __rbx, void* __rcx, long long __rdi, long long __rsi, long long _a8, long long _a16, long long _a24) {
				void* _t40;
				intOrPtr* _t46;
				intOrPtr _t59;
				void* _t62;

				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_t62 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x10)) == 0) goto 0x1fd26b03;
				E00007FFC7FFC1FD26690( *((intOrPtr*)(__rcx + 0x10)), __rax, __rbx, __rcx, __rcx);
				if ( *((intOrPtr*)(_t62 + 0x10)) != 0) goto 0x1fd26a54;
				goto 0x1fd26ad4;
				 *((intOrPtr*)(_t62 + 0x10)) = 0;
				r8d = 0;
				ReleaseSemaphore(??, ??, ??);
				_t46 =  *((intOrPtr*)(_t62 + 0x18));
				_t59 =  *((intOrPtr*)(_t62 + 0x20));
				if (_t46 == _t59) goto 0x1fd26a9f;
				asm("o16 nop [eax+eax]");
				 *((char*)( *_t46 + 0x14)) = 1;
				r8d = 0;
				ReleaseSemaphore(??, ??, ??);
				if (_t46 + 8 != _t59) goto 0x1fd26a80;
				E00007FFC7FFC1FD24250(_t46 + 8,  *((intOrPtr*)(_t62 + 0x18)),  *((intOrPtr*)(_t62 + 0x20)), _t62);
				 *((long long*)(_t62 + 0x20)) =  *((intOrPtr*)(_t62 + 0x18));
				_t40 =  *((intOrPtr*)(_t62 + 0x30)) - 1 - 0xfffffffd;
				if (_t40 > 0) goto 0x1fd26acc;
				CloseHandle(??);
				 *((long long*)(_t62 + 0x30)) = 0;
				asm("lock xadd [esi], eax");
				asm("bt eax, 0x1e");
				if (_t40 < 0) goto 0x1fd26b03;
				if (0x80000000 - 0x80000000 <= 0) goto 0x1fd26b03;
				asm("lock bts dword [esi], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x1fd26b03;
				E00007FFC7FFC1FD0D940(_t62);
				return SetEvent(??);
			}







                                                                                                                                                0x7ffc1fd26a20
                                                                                                                                                0x7ffc1fd26a25
                                                                                                                                                0x7ffc1fd26a2a
                                                                                                                                                0x7ffc1fd26a35
                                                                                                                                                0x7ffc1fd26a3d
                                                                                                                                                0x7ffc1fd26a43
                                                                                                                                                0x7ffc1fd26a4d
                                                                                                                                                0x7ffc1fd26a4f
                                                                                                                                                0x7ffc1fd26a54
                                                                                                                                                0x7ffc1fd26a5b
                                                                                                                                                0x7ffc1fd26a62
                                                                                                                                                0x7ffc1fd26a68
                                                                                                                                                0x7ffc1fd26a6c
                                                                                                                                                0x7ffc1fd26a73
                                                                                                                                                0x7ffc1fd26a75
                                                                                                                                                0x7ffc1fd26a86
                                                                                                                                                0x7ffc1fd26a8a
                                                                                                                                                0x7ffc1fd26a90
                                                                                                                                                0x7ffc1fd26a9d
                                                                                                                                                0x7ffc1fd26aab
                                                                                                                                                0x7ffc1fd26ab4
                                                                                                                                                0x7ffc1fd26ac0
                                                                                                                                                0x7ffc1fd26ac4
                                                                                                                                                0x7ffc1fd26ac6
                                                                                                                                                0x7ffc1fd26acc
                                                                                                                                                0x7ffc1fd26ad9
                                                                                                                                                0x7ffc1fd26add
                                                                                                                                                0x7ffc1fd26ae1
                                                                                                                                                0x7ffc1fd26ae8
                                                                                                                                                0x7ffc1fd26aea
                                                                                                                                                0x7ffc1fd26aef
                                                                                                                                                0x7ffc1fd26af4
                                                                                                                                                0x7ffc1fd26b18

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ReleaseSemaphore$CloseEventHandleObjectSingleWait
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 568734227-0
                                                                                                                                                • Opcode ID: 9236d54c9f8004cdcccdb61e91e6bfd2483121a615e91c4b9fed31d8ba419f9e
                                                                                                                                                • Instruction ID: 3bc346afa6bd335884fe5bf6cfaddb0923e96080b096222ec0430cde2fb58b27
                                                                                                                                                • Opcode Fuzzy Hash: 9236d54c9f8004cdcccdb61e91e6bfd2483121a615e91c4b9fed31d8ba419f9e
                                                                                                                                                • Instruction Fuzzy Hash: 9D213A62A18B5A82EB64AF26E44433E7360FB84BA0F145131DB9E43A95CF3CE451C7E0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF1B70 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 58COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memmovememset
                                                                                                                                                • String ID: 0123456789ABCDEF$0123456789abcdef
                                                                                                                                                • API String ID: 1288253900-885041942
                                                                                                                                                • Opcode ID: d1f8b2386f982583ca2cbe3ee8850b841df68c6482567c3763a4593845f5c0e8
                                                                                                                                                • Instruction ID: 69af40c286b5db84c45249db9c30f3c51817da15c9bd4d0381933bec7a2d7abc
                                                                                                                                                • Opcode Fuzzy Hash: d1f8b2386f982583ca2cbe3ee8850b841df68c6482567c3763a4593845f5c0e8
                                                                                                                                                • Instruction Fuzzy Hash: 0F21BEA2B09F9881EB25CF02E5502A9BB61FB89FD0B189472DF8D07B25DE3CD051C740
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF1AA0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memmovememset
                                                                                                                                                • String ID: 0123456789ABCDEF$0123456789abcdef
                                                                                                                                                • API String ID: 1288253900-885041942
                                                                                                                                                • Opcode ID: efa3a399d0e319a50b9215a354c6358fb0baaa4ba1daa1c79ded5d4ed3dca0e1
                                                                                                                                                • Instruction ID: 31fa0dfc5fa67fa0a252db47948509e14182f97ff1d72eb9667677cce24ffb02
                                                                                                                                                • Opcode Fuzzy Hash: efa3a399d0e319a50b9215a354c6358fb0baaa4ba1daa1c79ded5d4ed3dca0e1
                                                                                                                                                • Instruction Fuzzy Hash: 1F21DEA2B08F9981EB24CF02E9501A9B761FB49FC0B189032DF8D07B25DE3CD022C740
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD29E50 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExceptionLockSharedThrow$AcquireRelease
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1623387717-0
                                                                                                                                                • Opcode ID: 821d38cad4e8f632898ec663a9c87fc73b7f9fa64378656b3521347ee09f09fd
                                                                                                                                                • Instruction ID: 6b7a642a91c2f69d7df9c26788187c0d4fa17ea16cf0659d1029dabceafdb8ef
                                                                                                                                                • Opcode Fuzzy Hash: 821d38cad4e8f632898ec663a9c87fc73b7f9fa64378656b3521347ee09f09fd
                                                                                                                                                • Instruction Fuzzy Hash: FF014B67A05A4886EB1CEF32E55137D2361EB8ABD5F189435DE0A0B755CF38E066C280
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD289D0 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExceptionLockSharedThrow$AcquireRelease
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1623387717-0
                                                                                                                                                • Opcode ID: 57b2854b0f65e5e374a08cde8f6c634fec4e12c1195dc384bbd9ce2569a39ea6
                                                                                                                                                • Instruction ID: c7ee8a53055c368f69fd550d97028bb3a81f24f9335ccd7006eef05f3a38c411
                                                                                                                                                • Opcode Fuzzy Hash: 57b2854b0f65e5e374a08cde8f6c634fec4e12c1195dc384bbd9ce2569a39ea6
                                                                                                                                                • Instruction Fuzzy Hash: DEF0A467A04B0886DB1CEF32E54137D2361EB8ABE9F189431DE5D07649CF38D066C290
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD28920 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExceptionLockSharedThrow$AcquireRelease
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1623387717-0
                                                                                                                                                • Opcode ID: b30508edd93f378d34823121abbe860d8cef95497a92132c4ce0266ae7febd1f
                                                                                                                                                • Instruction ID: 65391d9bc7bf7e2202322a88d7bc29b0cace4063169378e8fca00971972f8431
                                                                                                                                                • Opcode Fuzzy Hash: b30508edd93f378d34823121abbe860d8cef95497a92132c4ce0266ae7febd1f
                                                                                                                                                • Instruction Fuzzy Hash: 9EF0D16BA04B4886DB1CEF31E5003792361FB86BD8F088431DE5D0B655CF38D02AC280
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD28850 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExceptionLockSharedThrow$AcquireRelease
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1623387717-0
                                                                                                                                                • Opcode ID: c832f7f00a28b77cced1eefa34c85cae082805bf7e02fe3fa8d7180f7810be2b
                                                                                                                                                • Instruction ID: 970b7568cb3aa423855a29df33a1aad05981e60ed9434bdc235c2d56b98c8d4b
                                                                                                                                                • Opcode Fuzzy Hash: c832f7f00a28b77cced1eefa34c85cae082805bf7e02fe3fa8d7180f7810be2b
                                                                                                                                                • Instruction Fuzzy Hash: EBF0A46BA14B1C86DB0CEF31E90137D2361EB86BD8F188431DE5D07655CF38E066C290
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD1D940 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • AcquireSRWLockExclusive.KERNEL32(?,?,?,00007FFC1FD1A323,?,?,00000038,?,00000000,00007FFC1FD1A52E,?,?,00000008,00007FFC1FD08792), ref: 00007FFC1FD1D950
                                                                                                                                                • SleepConditionVariableSRW.KERNEL32(?,?,?,00007FFC1FD1A323,?,?,00000038,?,00000000,00007FFC1FD1A52E,?,?,00000008,00007FFC1FD08792), ref: 00007FFC1FD1D987
                                                                                                                                                • ReleaseSRWLockExclusive.KERNEL32(?,?,?,00007FFC1FD1A323,?,?,00000038,?,00000000,00007FFC1FD1A52E,?,?,00000008,00007FFC1FD08792), ref: 00007FFC1FD1D9A2
                                                                                                                                                • ReleaseSRWLockExclusive.KERNEL32(?,?,?,00007FFC1FD1A323,?,?,00000038,?,00000000,00007FFC1FD1A52E,?,?,00000008,00007FFC1FD08792), ref: 00007FFC1FD1D9BA
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExclusiveLock$Release$AcquireConditionSleepVariable
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3114648011-0
                                                                                                                                                • Opcode ID: 1028a7427bf02d8bddc8bc0c960c5e31dbe1d0c13ec5fc794dc8297f47e69b9b
                                                                                                                                                • Instruction ID: 0c8a8f997aa245e0bd9caa8931072434959f33b782d5232aa0e25a8d21ab9fe4
                                                                                                                                                • Opcode Fuzzy Hash: 1028a7427bf02d8bddc8bc0c960c5e31dbe1d0c13ec5fc794dc8297f47e69b9b
                                                                                                                                                • Instruction Fuzzy Hash: F0019262E0CD7E40EB1A7F21D8682B427A15B17B29FC81071C5EC421A9CF5C99A6C7B0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD03370 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 157COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                			E00007FFC7FFC1FD03370(long long __rbx, long long __rcx, intOrPtr* __rdx, long long __rdi, intOrPtr* __r8) {
				void* _t39;
				signed long long _t51;
				long long _t53;
				intOrPtr _t78;
				void* _t83;
				void* _t85;
				void* _t87;
				intOrPtr _t92;

				 *((long long*)(_t87 + 0x10)) = __rbx;
				 *((long long*)(_t87 + 0x18)) = __rdi;
				_t85 = _t87 - 0x57;
				_t51 =  *0x1fd3ec78; // 0x18cf064c5a8d
				 *(_t85 + 0x4f) = _t51 ^ _t87 - 0x000000b0;
				 *((long long*)(_t85 - 9)) = __rcx;
				 *((intOrPtr*)(_t85 - 0x29)) = 0;
				 *((long long*)(__rcx)) = __rdi;
				 *((long long*)(__rcx + 0x10)) = __rdi;
				 *((long long*)(__rcx + 0x18)) = 0xf;
				 *((intOrPtr*)(__rcx)) = dil;
				 *((intOrPtr*)(_t85 - 0x29)) = 1;
				_t53 =  *((intOrPtr*)(__rdx + 0x10));
				if (_t53 == 0) goto 0x1fd034b5;
				_t92 =  *((intOrPtr*)(__rdx + 0x18));
				if (_t92 - 0x10 < 0) goto 0x1fd033d7;
				if ( *((char*)(_t53 +  *((intOrPtr*)(__rdx)) - 1)) != 0x5c) goto 0x1fd034b5;
				if (_t92 - 0x10 < 0) goto 0x1fd033eb;
				 *((long long*)(_t85 + 0x1f)) =  *((intOrPtr*)(__rdx));
				 *((long long*)(_t85 + 0x27)) = _t53;
				if ( *((long long*)(__r8 + 0x18)) - 0x10 < 0) goto 0x1fd03400;
				 *((long long*)(_t85 + 0x2f)) =  *((intOrPtr*)(__r8));
				 *((long long*)(_t85 + 0x37)) =  *((intOrPtr*)(__r8 + 0x10));
				 *((long long*)(_t85 - 0x39)) = 0x1ce;
				 *((long long*)(_t85 - 0x31)) = _t85 + 0x1f;
				asm("movaps xmm0, [ebp-0x39]");
				asm("movdqa [ebp-0x19], xmm0");
				 *((long long*)(_t85 - 0x39)) = 0x1fd2ced8;
				 *((long long*)(_t85 - 0x31)) = 4;
				E00007FFC7FFC1FCF49B0(__rcx, _t85 - 1, __rdi, _t83);
				if (__rcx != _t85 - 1) goto 0x1fd0352a;
				_t78 =  *((intOrPtr*)(_t85 + 0x17));
				if (_t78 - 0x10 < 0) goto 0x1fd03491;
				if (_t78 + 1 - 0x1000 < 0) goto 0x1fd0348c;
				if ( *((intOrPtr*)(_t85 - 1)) -  *((intOrPtr*)( *((intOrPtr*)(_t85 - 1)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x1fd035bd;
				return E00007FFC7FFC1FD15E20(E00007FFC7FFC1FD156E4(), _t39,  *(_t85 + 0x4f) ^ _t87 - 0x000000b0);
			}











                                                                                                                                                0x7ffc1fd03370
                                                                                                                                                0x7ffc1fd03375
                                                                                                                                                0x7ffc1fd0337b
                                                                                                                                                0x7ffc1fd03387
                                                                                                                                                0x7ffc1fd03391
                                                                                                                                                0x7ffc1fd03398
                                                                                                                                                0x7ffc1fd0339e
                                                                                                                                                0x7ffc1fd033a1
                                                                                                                                                0x7ffc1fd033a4
                                                                                                                                                0x7ffc1fd033a8
                                                                                                                                                0x7ffc1fd033b0
                                                                                                                                                0x7ffc1fd033b3
                                                                                                                                                0x7ffc1fd033ba
                                                                                                                                                0x7ffc1fd033c1
                                                                                                                                                0x7ffc1fd033ca
                                                                                                                                                0x7ffc1fd033d2
                                                                                                                                                0x7ffc1fd033dc
                                                                                                                                                0x7ffc1fd033e6
                                                                                                                                                0x7ffc1fd033eb
                                                                                                                                                0x7ffc1fd033ef
                                                                                                                                                0x7ffc1fd033fb
                                                                                                                                                0x7ffc1fd03404
                                                                                                                                                0x7ffc1fd03408
                                                                                                                                                0x7ffc1fd0340c
                                                                                                                                                0x7ffc1fd03418
                                                                                                                                                0x7ffc1fd0341c
                                                                                                                                                0x7ffc1fd03420
                                                                                                                                                0x7ffc1fd0342c
                                                                                                                                                0x7ffc1fd03430
                                                                                                                                                0x7ffc1fd03444
                                                                                                                                                0x7ffc1fd03450
                                                                                                                                                0x7ffc1fd03456
                                                                                                                                                0x7ffc1fd0345e
                                                                                                                                                0x7ffc1fd03471
                                                                                                                                                0x7ffc1fd03486
                                                                                                                                                0x7ffc1fd034b4

                                                                                                                                                APIs
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FD035BD
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                • String ID: {}{}${}{}{}
                                                                                                                                                • API String ID: 3668304517-2846689003
                                                                                                                                                • Opcode ID: a8ec9274806e4d8d1bf64b8385318850fcba8323b38f298eba6ba1b7eba499de
                                                                                                                                                • Instruction ID: ff257f85bbf6bb866b6d7b779a7cd9d186aba158b92947bfd7b18c80461d86de
                                                                                                                                                • Opcode Fuzzy Hash: a8ec9274806e4d8d1bf64b8385318850fcba8323b38f298eba6ba1b7eba499de
                                                                                                                                                • Instruction Fuzzy Hash: C8617972B09F5989FB08DF64E4843AD33A6EB48BA8F404135DA5C57B98DF78D1A4C390
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCFFE60 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 23%
                                                                                                                                                			E00007FFC7FFC1FCFFE60(void* __ebp, long long __rbx, void* __rcx, long long __rsi, void* __rbp, long long _a16, long long _a24) {
				void* _v8;
				signed int _v24;
				intOrPtr _v32;
				char _v56;
				long long _v64;
				long long _v72;
				char _v74;
				short _v76;
				intOrPtr _v80;
				char _v88;
				signed long long _v96;
				signed long long _v104;
				intOrPtr _t36;
				void* _t46;
				signed long long _t62;
				signed long long _t63;
				signed long long _t75;
				void* _t78;
				intOrPtr _t92;
				intOrPtr _t96;
				void* _t104;
				void* _t107;
				void* _t110;

				_t78 = __rcx;
				_a16 = __rbx;
				_a24 = __rsi;
				_t62 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_t63 = _t62 ^ _t104 - 0x00000080;
				_v24 = _t63;
				_t4 = _t78 + 0x60; // 0x60
				E00007FFC7FFC1FD156A8(E00007FFC7FFC1FD03D90(_t46, __rbx,  &_v56, __rsi, __rbp, _t107, _t110), _t63,  &_v56);
				_t75 = _t63;
				_v104 = _t63;
				if (_t63 == 0) goto 0x1fcfff5a;
				asm("xorps xmm0, xmm0");
				asm("movups [eax], xmm0");
				 *((intOrPtr*)(_t63 + 8)) = 1;
				 *((intOrPtr*)(_t63 + 0xc)) = 1;
				 *_t75 = 0x1fd2c988;
				_t9 = _t75 + 0x10; // 0x10
				_v64 = 0xf;
				_v72 = 0xe;
				asm("movsd xmm0, [0x2ca17]");
				asm("movsd [esp+0x30], xmm0");
				_t36 = M00007FFC7FFC1FD2C908; // 0x6f507861
				_v80 = _t36;
				_v76 =  *0x1fd2c90c & 0x0000ffff;
				_v74 = 0;
				E00007FFC7FFC1FCFD640(0x1fd2c988, _t75, _t9,  &_v88, _t63);
				_t92 = _v64;
				if (_t92 - 0x10 < 0) goto 0x1fcfff5c;
				if (_t92 + 1 - 0x1000 < 0) goto 0x1fcfff53;
				if (_v88 -  *((intOrPtr*)(_v88 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcfff53;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				E00007FFC7FFC1FD156E4();
				goto 0x1fcfff5c;
				_t19 = _t75 + 0x10; // 0x10
				_v104 = _t19;
				_v96 = _t75;
				E00007FFC7FFC1FCFC830(_t75, _t4,  &_v104, _t63);
				if (_v96 == 0) goto 0x1fcfffb6;
				asm("lock xadd [ecx+0x8], eax");
				if (0xffffffff != 1) goto 0x1fcfffb6;
				 *((intOrPtr*)( *_v96))();
				asm("lock xadd [ebx+0xc], edi");
				if (0xffffffff != 1) goto 0x1fcfffb6;
				 *((intOrPtr*)( *_v96 + 8))();
				_t96 = _v32;
				if (_t96 - 0x10 < 0) goto 0x1fcffff6;
				if (_t96 + 1 - 0x1000 < 0) goto 0x1fcffff1;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f <= 0) goto 0x1fcffff1;
				__imp___invalid_parameter_noinfo_noreturn();
				asm("int3");
				return E00007FFC7FFC1FD15E20(E00007FFC7FFC1FD156E4(), 0x118, _v24 ^ _t104 - 0x00000080);
			}


























                                                                                                                                                0x7ffc1fcffe60
                                                                                                                                                0x7ffc1fcffe60
                                                                                                                                                0x7ffc1fcffe65
                                                                                                                                                0x7ffc1fcffe72
                                                                                                                                                0x7ffc1fcffe79
                                                                                                                                                0x7ffc1fcffe7c
                                                                                                                                                0x7ffc1fcffe81
                                                                                                                                                0x7ffc1fcffe97
                                                                                                                                                0x7ffc1fcffe9c
                                                                                                                                                0x7ffc1fcffe9f
                                                                                                                                                0x7ffc1fcffea7
                                                                                                                                                0x7ffc1fcffead
                                                                                                                                                0x7ffc1fcffeb0
                                                                                                                                                0x7ffc1fcffeb3
                                                                                                                                                0x7ffc1fcffeba
                                                                                                                                                0x7ffc1fcffec8
                                                                                                                                                0x7ffc1fcffecb
                                                                                                                                                0x7ffc1fcffecf
                                                                                                                                                0x7ffc1fcffed8
                                                                                                                                                0x7ffc1fcffee1
                                                                                                                                                0x7ffc1fcffee9
                                                                                                                                                0x7ffc1fcffeef
                                                                                                                                                0x7ffc1fcffef5
                                                                                                                                                0x7ffc1fcfff00
                                                                                                                                                0x7ffc1fcfff05
                                                                                                                                                0x7ffc1fcfff12
                                                                                                                                                0x7ffc1fcfff18
                                                                                                                                                0x7ffc1fcfff21
                                                                                                                                                0x7ffc1fcfff35
                                                                                                                                                0x7ffc1fcfff4a
                                                                                                                                                0x7ffc1fcfff4c
                                                                                                                                                0x7ffc1fcfff52
                                                                                                                                                0x7ffc1fcfff53
                                                                                                                                                0x7ffc1fcfff58
                                                                                                                                                0x7ffc1fcfff5c
                                                                                                                                                0x7ffc1fcfff60
                                                                                                                                                0x7ffc1fcfff65
                                                                                                                                                0x7ffc1fcfff72
                                                                                                                                                0x7ffc1fcfff80
                                                                                                                                                0x7ffc1fcfff89
                                                                                                                                                0x7ffc1fcfff91
                                                                                                                                                0x7ffc1fcfff9e
                                                                                                                                                0x7ffc1fcfffa0
                                                                                                                                                0x7ffc1fcfffa8
                                                                                                                                                0x7ffc1fcfffb2
                                                                                                                                                0x7ffc1fcfffb6
                                                                                                                                                0x7ffc1fcfffbf
                                                                                                                                                0x7ffc1fcfffd3
                                                                                                                                                0x7ffc1fcfffe8
                                                                                                                                                0x7ffc1fcfffea
                                                                                                                                                0x7ffc1fcffff0
                                                                                                                                                0x7ffc1fd00017

                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00007FFC1FD03D90: GetTempPathW.KERNEL32 ref: 00007FFC1FD03DDA
                                                                                                                                                  • Part of subcall function 00007FFC1FD03D90: GetLastError.KERNEL32 ref: 00007FFC1FD03DE4
                                                                                                                                                  • Part of subcall function 00007FFC1FD03D90: WideCharToMultiByte.KERNEL32 ref: 00007FFC1FD03E63
                                                                                                                                                  • Part of subcall function 00007FFC1FD03D90: WideCharToMultiByte.KERNEL32 ref: 00007FFC1FD03E9C
                                                                                                                                                  • Part of subcall function 00007FFC1FD156A8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFC1FCF8F4E), ref: 00007FFC1FD156C2
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFC1FCFFF4C
                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFC1FCFE1CA), ref: 00007FFC1FCFFFEA
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ByteCharMultiWide_invalid_parameter_noinfo_noreturn$ErrorLastPathTempmalloc
                                                                                                                                                • String ID: axPort
                                                                                                                                                • API String ID: 2109269352-2033187772
                                                                                                                                                • Opcode ID: bf06585e9985f8420429b79c92c471ece2b5f6193859de1342c2103e63c4520f
                                                                                                                                                • Instruction ID: fdd88ad0d62e371619fb24c83d109f93adfc9353bffe30e7b7c1a60a6e3eedbe
                                                                                                                                                • Opcode Fuzzy Hash: bf06585e9985f8420429b79c92c471ece2b5f6193859de1342c2103e63c4520f
                                                                                                                                                • Instruction Fuzzy Hash: A3419032A19F5A82EB14DF24E05036AB3A0FB85BB0F144231EAAD47794DF7CD491C790
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD1FF10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 16%
                                                                                                                                                			E00007FFC7FFC1FD1FF10(void* __edx, long long __rbx, signed char* __rcx, unsigned int __rdx, long long __rsi, long long __rbp, intOrPtr* __r8, void* __r9, long long _a8, long long _a16, long long _a32) {
				void* _v24;
				signed int _v40;
				char _v1572;
				void* _v1574;
				char _v1576;
				unsigned long long _t45;
				signed long long _t49;
				char* _t53;
				unsigned long long _t54;
				unsigned long long _t55;
				unsigned long long _t71;
				void* _t74;
				void* _t82;
				intOrPtr* _t89;

				_a8 = __rbx;
				_a16 = __rbp;
				_a32 = __rsi;
				_t83 = _t82 - 0x630;
				_t49 =  *0x1fd3ec78; // 0x18cf064c5a8d
				_v40 = _t49 ^ _t82 - 0x00000630;
				r15d = 0x20;
				_t74 = (_t71 >> 2 << 4) + "0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures";
				_t45 = __rdx >> 8;
				if (_t45 == 0) goto 0x1fd1ffe7;
				_t53 =  &_v1572;
				r9d = 0x100;
				r8d =  *__rcx & 0x000000ff;
				 *((intOrPtr*)(_t53 - 4)) = r15w;
				_t54 = _t53 + 6;
				r8d = r8d & 0x0000000f;
				 *((short*)(_t54 - 8)) =  *((char*)(( *( *__r8 + 4) >> 4) + _t74));
				 *((short*)(_t54 - 6)) =  *((char*)(__r8 + _t74));
				if (_t45 != 0) goto 0x1fd1ff90;
				__imp__?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@PEB_W_J@Z();
				if (_t45 != 0) goto 0x1fd1ff80;
				if (__rbp == 0) goto 0x1fd20038;
				_t89 =  &_v1576;
				 *_t89 = r15w;
				_t55 = _t54 >> 4;
				 *((short*)(_t89 + 2)) =  *((char*)(_t55 + _t74));
				 *((short*)(_t89 + 4)) =  *((char*)(__r8 + _t74));
				if (_t55 - __rbp < 0) goto 0x1fd1fff3;
				__imp__?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@PEB_W_J@Z();
				return E00007FFC7FFC1FD15E20(1, __rcx[1] & 0xf, _v40 ^ _t83);
			}

















                                                                                                                                                0x7ffc1fd1ff10
                                                                                                                                                0x7ffc1fd1ff15
                                                                                                                                                0x7ffc1fd1ff1a
                                                                                                                                                0x7ffc1fd1ff24
                                                                                                                                                0x7ffc1fd1ff2b
                                                                                                                                                0x7ffc1fd1ff35
                                                                                                                                                0x7ffc1fd1ff55
                                                                                                                                                0x7ffc1fd1ff76
                                                                                                                                                0x7ffc1fd1ff79
                                                                                                                                                0x7ffc1fd1ff7c
                                                                                                                                                0x7ffc1fd1ff80
                                                                                                                                                0x7ffc1fd1ff85
                                                                                                                                                0x7ffc1fd1ff90
                                                                                                                                                0x7ffc1fd1ff97
                                                                                                                                                0x7ffc1fd1ff9c
                                                                                                                                                0x7ffc1fd1ffa3
                                                                                                                                                0x7ffc1fd1ffaf
                                                                                                                                                0x7ffc1fd1ffb8
                                                                                                                                                0x7ffc1fd1ffc0
                                                                                                                                                0x7ffc1fd1ffd6
                                                                                                                                                0x7ffc1fd1ffe5
                                                                                                                                                0x7ffc1fd1ffea
                                                                                                                                                0x7ffc1fd1ffec
                                                                                                                                                0x7ffc1fd1fffc
                                                                                                                                                0x7ffc1fd20000
                                                                                                                                                0x7ffc1fd2000d
                                                                                                                                                0x7ffc1fd20016
                                                                                                                                                0x7ffc1fd20024
                                                                                                                                                0x7ffc1fd20032
                                                                                                                                                0x7ffc1fd20064

                                                                                                                                                APIs
                                                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FFC1FD1FFD6
                                                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FFC1FD20032
                                                                                                                                                Strings
                                                                                                                                                • 0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures, xrefs: 00007FFC1FD1FF5F
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ?write@?$basic_ostream@D@std@@@std@@U?$char_traits@V12@
                                                                                                                                                • String ID: 0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures
                                                                                                                                                • API String ID: 2277189856-1814974510
                                                                                                                                                • Opcode ID: 54ac8064375b512db1d3d99280830a78875120656e202aefa7cde62f1fc9b4f0
                                                                                                                                                • Instruction ID: 56ae5ba8bf9ec4c7ae1a866309c40f1a6f536447405b55bd866a3a53d4fbdeb1
                                                                                                                                                • Opcode Fuzzy Hash: 54ac8064375b512db1d3d99280830a78875120656e202aefa7cde62f1fc9b4f0
                                                                                                                                                • Instruction Fuzzy Hash: 92310623719EE885E724CF21E4401BDB7A0FB88B94F898132DA5D03714DA3CD616C780
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FCF3040 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00007FFC7FFC1FCF3040() {
				void* _t12;
				signed long long _t17;
				long long _t20;
				long long _t24;
				long long _t25;
				void* _t28;

				 *((long long*)(_t28 + 8)) = _t20;
				 *((long long*)(_t28 + 0x18)) = _t25;
				 *((long long*)(_t28 + 0x20)) = _t24;
				_t17 =  *0x1fd3ec78; // 0x18cf064c5a8d
				 *(_t28 - 0x57 + 0x4f) = _t17 ^ _t28 - 0x000000b0;
				if (_t12 - 0x78 > 0) goto 0x1fcf3414;
				goto __rdx;
			}









                                                                                                                                                0x7ffc1fcf3040
                                                                                                                                                0x7ffc1fcf3045
                                                                                                                                                0x7ffc1fcf304a
                                                                                                                                                0x7ffc1fcf305c
                                                                                                                                                0x7ffc1fcf3066
                                                                                                                                                0x7ffc1fcf3074
                                                                                                                                                0x7ffc1fcf3093

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ExceptionThrow__std_exception_copy
                                                                                                                                                • String ID: invalid type specifier
                                                                                                                                                • API String ID: 1552479455-1382033351
                                                                                                                                                • Opcode ID: ac84cc74851025dc2c265588868b80c850f335e65e88b26b742cbd18fb821e79
                                                                                                                                                • Instruction ID: 866aab868dafa2f3aa65e7319cf7ecf7bd6d1fcf97a81caabd317868c865d8d7
                                                                                                                                                • Opcode Fuzzy Hash: ac84cc74851025dc2c265588868b80c850f335e65e88b26b742cbd18fb821e79
                                                                                                                                                • Instruction Fuzzy Hash: 6831B973A08B598AE701DFA0E8A53AF7770E715358F864032CA4C82796EE6CD119C351
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD1FDC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FFC1FD1FE80
                                                                                                                                                • ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FFC1FD1FEDC
                                                                                                                                                Strings
                                                                                                                                                • 0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures, xrefs: 00007FFC1FD1FE03
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ?write@?$basic_ostream@D@std@@@std@@U?$char_traits@V12@
                                                                                                                                                • String ID: 0123456789abcdef0123456789ABCDEFGetEnabledExtendedFeatures
                                                                                                                                                • API String ID: 2277189856-1814974510
                                                                                                                                                • Opcode ID: 2097ed7a7d76b15ccc1cb4a57c3946258bf556a4be57eb37c997f2d1ea435353
                                                                                                                                                • Instruction ID: aae354a0ffdcf8b3e55d80ccef94af3c2a389841951c430b4ec355d0be8d2a14
                                                                                                                                                • Opcode Fuzzy Hash: 2097ed7a7d76b15ccc1cb4a57c3946258bf556a4be57eb37c997f2d1ea435353
                                                                                                                                                • Instruction Fuzzy Hash: D631E933B19AD985D7158F21A4046BDBFA0F799B94F898072DB8D03745CA3CC20AC750
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD16A70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00007FFC1FD175D0: InitializeSRWLock.KERNEL32(?,?,?,?,00000000,00000038,00000000,00007FFC1FD177FE,?,?,?,00007FFC1FD1A349,?,?,00000038,?), ref: 00007FFC1FD1766E
                                                                                                                                                • AcquireSRWLockShared.KERNEL32 ref: 00007FFC1FD16A94
                                                                                                                                                • ReleaseSRWLockShared.KERNEL32 ref: 00007FFC1FD16AB9
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Lock$Shared$AcquireInitializeRelease
                                                                                                                                                • String ID: [uninitialized]
                                                                                                                                                • API String ID: 2537410636-2099769388
                                                                                                                                                • Opcode ID: 610cb5791e845dae0a92a784bd72355eea5b070940a4800fab06cea6fe18cec7
                                                                                                                                                • Instruction ID: 91635a6e2515896add48dea0fb90b288c13c06c7c7a2986a9c73d1b1c1d86dd8
                                                                                                                                                • Opcode Fuzzy Hash: 610cb5791e845dae0a92a784bd72355eea5b070940a4800fab06cea6fe18cec7
                                                                                                                                                • Instruction Fuzzy Hash: 14011E62B18E6981EB08AF16E5400796361EB49FE4B589131DA5D07798CF78E4A1C790
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD0F080 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                			E00007FFC7FFC1FD0F080(void* __eax, long long __rbx, char* __r8, void* __r9, long long _a8) {

				_a8 = __rbx;
				if (__r9 == 0) goto 0x1fd0f0e1;
				if (__r9 != 1) goto 0x1fd0f0ad;
				 *__r8 = 0;
				return __eax;
			}



                                                                                                                                                0x7ffc1fd0f080
                                                                                                                                                0x7ffc1fd0f093
                                                                                                                                                0x7ffc1fd0f099
                                                                                                                                                0x7ffc1fd0f09b
                                                                                                                                                0x7ffc1fd0f0ac

                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: strerror
                                                                                                                                                • String ID: Unknown error
                                                                                                                                                • API String ID: 2194627204-83687255
                                                                                                                                                • Opcode ID: d2ddf348b06a44554820e17cab6a6f6f1fbf18bb60fd05255ee314260feafa17
                                                                                                                                                • Instruction ID: 66fc26c939f33911b5922def66d11580abcf39e94050c5c6d1e5b3a236771829
                                                                                                                                                • Opcode Fuzzy Hash: d2ddf348b06a44554820e17cab6a6f6f1fbf18bb60fd05255ee314260feafa17
                                                                                                                                                • Instruction Fuzzy Hash: 26F0CD22B18A8A81EF489F1AF440BB82350EB88BE4F8C5031DA0D07749CE3CE4A4C394
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 00007FFC1FD26E20 Relevance: 5.1, APIs: 4, Instructions: 140COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                C-Code - Quality: 56%
                                                                                                                                                			E00007FFC7FFC1FD26E20(void* __edx, long long __rax, long long __rbx, long long __rcx, long long __rdx, long long __rdi, long long __rsi, long long __rbp, long long __r8, long long __r9, void* __r11, long long _a8, long long _a16, long long _a24, long long _a32, char _a40) {
				void* _v8;
				long long _v24;
				long long _v32;
				long long _v40;
				intOrPtr _v64;
				long long _v72;
				long long _v80;
				char _v88;
				void* _t53;
				void* _t54;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t61;
				long long _t84;
				long long _t85;
				long long _t86;
				intOrPtr* _t87;
				long long _t93;
				intOrPtr* _t100;
				long long _t108;
				long long _t111;
				long long _t112;
				long long _t115;
				long long _t116;
				long long _t126;

				_t84 = __rax;
				_t63 = __edx;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_a32 = __rdi;
				_t111 = __r9;
				_t115 = __r8;
				_t126 = __rdx;
				_t108 = __rcx;
				E00007FFC7FFC1FD26600(__rax, __rcx);
				if (_t84 == 0) goto 0x1fd26eee;
				if (_a40 == 0) goto 0x1fd26e75;
				if ( *((intOrPtr*)(_t84 + 8)) == 0) goto 0x1fd26e75;
				if ( *((intOrPtr*)(_t84 + 0x10)) == 0) goto 0x1fd26e75;
				 *_t84();
				if (__r8 != 0) goto 0x1fd26ede;
				if (__r9 != 0) goto 0x1fd26ede;
				_v88 = __rcx;
				_t58 =  *0x1fd3ecd0; // 0x27
				if (_t58 == 0xffffffff) goto 0x1fd26e9d;
				TlsGetValue(??);
				_t92 = _t84;
				if (_t84 != 0) goto 0x1fd26ecb;
				E00007FFC7FFC1FD26750(_t58, _t84, _t84,  *((intOrPtr*)(_t84 + 8)),  *((intOrPtr*)(_t84 + 0x10)), __r9);
				_t59 =  *0x1fd3ecd0; // 0x27
				if (_t59 != 0xffffffff) goto 0x1fd26ec2;
				_t9 = _t92 + 0x28; // 0x28
				E00007FFC7FFC1FD263D0(__edx, _t84, _t9,  &_v88, _t108, __r9);
				goto 0x1fd26ffb;
				TlsGetValue(??);
				_t93 = _t84;
				_t11 = _t93 + 0x28; // 0x28
				E00007FFC7FFC1FD263D0(_t63, _t93, _t11,  &_v88, _t108, _t111);
				goto 0x1fd26ffb;
				 *_t93 = _t126;
				 *((long long*)(_t93 + 8)) = _t115;
				 *((long long*)(_t93 + 0x10)) = _t111;
				goto 0x1fd26ffb;
				if (_t115 != 0) goto 0x1fd26efc;
				if (_t111 == 0) goto 0x1fd26ffb;
				_t60 =  *0x1fd3ecd0; // 0x27
				if (_t60 == 0xffffffff) goto 0x1fd26f14;
				TlsGetValue(??);
				if (_t84 != 0) goto 0x1fd26f2f;
				E00007FFC7FFC1FD26750(_t60, _t84, _t84, _t11,  &_v88, _t111);
				_t61 =  *0x1fd3ecd0; // 0x27
				if (_t61 != 0xffffffff) goto 0x1fd26f29;
				_t85 = _t93;
				goto 0x1fd26f2f;
				_t53 = TlsGetValue(??);
				_v40 = _t126;
				_v32 = _t115;
				_v24 = _t111;
				_t18 = _t85 + 0x28; // 0x28
				_t112 = _t18;
				_t116 =  *_t112;
				_t86 = _a8;
				_v72 = _t86;
				_v64 = 0;
				if ( *((intOrPtr*)(_t86 + 0x19)) != 0) goto 0x1fd26f88;
				asm("o16 nop [eax+eax]");
				_v72 = _t86;
				if ( *((intOrPtr*)(_t86 + 0x20)) - _t108 >= 0) goto 0x1fd26f75;
				_v64 = 0;
				_t87 =  *((intOrPtr*)(_t86 + 0x10));
				goto 0x1fd26f83;
				_v64 = 1;
				_t100 = _t87;
				if ( *((intOrPtr*)( *_t87 + 0x19)) == 0) goto 0x1fd26f60;
				if ( *((intOrPtr*)(_t100 + 0x19)) != 0) goto 0x1fd26f93;
				if (_t108 -  *((intOrPtr*)(_t100 + 0x20)) >= 0) goto 0x1fd26ffb;
				if ( *((intOrPtr*)(_t112 + 8)) == 0xffffffff) goto 0x1fd27016;
				_v88 = _t112;
				_v80 = _t93;
				_t54 = E00007FFC7FFC1FD156A8(_t53, 0xffffffff, _t100);
				 *0x40000000000001F = _t108;
				asm("movups xmm0, [esp+0x50]");
				asm("movups [eax+0x28], xmm0");
				asm("movsd xmm1, [esp+0x60]");
				asm("movsd [eax+0x38], xmm1");
				 *0xffffffff = _t116;
				 *0x400000000000007 = _t116;
				 *0x40000000000000F = _t116;
				 *0x400000000000017 = 0;
				asm("movups xmm0, [esp+0x30]");
				asm("movaps [esp+0x20], xmm0");
				return E00007FFC7FFC1FD1C920(_t54, _t93, _t112,  &_v88, _t108, 0xffffffff);
			}





























                                                                                                                                                0x7ffc1fd26e20
                                                                                                                                                0x7ffc1fd26e20
                                                                                                                                                0x7ffc1fd26e20
                                                                                                                                                0x7ffc1fd26e25
                                                                                                                                                0x7ffc1fd26e2a
                                                                                                                                                0x7ffc1fd26e2f
                                                                                                                                                0x7ffc1fd26e3a
                                                                                                                                                0x7ffc1fd26e3d
                                                                                                                                                0x7ffc1fd26e40
                                                                                                                                                0x7ffc1fd26e43
                                                                                                                                                0x7ffc1fd26e46
                                                                                                                                                0x7ffc1fd26e51
                                                                                                                                                0x7ffc1fd26e5f
                                                                                                                                                0x7ffc1fd26e68
                                                                                                                                                0x7ffc1fd26e71
                                                                                                                                                0x7ffc1fd26e73
                                                                                                                                                0x7ffc1fd26e78
                                                                                                                                                0x7ffc1fd26e7d
                                                                                                                                                0x7ffc1fd26e7f
                                                                                                                                                0x7ffc1fd26e84
                                                                                                                                                0x7ffc1fd26e8d
                                                                                                                                                0x7ffc1fd26e8f
                                                                                                                                                0x7ffc1fd26e95
                                                                                                                                                0x7ffc1fd26e9b
                                                                                                                                                0x7ffc1fd26e9d
                                                                                                                                                0x7ffc1fd26ea2
                                                                                                                                                0x7ffc1fd26eab
                                                                                                                                                0x7ffc1fd26eaf
                                                                                                                                                0x7ffc1fd26eb8
                                                                                                                                                0x7ffc1fd26ebd
                                                                                                                                                0x7ffc1fd26ec2
                                                                                                                                                0x7ffc1fd26ec8
                                                                                                                                                0x7ffc1fd26ecb
                                                                                                                                                0x7ffc1fd26ed4
                                                                                                                                                0x7ffc1fd26ed9
                                                                                                                                                0x7ffc1fd26ede
                                                                                                                                                0x7ffc1fd26ee1
                                                                                                                                                0x7ffc1fd26ee5
                                                                                                                                                0x7ffc1fd26ee9
                                                                                                                                                0x7ffc1fd26ef1
                                                                                                                                                0x7ffc1fd26ef6
                                                                                                                                                0x7ffc1fd26efe
                                                                                                                                                0x7ffc1fd26f07
                                                                                                                                                0x7ffc1fd26f09
                                                                                                                                                0x7ffc1fd26f12
                                                                                                                                                0x7ffc1fd26f14
                                                                                                                                                0x7ffc1fd26f19
                                                                                                                                                0x7ffc1fd26f22
                                                                                                                                                0x7ffc1fd26f24
                                                                                                                                                0x7ffc1fd26f27
                                                                                                                                                0x7ffc1fd26f29
                                                                                                                                                0x7ffc1fd26f2f
                                                                                                                                                0x7ffc1fd26f34
                                                                                                                                                0x7ffc1fd26f39
                                                                                                                                                0x7ffc1fd26f3e
                                                                                                                                                0x7ffc1fd26f3e
                                                                                                                                                0x7ffc1fd26f42
                                                                                                                                                0x7ffc1fd26f45
                                                                                                                                                0x7ffc1fd26f49
                                                                                                                                                0x7ffc1fd26f4e
                                                                                                                                                0x7ffc1fd26f58
                                                                                                                                                0x7ffc1fd26f5a
                                                                                                                                                0x7ffc1fd26f60
                                                                                                                                                0x7ffc1fd26f69
                                                                                                                                                0x7ffc1fd26f6b
                                                                                                                                                0x7ffc1fd26f6f
                                                                                                                                                0x7ffc1fd26f73
                                                                                                                                                0x7ffc1fd26f75
                                                                                                                                                0x7ffc1fd26f7d
                                                                                                                                                0x7ffc1fd26f86
                                                                                                                                                0x7ffc1fd26f8b
                                                                                                                                                0x7ffc1fd26f91
                                                                                                                                                0x7ffc1fd26fa1
                                                                                                                                                0x7ffc1fd26fa3
                                                                                                                                                0x7ffc1fd26fa8
                                                                                                                                                0x7ffc1fd26fb2
                                                                                                                                                0x7ffc1fd26fb8
                                                                                                                                                0x7ffc1fd26fbc
                                                                                                                                                0x7ffc1fd26fc1
                                                                                                                                                0x7ffc1fd26fc5
                                                                                                                                                0x7ffc1fd26fcb
                                                                                                                                                0x7ffc1fd26fd0
                                                                                                                                                0x7ffc1fd26fd3
                                                                                                                                                0x7ffc1fd26fd7
                                                                                                                                                0x7ffc1fd26fdb
                                                                                                                                                0x7ffc1fd26fe1
                                                                                                                                                0x7ffc1fd26fe6
                                                                                                                                                0x7ffc1fd27015

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000022.00000002.648179545.00007FFC1FCF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFC1FCF0000, based on PE: true
                                                                                                                                                • Associated: 00000022.00000002.648150693.00007FFC1FCF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648629858.00007FFC1FD2B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648785180.00007FFC1FD3E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648857660.00007FFC1FD3F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648883480.00007FFC1FD41000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                • Associated: 00000022.00000002.648903945.00007FFC1FD43000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_34_2_7ffc1fcf0000_spoolsv.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Value
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                • Opcode ID: 23c6c72d3b7c953c01d7c641e7e55d728cb9cc0f8d7b148c74313b97ad58e8b8
                                                                                                                                                • Instruction ID: b942bf1b746604f4f3fb300ef049dd0907681a8f2902b9a3cf229b25a0cc484e
                                                                                                                                                • Opcode Fuzzy Hash: 23c6c72d3b7c953c01d7c641e7e55d728cb9cc0f8d7b148c74313b97ad58e8b8
                                                                                                                                                • Instruction Fuzzy Hash: B8518DB2A09FAD85EB29AF25E04017977A0FB84BA4F144234EA9D03794DF3DE561C7D0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Execution Graph

                                                                                                                                                Execution Coverage:12.9%
                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                Signature Coverage:0%
                                                                                                                                                Total number of Nodes:3
                                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                                execution_graph 1131 7ffbb00e2149 1133 7ffbb00e2157 SearchPathW 1131->1133 1134 7ffbb00e23ec 1133->1134

                                                                                                                                                Callgraph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                • Opacity -> Relevance
                                                                                                                                                • Disassembly available
                                                                                                                                                callgraph 0 Function_00007FFBB00E20B8 4 Function_00007FFBB00E16B0 0->4 5 Function_00007FFBB00E00B0 0->5 36 Function_00007FFBB00E01F0 0->36 1 Function_00007FFBB00E00B8 2 Function_00007FFBB00E07BA 6 Function_00007FFBB00E0128 2->6 13 Function_00007FFBB00E0120 2->13 21 Function_00007FFBB00E00C8 2->21 29 Function_00007FFBB00E00C0 2->29 53 Function_00007FFBB00E0108 2->53 3 Function_00007FFBB00E2036 39 Function_00007FFBB00E0168 4->39 7 Function_00007FFBB00E00A8 8 Function_00007FFBB00E0A2A 9 Function_00007FFBB00E0724 10 Function_00007FFBB00E06A5 11 Function_00007FFBB00E01A0 12 Function_00007FFBB00E00A0 14 Function_00007FFBB00E1E9C 14->4 14->5 14->36 15 Function_00007FFBB00E0158 16 Function_00007FFBB00E0758 17 Function_00007FFBB00E01D8 18 Function_00007FFBB00E06D6 19 Function_00007FFBB00E0AD6 19->11 20 Function_00007FFBB00E0BD1 20->17 32 Function_00007FFBB00E0178 20->32 44 Function_00007FFBB00E01E0 20->44 22 Function_00007FFBB00E1748 23 Function_00007FFBB00E1247 23->32 24 Function_00007FFBB00E24CA 24->11 25 Function_00007FFBB00E2149 33 Function_00007FFBB00E247A 25->33 26 Function_00007FFBB00E04C4 26->1 26->12 26->29 27 Function_00007FFBB00E0B44 27->11 28 Function_00007FFBB00E1443 28->32 30 Function_00007FFBB00E06BC 31 Function_00007FFBB00E073E 34 Function_00007FFBB00E0B79 35 Function_00007FFBB00E06F0 37 Function_00007FFBB00E0772 38 Function_00007FFBB00E04F1 39->15 40 Function_00007FFBB00E05E9 41 Function_00007FFBB00E0669 42 Function_00007FFBB00E11E5 42->32 43 Function_00007FFBB00E0160 43->39 44->32 45 Function_00007FFBB00E01DF 46 Function_00007FFBB00E1062 46->32 47 Function_00007FFBB00E0B1A 48 Function_00007FFBB00E1815 49 Function_00007FFBB00E078C 50 Function_00007FFBB00E258D 51 Function_00007FFBB00E0A8D 51->11 51->43 52 Function_00007FFBB00E0B88 52->29 54 Function_00007FFBB00E0208 55 Function_00007FFBB00E210A 56 Function_00007FFBB00E070A 57 Function_00007FFBB00E1909 57->4 57->5 57->36 57->54 58 Function_00007FFBB00E0609 59 Function_00007FFBB00E1605 59->43 60 Function_00007FFBB00E1785 61 Function_00007FFBB00E1901 62 Function_00007FFBB00E1F81 62->4 62->5 62->36 63 Function_00007FFBB00E15FD

                                                                                                                                                Executed Functions

                                                                                                                                                Function 00007FFBB00E2149 Relevance: 1.8, APIs: 1, Instructions: 333COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 187 7ffbb00e2149-7ffbb00e2155 188 7ffbb00e2158-7ffbb00e2169 187->188 189 7ffbb00e2157 187->189 190 7ffbb00e216c-7ffbb00e2226 188->190 191 7ffbb00e216b 188->191 189->188 194 7ffbb00e2228-7ffbb00e2230 190->194 195 7ffbb00e2233-7ffbb00e2238 190->195 191->190 194->195 196 7ffbb00e223a-7ffbb00e2242 195->196 197 7ffbb00e2245-7ffbb00e224a 195->197 196->197 198 7ffbb00e2257-7ffbb00e2266 197->198 199 7ffbb00e224c-7ffbb00e2254 197->199 200 7ffbb00e226c-7ffbb00e229d 198->200 201 7ffbb00e230e-7ffbb00e2316 198->201 199->198 208 7ffbb00e22f6 200->208 209 7ffbb00e229f-7ffbb00e22a1 200->209 202 7ffbb00e2318-7ffbb00e2357 201->202 203 7ffbb00e235d-7ffbb00e236c 201->203 202->203 205 7ffbb00e22ea-7ffbb00e22f1 203->205 206 7ffbb00e2372-7ffbb00e237f 203->206 210 7ffbb00e2385-7ffbb00e23ea SearchPathW 205->210 206->210 219 7ffbb00e22fb-7ffbb00e22fc 208->219 211 7ffbb00e22da-7ffbb00e22e8 209->211 212 7ffbb00e22a3-7ffbb00e22b5 209->212 213 7ffbb00e23f2-7ffbb00e2407 210->213 214 7ffbb00e23ec 210->214 218 7ffbb00e22fe-7ffbb00e2308 211->218 216 7ffbb00e22b7 212->216 217 7ffbb00e22b9-7ffbb00e22cc 212->217 222 7ffbb00e2409-7ffbb00e242b 213->222 223 7ffbb00e242c-7ffbb00e245e call 7ffbb00e247a 213->223 214->213 216->217 217->217 220 7ffbb00e22ce-7ffbb00e22d6 217->220 218->201 219->218 220->211 222->223 227 7ffbb00e2465-7ffbb00e2479 223->227 228 7ffbb00e2460 223->228 228->227
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000023.00000002.372475155.00007FFBB00E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB00E0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_35_2_7ffbb00e0000_RegAsm.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: PathSearch
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2203818243-0
                                                                                                                                                • Opcode ID: 424867266883d58118cc3d631da360feb0e9cdd3288f025caebf0c7bb7451bdc
                                                                                                                                                • Instruction ID: 8a405e97ae949c7c3c7c1722c9c9b3f0f0dfd7983219fdef10c6f34eb7931467
                                                                                                                                                • Opcode Fuzzy Hash: 424867266883d58118cc3d631da360feb0e9cdd3288f025caebf0c7bb7451bdc
                                                                                                                                                • Instruction Fuzzy Hash: FEB19F70918A8D8FDBA9DF28D8457F977E1EF69311F00426EE84DC7285CE34A946CB81
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Execution Graph

                                                                                                                                                Execution Coverage:13.3%
                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                Signature Coverage:0%
                                                                                                                                                Total number of Nodes:3
                                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                                execution_graph 1469 7ffbb00f2149 1470 7ffbb00f2157 SearchPathW 1469->1470 1472 7ffbb00f23ec 1470->1472

                                                                                                                                                Callgraph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                • Opacity -> Relevance
                                                                                                                                                • Disassembly available
                                                                                                                                                callgraph 0 Function_00007FFBB00F07BA 9 Function_00007FFBB00F0128 0->9 13 Function_00007FFBB00F0120 0->13 14 Function_00007FFBB00F01A0 0->14 27 Function_00007FFBB00F00C8 0->27 29 Function_00007FFBB00F00C0 0->29 41 Function_00007FFBB00F0160 0->41 49 Function_00007FFBB00F0108 0->49 1 Function_00007FFBB00F01B8 1->1 2 Function_00007FFBB00F00B8 3 Function_00007FFBB00F15B8 3->1 4 Function_00007FFBB00F0735 5 Function_00007FFBB00F06B3 6 Function_00007FFBB00F00B0 7 Function_00007FFBB00F16B0 37 Function_00007FFBB00F0168 7->37 8 Function_00007FFBB00F01A8 8->1 9->1 10 Function_00007FFBB00F00A8 11 Function_00007FFBB00F1620 11->41 12 Function_00007FFBB00F00A0 14->1 15 Function_00007FFBB00F079D 16 Function_00007FFBB00F071B 17 Function_00007FFBB00F069C 18 Function_00007FFBB00F12D9 18->1 19 Function_00007FFBB00F0158 20 Function_00007FFBB00F01D8 20->1 21 Function_00007FFBB00F0BD1 21->1 21->20 40 Function_00007FFBB00F01E0 21->40 22 Function_00007FFBB00F074F 23 Function_00007FFBB00F06CD 24 Function_00007FFBB00F2149 32 Function_00007FFBB00F247A 24->32 25 Function_00007FFBB00F24CA 25->14 26 Function_00007FFBB00F1748 28 Function_00007FFBB00F1443 28->1 30 Function_00007FFBB00F18BC 30->6 30->7 30->11 34 Function_00007FFBB00F01F0 30->34 50 Function_00007FFBB00F0208 30->50 31 Function_00007FFBB00F0B79 33 Function_00007FFBB00F04F1 35 Function_00007FFBB00F0769 36 Function_00007FFBB00F06E7 37->19 38 Function_00007FFBB00F01E5 39 Function_00007FFBB00F1062 39->1 40->1 41->37 42 Function_00007FFBB00F1815 43 Function_00007FFBB00F258D 44 Function_00007FFBB00F048D 44->2 44->10 44->12 44->29 45 Function_00007FFBB00F0609 46 Function_00007FFBB00F210A 46->8 47 Function_00007FFBB00F000A 48 Function_00007FFBB00F0B88 48->8 48->29 51 Function_00007FFBB00F1605 51->41 52 Function_00007FFBB00F1785 53 Function_00007FFBB00F0783 54 Function_00007FFBB00F0701

                                                                                                                                                Executed Functions

                                                                                                                                                Function 00007FFBB00F2149 Relevance: 1.8, APIs: 1, Instructions: 335COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000025.00000002.377598415.00007FFBB00F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB00F0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_37_2_7ffbb00f0000_RegAsm.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: PathSearch
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2203818243-0
                                                                                                                                                • Opcode ID: b8a1cfb68aab47588927649139251dbcad4c76628e11447bbeb4ac261c6bc642
                                                                                                                                                • Instruction ID: f91ed63053ebb25344146ad956db6728c31bdffc80a6d752ca9a9051e471a169
                                                                                                                                                • Opcode Fuzzy Hash: b8a1cfb68aab47588927649139251dbcad4c76628e11447bbeb4ac261c6bc642
                                                                                                                                                • Instruction Fuzzy Hash: 73B19E70518A8D8FDBA9DF28D845BF977D1EF59310F00426EE84EC7295CE34A946CB81
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Execution Graph

                                                                                                                                                Execution Coverage:16.5%
                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                Signature Coverage:0%
                                                                                                                                                Total number of Nodes:4
                                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                                execution_graph 978 7ffbb0102149 980 7ffbb0102157 978->980 979 7ffbb0102385 SearchPathW 981 7ffbb01023ec 979->981 980->979 980->980

                                                                                                                                                Callgraph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                • Opacity -> Relevance
                                                                                                                                                • Disassembly available
                                                                                                                                                callgraph 0 Function_00007FFBB01007BA 8 Function_00007FFBB0100128 0->8 39 Function_00007FFBB0100160 0->39 1 Function_00007FFBB01015B8 30 Function_00007FFBB0100178 1->30 2 Function_00007FFBB01000B8 3 Function_00007FFBB0100737 4 Function_00007FFBB01006B5 5 Function_00007FFBB01000B0 6 Function_00007FFBB01016B0 35 Function_00007FFBB0100168 6->35 7 Function_00007FFBB01000A8 8->30 9 Function_00007FFBB01000A7 10 Function_00007FFBB0101620 10->39 11 Function_00007FFBB010009F 12 Function_00007FFBB010079F 13 Function_00007FFBB010069E 14 Function_00007FFBB010071D 15 Function_00007FFBB01012D9 15->30 16 Function_00007FFBB0100158 17 Function_00007FFBB01001D8 17->30 18 Function_00007FFBB0100153 19 Function_00007FFBB01001D3 20 Function_00007FFBB0100BD1 20->17 20->30 38 Function_00007FFBB01001E0 20->38 21 Function_00007FFBB0100751 22 Function_00007FFBB01006CF 23 Function_00007FFBB01024CA 24 Function_00007FFBB0102149 28 Function_00007FFBB010247A 24->28 25 Function_00007FFBB0101748 26 Function_00007FFBB0101443 26->30 27 Function_00007FFBB01018BC 27->5 27->6 27->10 32 Function_00007FFBB01001F0 27->32 47 Function_00007FFBB0100208 27->47 29 Function_00007FFBB0100B79 31 Function_00007FFBB01004F1 33 Function_00007FFBB010076B 34 Function_00007FFBB01006E9 35->16 36 Function_00007FFBB01001E5 37 Function_00007FFBB0101062 37->30 38->30 39->35 40 Function_00007FFBB0101815 41 Function_00007FFBB0100092 42 Function_00007FFBB010048D 42->2 42->7 43 Function_00007FFBB010258D 44 Function_00007FFBB010210A 45 Function_00007FFBB0100609 46 Function_00007FFBB0100B88 48 Function_00007FFBB0100785 49 Function_00007FFBB0101605 49->39 50 Function_00007FFBB0101785 51 Function_00007FFBB0100703 52 Function_00007FFBB0100082

                                                                                                                                                Executed Functions

                                                                                                                                                Function 00007FFBB0102149 Relevance: 1.8, APIs: 1, Instructions: 334COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000027.00000002.384287095.00007FFBB0100000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB0100000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_39_2_7ffbb0100000_RegAsm.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: PathSearch
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2203818243-0
                                                                                                                                                • Opcode ID: 05505c2e3781a3f6ae7133a5da82fc3db8c22652b9a20d2ae17f8cf147d10dff
                                                                                                                                                • Instruction ID: 763bf4fab2249e500ffce6c2e0b20a4de09af9247bdb503180a466cd50634aeb
                                                                                                                                                • Opcode Fuzzy Hash: 05505c2e3781a3f6ae7133a5da82fc3db8c22652b9a20d2ae17f8cf147d10dff
                                                                                                                                                • Instruction Fuzzy Hash: 9FB19F70518A8D8FEBA9DF28D8467F977D1FF59310F00426AE84EC7291DE34A946CB81
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Execution Graph

                                                                                                                                                Execution Coverage:12.3%
                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                Signature Coverage:0%
                                                                                                                                                Total number of Nodes:3
                                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                                execution_graph 1098 7ffbb0102149 1099 7ffbb0102157 SearchPathW 1098->1099 1101 7ffbb01023ec 1099->1101

                                                                                                                                                Callgraph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                • Opacity -> Relevance
                                                                                                                                                • Disassembly available
                                                                                                                                                callgraph 0 Function_00007FFBB01007BA 5 Function_00007FFBB0100128 0->5 1 Function_00007FFBB01020B8 2 Function_00007FFBB01016B0 1->2 3 Function_00007FFBB01000B0 1->3 35 Function_00007FFBB01001F0 1->35 38 Function_00007FFBB0100168 2->38 4 Function_00007FFBB0100A2A 6 Function_00007FFBB01000A7 7 Function_00007FFBB01006A5 8 Function_00007FFBB0100724 9 Function_00007FFBB01001A0 10 Function_00007FFBB010009F 11 Function_00007FFBB0101E9C 11->2 11->3 11->35 12 Function_00007FFBB0100758 13 Function_00007FFBB01001D8 14 Function_00007FFBB01006D6 15 Function_00007FFBB0100AD6 15->9 16 Function_00007FFBB0100153 17 Function_00007FFBB01017D2 18 Function_00007FFBB0100BD1 18->13 31 Function_00007FFBB0100178 18->31 42 Function_00007FFBB01001E0 18->42 19 Function_00007FFBB01004CC 20 Function_00007FFBB01024CA 20->9 21 Function_00007FFBB0102149 29 Function_00007FFBB010247A 21->29 22 Function_00007FFBB0101748 23 Function_00007FFBB0101247 23->31 24 Function_00007FFBB0100B44 24->9 25 Function_00007FFBB0101443 25->31 26 Function_00007FFBB010073E 27 Function_00007FFBB010203E 28 Function_00007FFBB01006BC 30 Function_00007FFBB0100B79 32 Function_00007FFBB0100772 33 Function_00007FFBB01004F1 34 Function_00007FFBB01006F0 36 Function_00007FFBB01005E9 37 Function_00007FFBB0100669 39 Function_00007FFBB01011E5 39->31 40 Function_00007FFBB0101062 40->31 41 Function_00007FFBB0100160 41->38 42->31 43 Function_00007FFBB01001DF 44 Function_00007FFBB0100B1A 45 Function_00007FFBB0101815 46 Function_00007FFBB0100A92 46->9 46->41 47 Function_00007FFBB0100092 48 Function_00007FFBB0101911 48->2 48->3 48->35 55 Function_00007FFBB0100208 48->55 49 Function_00007FFBB010258D 50 Function_00007FFBB010078C 51 Function_00007FFBB010210A 52 Function_00007FFBB010070A 53 Function_00007FFBB0100609 54 Function_00007FFBB0100B88 56 Function_00007FFBB0101605 56->41 57 Function_00007FFBB0100082 58 Function_00007FFBB0101901 59 Function_00007FFBB0101F81 59->2 59->3 59->35 60 Function_00007FFBB01015FD

                                                                                                                                                Executed Functions

                                                                                                                                                Function 00007FFBB0102149 Relevance: 1.8, APIs: 1, Instructions: 330COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000029.00000002.390832057.00007FFBB0100000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB0100000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_41_2_7ffbb0100000_RegAsm.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: PathSearch
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2203818243-0
                                                                                                                                                • Opcode ID: e57a7efbc5d247ac5f45e6202e399b06b875e563ff05edc3a76e8340f12d9285
                                                                                                                                                • Instruction ID: 3ed237649fc9f591f9dd99288f8a01b79eee1909598e41ade97e25afce3ec4d2
                                                                                                                                                • Opcode Fuzzy Hash: e57a7efbc5d247ac5f45e6202e399b06b875e563ff05edc3a76e8340f12d9285
                                                                                                                                                • Instruction Fuzzy Hash: 0DB19F70518A8D8FDBA9DF28D8467F977E1FB59310F00426AE84EC7291DF34A946CB81
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Callgraph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                • Opacity -> Relevance
                                                                                                                                                • Disassembly available
                                                                                                                                                callgraph 0 Function_00007FFBB00F07BA 9 Function_00007FFBB00F0128 0->9 13 Function_00007FFBB00F0120 0->13 14 Function_00007FFBB00F01A0 0->14 26 Function_00007FFBB00F00C8 0->26 29 Function_00007FFBB00F00C0 0->29 41 Function_00007FFBB00F0160 0->41 48 Function_00007FFBB00F0108 0->48 1 Function_00007FFBB00F01B8 1->1 2 Function_00007FFBB00F00B8 3 Function_00007FFBB00F15B8 3->1 4 Function_00007FFBB00F0735 5 Function_00007FFBB00F06B3 6 Function_00007FFBB00F00B0 7 Function_00007FFBB00F16B0 37 Function_00007FFBB00F0168 7->37 8 Function_00007FFBB00F01A8 8->1 9->1 10 Function_00007FFBB00F00A8 11 Function_00007FFBB00F1620 11->41 12 Function_00007FFBB00F00A0 14->1 15 Function_00007FFBB00F079D 16 Function_00007FFBB00F071B 17 Function_00007FFBB00F069C 18 Function_00007FFBB00F12D9 18->1 19 Function_00007FFBB00F0158 20 Function_00007FFBB00F01D8 20->1 21 Function_00007FFBB00F0BD1 21->1 21->20 40 Function_00007FFBB00F01E0 21->40 22 Function_00007FFBB00F074F 23 Function_00007FFBB00F06CD 24 Function_00007FFBB00F2149 32 Function_00007FFBB00F247A 24->32 25 Function_00007FFBB00F24CA 25->14 27 Function_00007FFBB00F1748 28 Function_00007FFBB00F1443 28->1 30 Function_00007FFBB00F18BC 30->6 30->7 30->11 34 Function_00007FFBB00F01F0 30->34 49 Function_00007FFBB00F0208 30->49 31 Function_00007FFBB00F0B79 33 Function_00007FFBB00F04F1 35 Function_00007FFBB00F0769 36 Function_00007FFBB00F06E7 37->19 38 Function_00007FFBB00F01E5 39 Function_00007FFBB00F1062 39->1 40->1 41->37 42 Function_00007FFBB00F1815 43 Function_00007FFBB00F258D 44 Function_00007FFBB00F048D 44->2 44->10 44->12 44->29 45 Function_00007FFBB00F0609 46 Function_00007FFBB00F210A 46->8 47 Function_00007FFBB00F0B88 47->8 47->29 50 Function_00007FFBB00F1605 50->41 51 Function_00007FFBB00F1785 52 Function_00007FFBB00F0783 53 Function_00007FFBB00F0701

                                                                                                                                                Executed Functions

                                                                                                                                                Function 00007FFBB00F2149 Relevance: 1.8, APIs: 1, Instructions: 333COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 269 7ffbb00f2149-7ffbb00f2155 270 7ffbb00f2157 269->270 271 7ffbb00f2158-7ffbb00f2169 269->271 270->271 272 7ffbb00f216b 271->272 273 7ffbb00f216c-7ffbb00f2226 271->273 272->273 277 7ffbb00f2228-7ffbb00f2230 273->277 278 7ffbb00f2233-7ffbb00f2238 273->278 277->278 279 7ffbb00f223a-7ffbb00f2242 278->279 280 7ffbb00f2245-7ffbb00f224a 278->280 279->280 281 7ffbb00f2257-7ffbb00f2266 280->281 282 7ffbb00f224c-7ffbb00f2254 280->282 283 7ffbb00f230e-7ffbb00f2316 281->283 284 7ffbb00f226c-7ffbb00f229d 281->284 282->281 285 7ffbb00f2318-7ffbb00f2357 283->285 286 7ffbb00f235d-7ffbb00f236c 283->286 291 7ffbb00f22f6 284->291 292 7ffbb00f229f-7ffbb00f22a1 284->292 285->286 288 7ffbb00f22ea-7ffbb00f22f1 286->288 289 7ffbb00f2372-7ffbb00f237f 286->289 293 7ffbb00f2385-7ffbb00f23ea SearchPathW 288->293 289->293 302 7ffbb00f22fb-7ffbb00f22fc 291->302 294 7ffbb00f22da-7ffbb00f22e8 292->294 295 7ffbb00f22a3-7ffbb00f22b5 292->295 296 7ffbb00f23f2-7ffbb00f2407 293->296 297 7ffbb00f23ec 293->297 301 7ffbb00f22fe-7ffbb00f2308 294->301 299 7ffbb00f22b9-7ffbb00f22cc 295->299 300 7ffbb00f22b7 295->300 305 7ffbb00f2409-7ffbb00f242b 296->305 306 7ffbb00f242c-7ffbb00f245e call 7ffbb00f247a 296->306 297->296 299->299 303 7ffbb00f22ce-7ffbb00f22d6 299->303 300->299 301->283 302->301 303->294 305->306 310 7ffbb00f2465-7ffbb00f2479 306->310 311 7ffbb00f2460 306->311 311->310
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000002B.00000002.399069398.00007FFBB00F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB00F0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_43_2_7ffbb00f0000_RegAsm.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: PathSearch
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2203818243-0
                                                                                                                                                • Opcode ID: 3a2f1167b3b5cd85a7a6bb6f94fb24e5b0e7787cb322c84c5352a2f3fef0306c
                                                                                                                                                • Instruction ID: 763b3447af8c4c21c78b230d800c27a1e307b8919a00bc639938d20534d39fc0
                                                                                                                                                • Opcode Fuzzy Hash: 3a2f1167b3b5cd85a7a6bb6f94fb24e5b0e7787cb322c84c5352a2f3fef0306c
                                                                                                                                                • Instruction Fuzzy Hash: DFB19E70518A8D8FDBA9DF28D845BF977E1EF59310F04426AE84DC7285CF34A946CB81
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Callgraph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                • Opacity -> Relevance
                                                                                                                                                • Disassembly available
                                                                                                                                                callgraph 0 Function_00007FFBB00E00B8 1 Function_00007FFBB00E20B8 3 Function_00007FFBB00E16B0 1->3 4 Function_00007FFBB00E00B0 1->4 36 Function_00007FFBB00E01F0 1->36 2 Function_00007FFBB00E07BA 5 Function_00007FFBB00E0128 2->5 12 Function_00007FFBB00E0120 2->12 21 Function_00007FFBB00E00C8 2->21 28 Function_00007FFBB00E00C0 2->28 54 Function_00007FFBB00E0108 2->54 39 Function_00007FFBB00E0168 3->39 6 Function_00007FFBB00E00A8 7 Function_00007FFBB00E0A2A 8 Function_00007FFBB00E0724 9 Function_00007FFBB00E06A5 10 Function_00007FFBB00E01A0 11 Function_00007FFBB00E00A0 13 Function_00007FFBB00E1E9C 13->3 13->4 13->36 14 Function_00007FFBB00E0158 15 Function_00007FFBB00E0758 16 Function_00007FFBB00E01D8 17 Function_00007FFBB00E06D6 18 Function_00007FFBB00E0AD6 18->10 19 Function_00007FFBB00E0BD1 19->16 32 Function_00007FFBB00E0178 19->32 44 Function_00007FFBB00E01E0 19->44 20 Function_00007FFBB00E04CC 20->0 20->11 20->28 22 Function_00007FFBB00E1748 23 Function_00007FFBB00E1247 23->32 24 Function_00007FFBB00E24CA 24->10 25 Function_00007FFBB00E2149 33 Function_00007FFBB00E247A 25->33 26 Function_00007FFBB00E0B44 26->10 27 Function_00007FFBB00E1443 27->32 29 Function_00007FFBB00E06BC 30 Function_00007FFBB00E073E 31 Function_00007FFBB00E203E 34 Function_00007FFBB00E0B79 35 Function_00007FFBB00E06F0 37 Function_00007FFBB00E0772 38 Function_00007FFBB00E04F1 39->14 40 Function_00007FFBB00E05E9 41 Function_00007FFBB00E0669 42 Function_00007FFBB00E11E5 42->32 43 Function_00007FFBB00E0160 43->39 44->32 45 Function_00007FFBB00E01DF 46 Function_00007FFBB00E1062 46->32 47 Function_00007FFBB00E0B1A 48 Function_00007FFBB00E1815 49 Function_00007FFBB00E0A92 49->10 49->43 50 Function_00007FFBB00E1911 50->3 50->4 50->36 55 Function_00007FFBB00E0208 50->55 51 Function_00007FFBB00E078C 52 Function_00007FFBB00E258D 53 Function_00007FFBB00E0B88 53->28 56 Function_00007FFBB00E210A 57 Function_00007FFBB00E070A 58 Function_00007FFBB00E0609 59 Function_00007FFBB00E1605 59->43 60 Function_00007FFBB00E1785 61 Function_00007FFBB00E1901 62 Function_00007FFBB00E1F81 62->3 62->4 62->36 63 Function_00007FFBB00E15FD

                                                                                                                                                Executed Functions

                                                                                                                                                Function 00007FFBB00E2149 Relevance: 1.8, APIs: 1, Instructions: 333COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 0000002D.00000002.410189950.00007FFBB00E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB00E0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_45_2_7ffbb00e0000_RegAsm.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: PathSearch
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2203818243-0
                                                                                                                                                • Opcode ID: 16a794e54041c37fe5e80f58e304fdff928cf4777a06243919114229f022c288
                                                                                                                                                • Instruction ID: de4c6a94012d8ee6f01f05cda4d0d5d1399f1d6ab26ce82eadb039c066832e74
                                                                                                                                                • Opcode Fuzzy Hash: 16a794e54041c37fe5e80f58e304fdff928cf4777a06243919114229f022c288
                                                                                                                                                • Instruction Fuzzy Hash: ADB19F70918A8D8FDBA9DF28D8457F977E1EF69310F00426EE84DC7285CE34A946CB81
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Callgraph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                • Opacity -> Relevance
                                                                                                                                                • Disassembly available
                                                                                                                                                callgraph 0 Function_00007FFBB01118BC 16 Function_00007FFBB0111620 0->16 23 Function_00007FFBB01116B0 0->23 24 Function_00007FFBB01100B0 0->24 38 Function_00007FFBB0110208 0->38 53 Function_00007FFBB01101F0 0->53 1 Function_00007FFBB01100C0 2 Function_00007FFBB0111443 29 Function_00007FFBB01101B8 2->29 3 Function_00007FFBB0111748 11 Function_00007FFBB0110158 3->11 4 Function_00007FFBB01100C8 5 Function_00007FFBB0112149 57 Function_00007FFBB011247A 5->57 6 Function_00007FFBB01124CA 19 Function_00007FFBB01101A0 6->19 7 Function_00007FFBB01106CD 8 Function_00007FFBB011074F 9 Function_00007FFBB0110BD1 9->29 46 Function_00007FFBB01101E0 9->46 10 Function_00007FFBB01104D1 10->1 17 Function_00007FFBB01100A0 10->17 12 Function_00007FFBB01112D9 12->29 13 Function_00007FFBB011071B 14 Function_00007FFBB011069C 15 Function_00007FFBB011079D 45 Function_00007FFBB0110160 16->45 18 Function_00007FFBB0110120 20 Function_00007FFBB01100A8 21 Function_00007FFBB0110128 21->29 22 Function_00007FFBB01101A8 23->11 51 Function_00007FFBB0110168 23->51 25 Function_00007FFBB01106B3 26 Function_00007FFBB01107B3 27 Function_00007FFBB0110735 28 Function_00007FFBB0110138 30 Function_00007FFBB01115B8 30->29 31 Function_00007FFBB01107BA 31->1 31->4 31->18 31->19 31->21 36 Function_00007FFBB0110108 31->36 31->45 32 Function_00007FFBB0110701 33 Function_00007FFBB0110783 34 Function_00007FFBB0111605 35 Function_00007FFBB0111785 37 Function_00007FFBB0110B88 37->1 37->22 39 Function_00007FFBB0110609 40 Function_00007FFBB011210A 40->22 41 Function_00007FFBB011258D 42 Function_00007FFBB011048D 42->20 43 Function_00007FFBB0111815 44 Function_00007FFBB011015D 45->11 45->51 46->29 47 Function_00007FFBB0110662 48 Function_00007FFBB0111062 48->29 49 Function_00007FFBB01101E5 50 Function_00007FFBB01106E7 51->11 52 Function_00007FFBB0110769 54 Function_00007FFBB01104F1 55 Function_00007FFBB01100F8 56 Function_00007FFBB0110B79

                                                                                                                                                Executed Functions

                                                                                                                                                Function 00007FFBB0112149 Relevance: 1.8, APIs: 1, Instructions: 332COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 271 7ffbb0112149-7ffbb0112155 272 7ffbb0112157 271->272 273 7ffbb0112158-7ffbb0112169 271->273 272->273 274 7ffbb011216b 273->274 275 7ffbb011216c-7ffbb0112226 273->275 274->275 278 7ffbb0112233-7ffbb0112238 275->278 279 7ffbb0112228-7ffbb0112230 275->279 280 7ffbb0112245-7ffbb011224a 278->280 281 7ffbb011223a-7ffbb0112242 278->281 279->278 282 7ffbb011224c-7ffbb0112254 280->282 283 7ffbb0112257-7ffbb0112266 280->283 281->280 282->283 284 7ffbb011226c-7ffbb011229d 283->284 285 7ffbb011230e-7ffbb0112316 283->285 292 7ffbb011229f-7ffbb01122a1 284->292 293 7ffbb01122f6 284->293 286 7ffbb011235d-7ffbb011236c 285->286 287 7ffbb0112318-7ffbb0112357 285->287 289 7ffbb0112372-7ffbb011237f 286->289 290 7ffbb01122ea-7ffbb01122f1 286->290 287->286 294 7ffbb0112385-7ffbb01123ea SearchPathW 289->294 290->294 295 7ffbb01122a3-7ffbb01122b5 292->295 296 7ffbb01122da-7ffbb01122e8 292->296 303 7ffbb01122fb-7ffbb01122fc 293->303 297 7ffbb01123ec 294->297 298 7ffbb01123f2-7ffbb0112407 294->298 300 7ffbb01122b7 295->300 301 7ffbb01122b9-7ffbb01122cc 295->301 302 7ffbb01122fe-7ffbb0112308 296->302 297->298 306 7ffbb011242c-7ffbb011245e call 7ffbb011247a 298->306 307 7ffbb0112409-7ffbb011242b 298->307 300->301 301->301 304 7ffbb01122ce-7ffbb01122d6 301->304 302->285 303->302 304->296 311 7ffbb0112460 306->311 312 7ffbb0112465-7ffbb0112479 306->312 307->306 311->312
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000031.00000002.417448615.00007FFBB0110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB0110000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_49_2_7ffbb0110000_RegAsm.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: PathSearch
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2203818243-0
                                                                                                                                                • Opcode ID: c5ba20b4866c9c4c6a7f15698ba5aa35ca8deea576e4bdeb13afd7904642698e
                                                                                                                                                • Instruction ID: eea04a287c6d4d3594469f8e8680b258ff5aa31a25ecf19899d25e5459369ab4
                                                                                                                                                • Opcode Fuzzy Hash: c5ba20b4866c9c4c6a7f15698ba5aa35ca8deea576e4bdeb13afd7904642698e
                                                                                                                                                • Instruction Fuzzy Hash: C0B19D70518A8D8FDBA9DF28D845BF977E1FF59310F00426AE84EC7281CE34A946CB81
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Callgraph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                • Opacity -> Relevance
                                                                                                                                                • Disassembly available
                                                                                                                                                callgraph 0 Function_00007FFBB00E00B8 1 Function_00007FFBB00E01B8 2 Function_00007FFBB00E15B8 2->1 3 Function_00007FFBB00E0737 4 Function_00007FFBB00E07BA 9 Function_00007FFBB00E0128 4->9 13 Function_00007FFBB00E0120 4->13 14 Function_00007FFBB00E01A0 4->14 24 Function_00007FFBB00E00C8 4->24 29 Function_00007FFBB00E00C0 4->29 39 Function_00007FFBB00E0160 4->39 45 Function_00007FFBB00E0108 4->45 5 Function_00007FFBB00E06B5 6 Function_00007FFBB00E00B0 7 Function_00007FFBB00E16B0 36 Function_00007FFBB00E0168 7->36 8 Function_00007FFBB00E00A8 9->1 10 Function_00007FFBB00E01A8 11 Function_00007FFBB00E1620 11->39 12 Function_00007FFBB00E00A0 15 Function_00007FFBB00E079F 16 Function_00007FFBB00E069E 17 Function_00007FFBB00E071D 18 Function_00007FFBB00E0158 19 Function_00007FFBB00E01D8 20 Function_00007FFBB00E12D9 20->1 21 Function_00007FFBB00E06CF 22 Function_00007FFBB00E0BD1 22->1 22->19 38 Function_00007FFBB00E01E0 22->38 23 Function_00007FFBB00E0751 25 Function_00007FFBB00E1748 26 Function_00007FFBB00E24CA 26->14 27 Function_00007FFBB00E2149 31 Function_00007FFBB00E247A 27->31 28 Function_00007FFBB00E1443 28->1 30 Function_00007FFBB00E18BC 30->6 30->7 30->11 33 Function_00007FFBB00E01F0 30->33 46 Function_00007FFBB00E0208 30->46 32 Function_00007FFBB00E0B79 34 Function_00007FFBB00E04F1 35 Function_00007FFBB00E076B 36->18 37 Function_00007FFBB00E06E9 39->36 40 Function_00007FFBB00E1062 40->1 41 Function_00007FFBB00E1815 42 Function_00007FFBB00E048D 42->0 42->8 42->12 42->29 43 Function_00007FFBB00E258D 44 Function_00007FFBB00E0B88 44->10 44->29 47 Function_00007FFBB00E210A 47->10 48 Function_00007FFBB00E0609 49 Function_00007FFBB00E0703 50 Function_00007FFBB00E0785 51 Function_00007FFBB00E1605 51->39 52 Function_00007FFBB00E1785

                                                                                                                                                Executed Functions

                                                                                                                                                Function 00007FFBB00E2149 Relevance: 1.8, APIs: 1, Instructions: 333COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000033.00000002.424920543.00007FFBB00E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB00E0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_51_2_7ffbb00e0000_RegAsm.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: PathSearch
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2203818243-0
                                                                                                                                                • Opcode ID: 991e9ddb3489436558525c364ad868479fbbfd27aed2464168e89ff345b77140
                                                                                                                                                • Instruction ID: baaebcbbb263b5a2729ace4fb2d481102eedf58ec2df0fc2155678c126bc4d33
                                                                                                                                                • Opcode Fuzzy Hash: 991e9ddb3489436558525c364ad868479fbbfd27aed2464168e89ff345b77140
                                                                                                                                                • Instruction Fuzzy Hash: 6EB19F70918A8D8FDBA9DF28D8457F977D1EF69310F00426EE84EC7295CE34A946CB81
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%